mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 1008 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
71333 Commits
414 Branches
Tree: d14b351208
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd14b351208'
${ noResults }
nextcloud/core/src/session-heartbeat.js

session-heartbeat.js 4.8KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185 
  1. /**

  2.  * @copyright 2019 Christoph Wurst <christoph@winzerhof-wurst.at>

  3.  *

  4.  * @author Christoph Wurst <christoph@winzerhof-wurst.at>

  5.  * @author John Molakvoæ <skjnldsv@protonmail.com>

  6.  * @author Julius Härtl <jus@bitgrid.net>

  7.  * @author Roeland Jago Douma <roeland@famdouma.nl>

  8.  *

  9.  * @license AGPL-3.0-or-later

  10.  *

  11.  * This program is free software: you can redistribute it and/or modify

  12.  * it under the terms of the GNU Affero General Public License as

  13.  * published by the Free Software Foundation, either version 3 of the

  14.  * License, or (at your option) any later version.

  15.  *

  16.  * This program is distributed in the hope that it will be useful,

  17.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  18.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  19.  * GNU Affero General Public License for more details.

  20.  *

  21.  * You should have received a copy of the GNU Affero General Public License

  22.  * along with this program. If not, see <http://www.gnu.org/licenses/>.

  23.  *

  24.  */

  25. 

  26. import $ from 'jquery'

  27. import { emit } from '@nextcloud/event-bus'

  28. import { loadState } from '@nextcloud/initial-state'

  29. import { getCurrentUser } from '@nextcloud/auth'

  30. import { generateUrl } from '@nextcloud/router'

  31. 

  32. import OC from './OC/index.js'

  33. import { setToken as setRequestToken, getToken as getRequestToken } from './OC/requesttoken.js'

  34. 

  35. let config = null

  36. /**

  37.  * The legacy jsunit tests overwrite OC.config before calling initCore

  38.  * therefore we need to wait with assigning the config fallback until initCore calls initSessionHeartBeat

  39.  */

  40. const loadConfig = () => {

  41. 	try {

  42. 		config = loadState('core', 'config')

  43. 	} catch (e) {

  44. 		// This fallback is just for our legacy jsunit tests since we have no way to mock loadState calls

  45. 		config = OC.config

  46. 	}

  47. }

  48. 

  49. /**

  50.  * session heartbeat (defaults to enabled)

  51.  *

  52.  * @return {boolean}

  53.  */

  54. const keepSessionAlive = () => {

  55. 	return config.session_keepalive === undefined

  56. 		|| !!config.session_keepalive

  57. }

  58. 

  59. /**

  60.  * get interval in seconds

  61.  *

  62.  * @return {number}

  63.  */

  64. const getInterval = () => {

  65. 	let interval = NaN

  66. 	if (config.session_lifetime) {

  67. 		interval = Math.floor(config.session_lifetime / 2)

  68. 	}

  69. 

  70. 	// minimum one minute, max 24 hours, default 15 minutes

  71. 	return Math.min(

  72. 		24 * 3600,

  73. 		Math.max(

  74. 			60,

  75. 			isNaN(interval) ? 900 : interval

  76. 		)

  77. 	)

  78. }

  79. 

  80. const getToken = async () => {

  81. 	const url = generateUrl('/csrftoken')

  82. 

  83. 	// Not using Axios here as Axios is not stubbable with the sinon fake server

  84. 	// see https://stackoverflow.com/questions/41516044/sinon-mocha-test-with-async-ajax-calls-didnt-return-promises

  85. 	// see js/tests/specs/coreSpec.js for the tests

  86. 	const resp = await $.get(url)

  87. 

  88. 	return resp.token

  89. }

  90. 

  91. const poll = async () => {

  92. 	try {

  93. 		const token = await getToken()

  94. 		setRequestToken(token)

  95. 	} catch (e) {

  96. 		console.error('session heartbeat failed', e)

  97. 	}

  98. }

  99. 

  100. const startPolling = () => {

  101. 	const interval = setInterval(poll, getInterval() * 1000)

  102. 

  103. 	console.info('session heartbeat polling started')

  104. 

  105. 	return interval

  106. }

  107. 

  108. const registerAutoLogout = () => {

  109. 	if (!config.auto_logout || !getCurrentUser()) {

  110. 		return

  111. 	}

  112. 

  113. 	let lastActive = Date.now()

  114. 	window.addEventListener('mousemove', e => {

  115. 		lastActive = Date.now()

  116. 		localStorage.setItem('lastActive', lastActive)

  117. 	})

  118. 

  119. 	window.addEventListener('touchstart', e => {

  120. 		lastActive = Date.now()

  121. 		localStorage.setItem('lastActive', lastActive)

  122. 	})

  123. 

  124. 	window.addEventListener('storage', e => {

  125. 		if (e.key !== 'lastActive') {

  126. 			return

  127. 		}

  128. 		lastActive = e.newValue

  129. 	})

  130. 

  131. 	setInterval(function() {

  132. 		const timeout = Date.now() - config.session_lifetime * 1000

  133. 		if (lastActive < timeout) {

  134. 			console.info('Inactivity timout reached, logging out')

  135. 			const logoutUrl = generateUrl('/logout') + '?requesttoken=' + encodeURIComponent(getRequestToken())

  136. 			window.location = logoutUrl

  137. 		}

  138. 	}, 1000)

  139. }

  140. 

  141. /**

  142.  * Calls the server periodically to ensure that session and CSRF

  143.  * token doesn't expire

  144.  */

  145. export const initSessionHeartBeat = () => {

  146. 	loadConfig()

  147. 

  148. 	registerAutoLogout()

  149. 

  150. 	if (!keepSessionAlive()) {

  151. 		console.info('session heartbeat disabled')

  152. 		return

  153. 	}

  154. 	let interval = startPolling()

  155. 

  156. 	window.addEventListener('online', async () => {

  157. 		console.info('browser is online again, resuming heartbeat')

  158. 		interval = startPolling()

  159. 		try {

  160. 			await poll()

  161. 			console.info('session token successfully updated after resuming network')

  162. 

  163. 			// Let apps know we're online and requests will have the new token

  164. 			emit('networkOnline', {

  165. 				success: true,

  166. 			})

  167. 		} catch (e) {

  168. 			console.error('could not update session token after resuming network', e)

  169. 

  170. 			// Let apps know we're online but requests might have an outdated token

  171. 			emit('networkOnline', {

  172. 				success: false,

  173. 			})

  174. 		}

  175. 	})

  176. 	window.addEventListener('offline', () => {

  177. 		console.info('browser is offline, stopping heartbeat')

  178. 

  179. 		// Let apps know we're offline

  180. 		emit('networkOffline', {})

  181. 

  182. 		clearInterval(interval)

  183. 		console.info('session heartbeat polling stopped')

  184. 	})

  185. }