[WEB - 1333]fix: session age for admin and user (#4477)

* dev: fix session token save on admin and remove session save every request * dev: update session cookie age to environment variable * fix: adding save every request django session * dev: nginx configuration --------- Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
2024-06-14 14:31:34 +00:00 · 2024-05-16 16:17:05 +05:30 · 2024-05-16 16:17:05 +05:30 · 37cc8d7b77
commit 37cc8d7b77
parent e9d80efbc9
4 changed files with 68 additions and 24 deletions
--- a/apiserver/plane/authentication/utils/login.py
+++ b/apiserver/plane/authentication/utils/login.py
@ -1,5 +1,6 @@
 # Django imports
 from django.contrib.auth import login
+from django.conf import settings

 # Module imports
 from plane.authentication.utils.host import base_host
@ -7,6 +8,11 @@ from plane.authentication.utils.host import base_host

 def user_login(request, user, is_app=False, is_admin=False, is_space=False):
    login(request=request, user=user)
+
+    # If is admin cookie set the custom age
+    if is_admin:
+        request.session.set_expiry(settings.ADMIN_SESSION_COOKIE_AGE)
+
    device_info = {
        "user_agent": request.META.get("HTTP_USER_AGENT", ""),
        "ip_address": request.META.get("REMOTE_ADDR", ""),
--- a/apiserver/plane/settings/common.py
+++ b/apiserver/plane/settings/common.py
@ -328,14 +328,14 @@ DATA_UPLOAD_MAX_MEMORY_SIZE = int(os.environ.get("FILE_SIZE_LIMIT", 5242880))
 SESSION_COOKIE_SECURE = secure_origins
 SESSION_COOKIE_HTTPONLY = True
 SESSION_ENGINE = "plane.db.models.session"
-SESSION_COOKIE_AGE = 604800
+SESSION_COOKIE_AGE = os.environ.get("SESSION_COOKIE_AGE", 604800)
 SESSION_COOKIE_NAME = "plane-session-id"
 SESSION_COOKIE_DOMAIN = os.environ.get("COOKIE_DOMAIN", None)
 SESSION_SAVE_EVERY_REQUEST = True

 # Admin Cookie
 ADMIN_SESSION_COOKIE_NAME = "plane-admin-session-id"
-ADMIN_SESSION_COOKIE_AGE = 3600
+ADMIN_SESSION_COOKIE_AGE = os.environ.get("ADMIN_SESSION_COOKIE_AGE", 3600)

 # CSRF cookies
 CSRF_COOKIE_SECURE = secure_origins
--- a/nginx/nginx.conf.dev
+++ b/nginx/nginx.conf.dev
@ -18,37 +18,54 @@ http {
        add_header X-Forwarded-Proto         "${dollar}scheme";
        add_header X-Forwarded-Host          "${dollar}host";
        add_header X-Forwarded-For           "${dollar}proxy_add_x_forwarded_for";
-        add_header Host                      "${dollar}http_host";
+        add_header X-Real-IP                 "${dollar}remote_addr";

        location / {
-            proxy_pass http://web:3000/;
            proxy_http_version 1.1;
            proxy_set_header Upgrade ${dollar}http_upgrade;
            proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
+            proxy_pass http://web:3000/;
        }

        location /god-mode/ {
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade ${dollar}http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
            proxy_pass http://admin:3001/god-mode/;
        }

        location /api/ {
-            proxy_set_header X-Forwarded-For "${dollar}proxy_add_x_forwarded_for";
-            proxy_set_header Host            "${dollar}http_host";
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade ${dollar}http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
            proxy_pass http://api:8000/api/;
        }

        location /auth/ {
-            proxy_set_header X-Forwarded-For "${dollar}proxy_add_x_forwarded_for";
-            proxy_set_header Host            "${dollar}http_host";
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade ${dollar}http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
            proxy_pass http://api:8000/auth/;
        }

        location /spaces/ {
            rewrite ^/spaces/?$ /spaces/login break;            
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade ${dollar}http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
            proxy_pass http://space:3002/spaces/;
        }

        location /${BUCKET_NAME}/ {
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade ${dollar}http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
            proxy_pass http://plane-minio:9000/uploads/;
        }
    }
--- a/nginx/nginx.conf.template
+++ b/nginx/nginx.conf.template
@ -18,34 +18,55 @@ http {
        add_header X-Forwarded-Proto         "${dollar}scheme";
        add_header X-Forwarded-Host          "${dollar}host";
        add_header X-Forwarded-For           "${dollar}proxy_add_x_forwarded_for";
-        add_header Host                      "${dollar}http_host";
+        add_header X-Real-IP                 "${dollar}remote_addr";

        location / {
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade ${dollar}http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
            proxy_pass http://web:3000/;
        }

-        location /api/ {
-            proxy_set_header X-Forwarded-For "${dollar}proxy_add_x_forwarded_for";
-            proxy_set_header Host            "${dollar}http_host";
-            proxy_pass http://api:8000/api/;
-        }
-
-        location /spaces/ {
-            proxy_pass http://space:3000/spaces/;
-        }
-        
        location /god-mode/ {
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade ${dollar}http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
            proxy_pass http://admin:3000/god-mode/;
        }

+        location /api/ {
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade ${dollar}http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
+            proxy_pass http://api:8000/api/;
+        }
+
        location /auth/ {
-            proxy_set_header X-Forwarded-For "${dollar}proxy_add_x_forwarded_for";
-            proxy_set_header Host            "${dollar}http_host";
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade ${dollar}http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
            proxy_pass http://api:8000/auth/;
        }

+        location /spaces/ {
+            rewrite ^/spaces/?$ /spaces/login break;            
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade ${dollar}http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
+            proxy_pass http://space:3000/spaces/;
+        }
+
        location /${BUCKET_NAME}/ {
-            proxy_pass http://plane-minio:9000/${BUCKET_NAME}/;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade ${dollar}http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
+            proxy_pass http://plane-minio:9000/uploads/;
        }
    }
 }