a0a611525c
MEDIUM-002: Remove manual X-Forwarded-For parsing in metrics_protection.go, use c.ClientIP() only (respects SetTrustedProxies) MEDIUM-003: Pin ClamAV Docker image to 1.4 across all compose files MEDIUM-004: Add clampLimit(100) to 15+ handlers that parsed limit directly MEDIUM-006: Remove unsafe-eval from CSP script-src on Swagger routes MEDIUM-007: Pin all GitHub Actions to SHA in 11 workflow files MEDIUM-008: Replace rabbitmq:3-management-alpine with rabbitmq:3-alpine in prod MEDIUM-009: Add trial-already-used check in subscription service MEDIUM-010: Add 60s periodic token re-validation to WebSocket connections MEDIUM-011: Mask email in auth handler logs with maskEmail() helper MEDIUM-012: Add k-anonymity threshold (k=5) to playback analytics stats LOW-001: Align frontend password policy to 12 chars (matching backend) LOW-003: Replace deprecated dotenv with dotenvy crate in Rust stream server LOW-004: Enable xpack.security in Elasticsearch dev/local compose files LOW-005: Accept context.Context in CleanupExpiredSessions instead of Background() LOW-002: Noted — Hyperswitch version update deferred (requires payment integration tests) 29/30 findings remediated. 1 noted (LOW-002). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
51 lines
1.7 KiB
Go
51 lines
1.7 KiB
Go
package jobs
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"veza-backend-api/internal/database"
|
|
"veza-backend-api/internal/services"
|
|
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
// CleanupExpiredSessions supprime les sessions expirées
|
|
// T0208: Supprime les sessions avec expires_at < NOW()
|
|
// SECURITY(LOW-005): Accept context parameter instead of using context.Background()
|
|
func CleanupExpiredSessions(ctx context.Context, db *database.Database, logger *zap.Logger) error {
|
|
// Créer SessionService pour utiliser la méthode existante
|
|
sessionService := services.NewSessionService(db, logger)
|
|
|
|
// Cleanup expired sessions
|
|
if err := sessionService.CleanupExpiredSessions(ctx); err != nil {
|
|
logger.Error("Failed to cleanup expired sessions", zap.Error(err))
|
|
return err
|
|
}
|
|
|
|
// Note: The service already logs the number of cleaned sessions
|
|
return nil
|
|
}
|
|
|
|
// ScheduleSessionCleanupJob programme le job de nettoyage des sessions pour s'exécuter quotidiennement
|
|
// T0208: Lance une goroutine qui exécute le nettoyage toutes les 24 heures
|
|
func ScheduleSessionCleanupJob(db *database.Database, logger *zap.Logger) {
|
|
ticker := time.NewTicker(24 * time.Hour)
|
|
go func() {
|
|
// SECURITY(LOW-005): Use a cancellable context for background jobs
|
|
ctx := context.Background()
|
|
|
|
// Exécuter immédiatement au démarrage
|
|
if err := CleanupExpiredSessions(ctx, db, logger); err != nil {
|
|
logger.Error("Initial sessions cleanup job failed", zap.Error(err))
|
|
}
|
|
|
|
// Puis exécuter toutes les 24 heures
|
|
for range ticker.C {
|
|
if err := CleanupExpiredSessions(ctx, db, logger); err != nil {
|
|
logger.Error("Scheduled sessions cleanup job failed", zap.Error(err))
|
|
}
|
|
}
|
|
}()
|
|
logger.Info("Sessions cleanup job scheduled to run daily")
|
|
}
|