github/plane
0
0
Fork 1
mirror of https://github.com/makeplane/plane synced 2024-06-14 14:31:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

[WEB - 1333]fix: session age for admin and user (#4477)

Browse Source 
* dev: fix session token save on admin and remove session save every request

* dev: update session cookie age to environment variable

* fix: adding save every request django session

* dev:  nginx configuration

---------

Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
This commit is contained in:
Nikhil 2024-05-16 16:17:05 +05:30 committed by GitHub
parent e9d80efbc9
commit 37cc8d7b77
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 68 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apiserver/plane/authentication/utils/login.py
View File

@ -1,5 +1,6 @@
# Django imports # Django imports
from django.contrib.auth import login from django.contrib.auth import login
from django.conf import settings
# Module imports # Module imports
from plane.authentication.utils.host import base_host from plane.authentication.utils.host import base_host
@ -7,6 +8,11 @@ from plane.authentication.utils.host import base_host
def user_login(request, user, is_app=False, is_admin=False, is_space=False): def user_login(request, user, is_app=False, is_admin=False, is_space=False):
login(request=request, user=user) login(request=request, user=user)
# If is admin cookie set the custom age
if is_admin:
request.session.set_expiry(settings.ADMIN_SESSION_COOKIE_AGE)
device_info = { device_info = {
"user_agent": request.META.get("HTTP_USER_AGENT", ""), "user_agent": request.META.get("HTTP_USER_AGENT", ""),
"ip_address": request.META.get("REMOTE_ADDR", ""), "ip_address": request.META.get("REMOTE_ADDR", ""),

4
apiserver/plane/settings/common.py
View File

@ -328,14 +328,14 @@ DATA_UPLOAD_MAX_MEMORY_SIZE = int(os.environ.get("FILE_SIZE_LIMIT", 5242880))
SESSION_COOKIE_SECURE = secure_origins SESSION_COOKIE_SECURE = secure_origins
SESSION_COOKIE_HTTPONLY = True SESSION_COOKIE_HTTPONLY = True
SESSION_ENGINE = "plane.db.models.session" SESSION_ENGINE = "plane.db.models.session"
SESSION_COOKIE_AGE = 604800 SESSION_COOKIE_AGE = os.environ.get("SESSION_COOKIE_AGE", 604800)
SESSION_COOKIE_NAME = "plane-session-id" SESSION_COOKIE_NAME = "plane-session-id"
SESSION_COOKIE_DOMAIN = os.environ.get("COOKIE_DOMAIN", None) SESSION_COOKIE_DOMAIN = os.environ.get("COOKIE_DOMAIN", None)
SESSION_SAVE_EVERY_REQUEST = True SESSION_SAVE_EVERY_REQUEST = True
# Admin Cookie # Admin Cookie
ADMIN_SESSION_COOKIE_NAME = "plane-admin-session-id" ADMIN_SESSION_COOKIE_NAME = "plane-admin-session-id"
ADMIN_SESSION_COOKIE_AGE = 3600 ADMIN_SESSION_COOKIE_AGE = os.environ.get("ADMIN_SESSION_COOKIE_AGE", 3600)
# CSRF cookies # CSRF cookies
CSRF_COOKIE_SECURE = secure_origins CSRF_COOKIE_SECURE = secure_origins

31
nginx/nginx.conf.dev
View File

@ -18,37 +18,54 @@ http {
add_header X-Forwarded-Proto "${dollar}scheme"; add_header X-Forwarded-Proto "${dollar}scheme";
add_header X-Forwarded-Host "${dollar}host"; add_header X-Forwarded-Host "${dollar}host";
add_header X-Forwarded-For "${dollar}proxy_add_x_forwarded_for"; add_header X-Forwarded-For "${dollar}proxy_add_x_forwarded_for";
add_header Host "${dollar}http_host"; add_header X-Real-IP "${dollar}remote_addr";
location / { location / {
proxy_pass http://web:3000/;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade ${dollar}http_upgrade; proxy_set_header Upgrade ${dollar}http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
proxy_set_header Host ${dollar}http_host;
proxy_pass http://web:3000/;
} }
location /god-mode/ { location /god-mode/ {
proxy_http_version 1.1;
proxy_set_header Upgrade ${dollar}http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host ${dollar}http_host;
proxy_pass http://admin:3001/god-mode/; proxy_pass http://admin:3001/god-mode/;
} }
location /api/ { location /api/ {
proxy_set_header X-Forwarded-For "${dollar}proxy_add_x_forwarded_for"; proxy_http_version 1.1;
proxy_set_header Host "${dollar}http_host"; proxy_set_header Upgrade ${dollar}http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host ${dollar}http_host;
proxy_pass http://api:8000/api/; proxy_pass http://api:8000/api/;
} }
location /auth/ { location /auth/ {
proxy_set_header X-Forwarded-For "${dollar}proxy_add_x_forwarded_for"; proxy_http_version 1.1;
proxy_set_header Host "${dollar}http_host"; proxy_set_header Upgrade ${dollar}http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host ${dollar}http_host;
proxy_pass http://api:8000/auth/; proxy_pass http://api:8000/auth/;
} }
location /spaces/ { location /spaces/ {
rewrite ^/spaces/?$ /spaces/login break; rewrite ^/spaces/?$ /spaces/login break;
proxy_http_version 1.1;
proxy_set_header Upgrade ${dollar}http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host ${dollar}http_host;
proxy_pass http://space:3002/spaces/; proxy_pass http://space:3002/spaces/;
} }
location /${BUCKET_NAME}/ { location /${BUCKET_NAME}/ {
proxy_http_version 1.1;
proxy_set_header Upgrade ${dollar}http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host ${dollar}http_host;
proxy_pass http://plane-minio:9000/uploads/; proxy_pass http://plane-minio:9000/uploads/;
} }
} }

51
nginx/nginx.conf.template
View File

@ -18,34 +18,55 @@ http {
add_header X-Forwarded-Proto "${dollar}scheme"; add_header X-Forwarded-Proto "${dollar}scheme";
add_header X-Forwarded-Host "${dollar}host"; add_header X-Forwarded-Host "${dollar}host";
add_header X-Forwarded-For "${dollar}proxy_add_x_forwarded_for"; add_header X-Forwarded-For "${dollar}proxy_add_x_forwarded_for";
add_header Host "${dollar}http_host"; add_header X-Real-IP "${dollar}remote_addr";
location / { location / {
proxy_http_version 1.1;
proxy_set_header Upgrade ${dollar}http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host ${dollar}http_host;
proxy_pass http://web:3000/; proxy_pass http://web:3000/;
} }
location /api/ {
proxy_set_header X-Forwarded-For "${dollar}proxy_add_x_forwarded_for";
proxy_set_header Host "${dollar}http_host";
proxy_pass http://api:8000/api/;
}
location /spaces/ {
proxy_pass http://space:3000/spaces/;
}
location /god-mode/ { location /god-mode/ {
proxy_http_version 1.1;
proxy_set_header Upgrade ${dollar}http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host ${dollar}http_host;
proxy_pass http://admin:3000/god-mode/; proxy_pass http://admin:3000/god-mode/;
} }
location /api/ {
proxy_http_version 1.1;
proxy_set_header Upgrade ${dollar}http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host ${dollar}http_host;
proxy_pass http://api:8000/api/;
}
location /auth/ { location /auth/ {
proxy_set_header X-Forwarded-For "${dollar}proxy_add_x_forwarded_for"; proxy_http_version 1.1;
proxy_set_header Host "${dollar}http_host"; proxy_set_header Upgrade ${dollar}http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host ${dollar}http_host;
proxy_pass http://api:8000/auth/; proxy_pass http://api:8000/auth/;
} }
location /spaces/ {
rewrite ^/spaces/?$ /spaces/login break;
proxy_http_version 1.1;
proxy_set_header Upgrade ${dollar}http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host ${dollar}http_host;
proxy_pass http://space:3000/spaces/;
}
location /${BUCKET_NAME}/ { location /${BUCKET_NAME}/ {
proxy_pass http://plane-minio:9000/${BUCKET_NAME}/; proxy_http_version 1.1;
proxy_set_header Upgrade ${dollar}http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host ${dollar}http_host;
proxy_pass http://plane-minio:9000/uploads/;
} }
} }
} }