From 134e2236a64f6056bb614224a2cc055f76dc6c7e Mon Sep 17 00:00:00 2001
From: Alireza Ahmadi <alireza7@gmail.com>
Date: Tue, 25 Apr 2023 08:41:11 +0200
Subject: [PATCH] [feature] add login session timeout

---
 web/assets/js/model/models.js          |  1 +
 web/controller/index.go                | 15 +++++++++++++--
 web/entity/entity.go                   |  1 +
 web/html/xui/component/setting.html    |  4 ++--
 web/html/xui/setting.html              |  1 +
 web/service/setting.go                 | 17 +++--------------
 web/session/session.go                 | 12 +++++++++++-
 web/translation/translate.en_US.toml   |  4 +++-
 web/translation/translate.fa_IR.toml   |  2 ++
 web/translation/translate.zh_Hans.toml |  2 ++
 10 files changed, 39 insertions(+), 20 deletions(-)

diff --git a/web/assets/js/model/models.js b/web/assets/js/model/models.js
index 45980764..03064a59 100644
--- a/web/assets/js/model/models.js
+++ b/web/assets/js/model/models.js
@@ -170,6 +170,7 @@ class AllSetting {
         this.webCertFile = "";
         this.webKeyFile = "";
         this.webBasePath = "/";
+        this.sessionMaxAge = "";
         this.expireDiff = "";
         this.trafficDiff = "";
         this.tgBotEnable = false;
diff --git a/web/controller/index.go b/web/controller/index.go
index b4f981e8..8543281b 100644
--- a/web/controller/index.go
+++ b/web/controller/index.go
@@ -18,8 +18,9 @@ type LoginForm struct {
 type IndexController struct {
 	BaseController
 
-	userService service.UserService
-	tgbot       service.Tgbot
+	settingService service.SettingService
+	userService    service.UserService
+	tgbot          service.Tgbot
 }
 
 func NewIndexController(g *gin.RouterGroup) *IndexController {
@@ -69,6 +70,16 @@ func (a *IndexController) login(c *gin.Context) {
 		a.tgbot.UserLoginNotify(form.Username, getRemoteIp(c), timeStr, 1)
 	}
 
+	sessionMaxAge, err := a.settingService.GetSessionMaxAge()
+	if err != nil {
+		logger.Infof("Unable to get session's max age from DB")
+	}
+
+	err = session.SetMaxAge(c, sessionMaxAge*60)
+	if err != nil {
+		logger.Infof("Unable to set session's max age")
+	}
+
 	err = session.SetLoginUser(c, user)
 	logger.Info("user", user.Id, "login success")
 	jsonMsg(c, I18n(c, "pages.login.toasts.successLogin"), err)
diff --git a/web/entity/entity.go b/web/entity/entity.go
index b464de00..0186a8c6 100644
--- a/web/entity/entity.go
+++ b/web/entity/entity.go
@@ -32,6 +32,7 @@ type AllSetting struct {
 	WebCertFile        string `json:"webCertFile" form:"webCertFile"`
 	WebKeyFile         string `json:"webKeyFile" form:"webKeyFile"`
 	WebBasePath        string `json:"webBasePath" form:"webBasePath"`
+	SessionMaxAge      int    `json:"sessionMaxAge" form:"sessionMaxAge"`
 	ExpireDiff         int    `json:"expireDiff" form:"expireDiff"`
 	TrafficDiff        int    `json:"trafficDiff" form:"trafficDiff"`
 	TgBotEnable        bool   `json:"tgBotEnable" form:"tgBotEnable"`
diff --git a/web/html/xui/component/setting.html b/web/html/xui/component/setting.html
index 9f8e8cbc..00eeb259 100644
--- a/web/html/xui/component/setting.html
+++ b/web/html/xui/component/setting.html
@@ -9,7 +9,7 @@
                 <a-input :value="value" @input="$emit('input', $event.target.value)"></a-input>
             </template>
             <template v-else-if="type === 'number'">
-                <a-input type="number" :value="value" @input="$emit('input', $event.target.value)"></a-input>
+                <a-input type="number" :value="value" @input="$emit('input', $event.target.value)" :min="min"></a-input>
             </template>
             <template v-else-if="type === 'textarea'">
                 <a-textarea :value="value" @input="$emit('input', $event.target.value)" :auto-size="{ minRows: 10, maxRows: 10 }"></a-textarea>
@@ -25,7 +25,7 @@
 {{define "component/setting"}}
 <script>
     Vue.component('setting-list-item', {
-        props: ["type", "title", "desc", "value"],
+        props: ["type", "title", "desc", "value", "min"],
         template: `{{template "component/settingListItem"}}`,
     });
 </script>
diff --git a/web/html/xui/setting.html b/web/html/xui/setting.html
index 9c84169d..02681166 100644
--- a/web/html/xui/setting.html
+++ b/web/html/xui/setting.html
@@ -44,6 +44,7 @@
                                 <setting-list-item type="text" title='{{ i18n "pages.setting.publicKeyPath"}}' desc='{{ i18n "pages.setting.publicKeyPathDesc"}}' v-model="allSetting.webCertFile"></setting-list-item>
                                 <setting-list-item type="text" title='{{ i18n "pages.setting.privateKeyPath"}}' desc='{{ i18n "pages.setting.privateKeyPathDesc"}}' v-model="allSetting.webKeyFile"></setting-list-item>
                                 <setting-list-item type="text" title='{{ i18n "pages.setting.panelUrlPath"}}' desc='{{ i18n "pages.setting.panelUrlPathDesc"}}' v-model="allSetting.webBasePath"></setting-list-item>
+                                <setting-list-item type="number" title='{{ i18n "pages.setting.sessionMaxAge" }}' desc='{{ i18n "pages.setting.sessionMaxAgeDesc" }}'  v-model="allSetting.sessionMaxAge" :min="0"></setting-list-item>
                                 <setting-list-item type="number" title='{{ i18n "pages.setting.expireTimeDiff" }}' desc='{{ i18n "pages.setting.expireTimeDiffDesc" }}'  v-model="allSetting.expireDiff" :min="0"></setting-list-item>
                                 <setting-list-item type="number" title='{{ i18n "pages.setting.trafficDiff" }}' desc='{{ i18n "pages.setting.trafficDiffDesc" }}'  v-model="allSetting.trafficDiff" :min="0"></setting-list-item>
                                 <a-list-item>
diff --git a/web/service/setting.go b/web/service/setting.go
index 6801d596..2df89738 100644
--- a/web/service/setting.go
+++ b/web/service/setting.go
@@ -28,6 +28,7 @@ var defaultValueMap = map[string]string{
 	"webKeyFile":         "",
 	"secret":             random.Seq(32),
 	"webBasePath":        "/",
+	"sessionMaxAge":      "0",
 	"expireDiff":         "0",
 	"trafficDiff":        "0",
 	"timeLocation":       "Asia/Tehran",
@@ -234,18 +235,10 @@ func (s *SettingService) GetTgBotBackup() (bool, error) {
 	return s.getBool("tgBotBackup")
 }
 
-func (s *SettingService) SetTgBotBackup(value bool) error {
-	return s.setBool("tgBotBackup", value)
-}
-
 func (s *SettingService) GetTgCpu() (int, error) {
 	return s.getInt("tgCpu")
 }
 
-func (s *SettingService) SetTgCpu(value int) error {
-	return s.setInt("tgCpu", value)
-}
-
 func (s *SettingService) GetPort() (int, error) {
 	return s.getInt("webPort")
 }
@@ -266,16 +259,12 @@ func (s *SettingService) GetExpireDiff() (int, error) {
 	return s.getInt("expireDiff")
 }
 
-func (s *SettingService) SetExpireDiff(value int) error {
-	return s.setInt("expireDiff", value)
-}
-
 func (s *SettingService) GetTrafficDiff() (int, error) {
 	return s.getInt("trafficDiff")
 }
 
-func (s *SettingService) SetgetTrafficDiff(value int) error {
-	return s.setInt("trafficDiff", value)
+func (s *SettingService) GetSessionMaxAge() (int, error) {
+	return s.getInt("sessionMaxAge")
 }
 
 func (s *SettingService) GetSecret() ([]byte, error) {
diff --git a/web/session/session.go b/web/session/session.go
index 2dfe94b6..ea04d0f9 100644
--- a/web/session/session.go
+++ b/web/session/session.go
@@ -2,9 +2,10 @@ package session
 
 import (
 	"encoding/gob"
+	"x-ui/database/model"
+
 	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
-	"x-ui/database/model"
 )
 
 const (
@@ -21,6 +22,15 @@ func SetLoginUser(c *gin.Context, user *model.User) error {
 	return s.Save()
 }
 
+func SetMaxAge(c *gin.Context, maxAge int) error {
+	s := sessions.Default(c)
+	s.Options(sessions.Options{
+		Path:   "/",
+		MaxAge: maxAge,
+	})
+	return s.Save()
+}
+
 func GetLoginUser(c *gin.Context) *model.User {
 	s := sessions.Default(c)
 	obj := s.Get(loginUser)
diff --git a/web/translation/translate.en_US.toml b/web/translation/translate.en_US.toml
index 68a2dea6..d2e9c10a 100644
--- a/web/translation/translate.en_US.toml
+++ b/web/translation/translate.en_US.toml
@@ -199,7 +199,7 @@
 "publicKeyPathDesc" = "Fill in an absolute path starting with '/', restart the panel to take effect"
 "privateKeyPath" = "Panel certificate private key file path"
 "privateKeyPathDesc" = "Fill in an absolute path starting with '/', restart the panel to take effect"
-"panelUrlPath" = "panel url root path"
+"panelUrlPath" = "Panel url root path"
 "panelUrlPathDesc" = "Must start with '/' and end with '/', restart the panel to take effect"
 "oldUsername" = "Current Username"
 "currentPassword" = "Current Password"
@@ -229,6 +229,8 @@
 "telegramNotifyTimeDesc" = "Using Crontab timing format. Restart the panel to take effect"
 "tgNotifyBackup" = "Database backup"
 "tgNotifyBackupDesc" = "Sending database backup file with report notification. Restart the panel to take effect"
+"sessionMaxAge" = "Session maximum age"
+"sessionMaxAgeDesc" = "The time that you can stay login (unit: minute)"
 "expireTimeDiff" = "Exhaustion time threshold"
 "expireTimeDiffDesc" = "Detect exhaustion before expiration (unit:day)"
 "trafficDiff" = "Exhaustion traffic threshold"
diff --git a/web/translation/translate.fa_IR.toml b/web/translation/translate.fa_IR.toml
index 123f2155..dccf3e32 100644
--- a/web/translation/translate.fa_IR.toml
+++ b/web/translation/translate.fa_IR.toml
@@ -229,6 +229,8 @@
 "telegramNotifyTimeDesc" = "از فرمت زمان بندی لینوکس استفاده کنید . پنل را مجدداً راه اندازی کنید تا اعمال شود"
 "tgNotifyBackup" = "پشتیبان گیری از پایگاه داده"
 "tgNotifyBackupDesc" = "ارسال کپی فایل پایگاه داده به همراه گزارش دوره ای"
+"sessionMaxAge" = "بیشینه زمان جلسه وب"
+"sessionMaxAgeDesc" = "بیشینه زمانی که میتوانید لاگین بمانید (واحد: دقیقه)"
 "expireTimeDiff" = "آستانه زمان باقی مانده"
 "expireTimeDiffDesc" = "فاصله زمانی هشدار تا رسیدن به زمان انقضا (واحد: روز)"
 "trafficDiff" = "آستانه ترافیک باقی مانده"
diff --git a/web/translation/translate.zh_Hans.toml b/web/translation/translate.zh_Hans.toml
index accb2d4a..12ef032b 100644
--- a/web/translation/translate.zh_Hans.toml
+++ b/web/translation/translate.zh_Hans.toml
@@ -229,6 +229,8 @@
 "telegramNotifyTimeDesc" = "采用Crontab定时格式,重启面板生效"
 "tgNotifyBackup" = "数据库备份"
 "tgNotifyBackupDesc" = "正在发送数据库备份文件和报告通知。重启面板生效"
+"sessionMaxAge" = "会话最大年龄"
+"sessionMaxAgeDesc" = "您可以保持登录状态的时间（单位：分钟）"
 "expireTimeDiff" = "耗尽时间阈值"
 "expireTimeDiffDesc" = "到期前检测耗尽（单位：天）"
 "trafficDiff" = "耗尽流量阈值"