refactor: adjust login settings logic

agent/cmd/server/docs/x-log.json

@@ -858,6 +858,15 @@
 		"formatZH": "查看 AI 网关 API Key [id]",
 		"formatEN": "reveal AI proxy API key [id]"
 	},
+	"/core/enterprise/ai-proxy/api-keys/token/reset": {
+		"bodyKeys": [
+			"id"
+		],
+		"paramKeys": [],
+		"beforeFunctions": [],
+		"formatZH": "重置 AI 网关 API Key Token [id]",
+		"formatEN": "reset AI proxy API key token [id]"
+	},
 	"/core/enterprise/ai-proxy/api-keys/update": {
 		"bodyKeys": [
 			"id",

core/app/api/v2/setting.go

@@ -7,6 +7,7 @@ import (
 	"os"
 	"path"
 	"regexp"
+	"strconv"
 	"strings"
 
 	"github.com/1Panel-dev/1Panel/core/app/api/v2/helper"
@@ -94,6 +95,10 @@ func (b *BaseApi) UpdateSetting(c *gin.Context) {
 			return
 		}
 	}
+	if !checkSettingValueRange(req.Key, req.Value) {
+		helper.ErrorWithDetail(c, http.StatusBadRequest, "ErrInvalidParams", buserr.WithName("ErrInvalidParams", req.Value))
+		return
+	}
 	if req.Key == "PasskeyTrustedProxies" {
 		value, err := normalizePasskeyTrustedProxies(req.Value)
 		if err != nil {
@@ -113,6 +118,25 @@ func (b *BaseApi) UpdateSetting(c *gin.Context) {
 	helper.Success(c)
 }
 
+func checkSettingValueRange(key, value string) bool {
+	switch key {
+	case "SessionTimeout":
+		valueNum, err := strconv.Atoi(value)
+		if err != nil {
+			return false
+		}
+		return valueNum >= 300 && valueNum <= 864000
+	case "ExpirationDays":
+		valueNum, err := strconv.Atoi(value)
+		if err != nil {
+			return false
+		}
+		return valueNum >= 0 && valueNum <= 60
+	default:
+		return true
+	}
+}
+
 // @Tags System Setting
 // @Summary Update system terminal setting
 // @Accept json

core/app/auth/auth.go

@@ -245,8 +245,6 @@ func GetCurrentUserInfo() (*dto.CurrentUserInfo, error) {
 	if err := json.Unmarshal(arr, &info); err != nil {
 		return nil, err
 	}
-	info.SessionTimeout, _ = strconv.Atoi(settingMap["SessionTimeout"])
-	info.ExpirationDays, _ = strconv.Atoi(settingMap["ExpirationDays"])
 	info.MFAInterval, _ = strconv.Atoi(settingMap["MFAInterval"])
 	info.ApiKeyValidityTime, _ = strconv.Atoi(settingMap["ApiKeyValidityTime"])
 	info.Name = settingMap["UserName"]
@@ -255,6 +253,13 @@ func GetCurrentUserInfo() (*dto.CurrentUserInfo, error) {
 	info.NodeRoles = []dto.CurrentUserNodeRole{}
 	return &info, nil
 }
+func LoadPasswordExpirationTime(_ *gin.Context) (string, error) {
+	return repo.NewISettingRepo().GetValueByKey("ExpirationTime")
+}
+func SyncPasswordExpirationTime(expirationDays string) error {
+	expiredDays, _ := strconv.Atoi(expirationDays)
+	return repo.NewISettingRepo().Update("ExpirationTime", buildPasswordExpirationTime(expiredDays))
+}
 func UpdateCurrentUserInfo(c *gin.Context, req dto.CurrentUserUpdate) error {
 	settingRepo := repo.NewISettingRepo()
 	currentName, err := settingRepo.GetValueByKey("UserName")
@@ -281,20 +286,6 @@ func UpdateCurrentUserInfo(c *gin.Context, req dto.CurrentUserUpdate) error {
 	if err := settingRepo.Update("UserName", req.Name); err != nil {
 		return err
 	}
-	if err := settingRepo.Update("SessionTimeout", strconv.Itoa(req.SessionTimeout)); err != nil {
-		return err
-	}
-	if err := settingRepo.Update("ExpirationDays", strconv.Itoa(req.ExpirationDays)); err != nil {
-		return err
-	}
-
-	expirationTime := ""
-	if req.ExpirationDays != 0 {
-		expirationTime = time.Now().AddDate(0, 0, req.ExpirationDays).Format(constant.DateTimeLayout)
-	}
-	if err := settingRepo.Update("ExpirationTime", expirationTime); err != nil {
-		return err
-	}
 	if shouldDeleteSession {
 		deleteCurrentSession(c)
 	}
@@ -349,43 +340,19 @@ func HandlePasswordExpired(c *gin.Context, old, new string) error {
 			return err
 		}
 		timeout, _ := strconv.Atoi(expiredSetting.Value)
-		if err := settingRepo.Update("ExpirationTime", time.Now().AddDate(0, 0, timeout).Format(constant.DateTimeLayout)); err != nil {
+		if err := settingRepo.Update("ExpirationTime", buildPasswordExpirationTime(timeout)); err != nil {
 			return err
 		}
 		return nil
 	}
 	return buserr.New("ErrInitialPassword")
 }
 
-func LoadSessionTimeout(sessionUser psession.SessionUser) (int, error) {
-	settingRepo := repo.NewISettingRepo()
-	sessionTimeout, err := settingRepo.GetValueByKey("SessionTimeout")
-	if err != nil {
-		return 0, err
-	}
-	lifeTime, _ := strconv.Atoi(sessionTimeout)
-	return lifeTime, nil
-}
-func LoadExpired(sessionUser psession.SessionUser) (bool, time.Time, error) {
-	settingRepo := repo.NewISettingRepo()
-	expirationDays, err := settingRepo.GetValueByKey("ExpirationDays")
-	if err != nil {
-		return true, time.Time{}, err
-	}
-	expiredDays, _ := strconv.Atoi(expirationDays)
-	if expiredDays == 0 {
-		return false, time.Time{}, nil
-	}
-
-	expirationTime, err := settingRepo.GetValueByKey("ExpirationTime")
-	if err != nil {
-		return true, time.Time{}, err
-	}
-	expiredTime, err := time.ParseInLocation(constant.DateTimeLayout, expirationTime, common.LoadExpiredLocation())
-	if err != nil {
-		return true, time.Time{}, err
+func buildPasswordExpirationTime(expirationDays int) string {
+	if expirationDays == 0 {
+		return ""
 	}
-	return true, expiredTime, nil
+	return time.Now().AddDate(0, 0, expirationDays).Format(constant.DateTimeLayout)
 }
 
 func deleteCurrentSession(c *gin.Context) {

core/app/dto/auth.go

@@ -62,11 +62,8 @@ type ApiInterfaceConfig struct {
 
 type CurrentUserInfo struct {
 	Name              string `json:"name"`
-	SessionTimeout    int    `json:"sessionTimeout"`
 	MFAStatus         string `json:"mfaStatus"`
 	MFAInterval       int    `json:"mfaInterval"`
-	ExpirationDays    int    `json:"expirationDays"`
-	ExpirationTime    string `json:"expirationTime"`
 	ComplexitySetting string `json:"complexitySetting"`
 
 	ApiInterfaceStatus string `json:"apiInterfaceStatus"`
@@ -87,10 +84,7 @@ type CurrentUserNodeRole struct {
 }
 
 type CurrentUserUpdate struct {
-	Name           string `json:"name" validate:"required"`
-	Password       string `json:"password"`
-	OldPassword    string `json:"oldPassword"`
-	SessionTimeout int    `json:"sessionTimeout" validate:"required,min=300,max=864000"`
-	ExpirationDays int    `json:"expirationDays" validate:"min=0,max=60"`
-	ExpirationTime string `json:"expirationTime"`
+	Name        string `json:"name" validate:"required"`
+	Password    string `json:"password"`
+	OldPassword string `json:"oldPassword"`
 }

core/app/dto/setting.go

@@ -9,16 +9,17 @@ type SettingInfo struct {
 	DeveloperMode       string `json:"developerMode"`
 	UpgradeBackupCopies string `json:"upgradeBackupCopies"`
 
-	Port        string `json:"port"`
-	Ipv6        string `json:"ipv6"`
-	BindAddress string `json:"bindAddress"`
-	PanelName   string `json:"panelName"`
-	Edition     string `json:"edition"`
-	Theme       string `json:"theme"`
-	MenuTabs    string `json:"menuTabs"`
-	Language    string `json:"language"`
-	DocSource   string `json:"docSource"`
-	IsOffline   string `json:"isOffline"`
+	SessionTimeout string `json:"sessionTimeout"`
+	Port           string `json:"port"`
+	Ipv6           string `json:"ipv6"`
+	BindAddress    string `json:"bindAddress"`
+	PanelName      string `json:"panelName"`
+	Edition        string `json:"edition"`
+	Theme          string `json:"theme"`
+	MenuTabs       string `json:"menuTabs"`
+	Language       string `json:"language"`
+	DocSource      string `json:"docSource"`
+	IsOffline      string `json:"isOffline"`
 
 	ServerPort                 string `json:"serverPort"`
 	SSL                        string `json:"ssl"`
@@ -30,7 +31,6 @@ type SettingInfo struct {
 	DashboardMemoVisible       string `json:"dashboardMemoVisible"`
 	DashboardSimpleNodeVisible string `json:"dashboardSimpleNodeVisible"`
 	ExpirationDays             string `json:"expirationDays"`
-	ExpirationTime             string `json:"expirationTime"`
 	ComplexityVerification     string `json:"complexityVerification"`
 
 	AppStoreVersion      string `json:"appStoreVersion"`

core/app/service/setting.go

@@ -169,11 +169,17 @@ func (u *SettingService) Update(c *gin.Context, key, value string) error {
 	if oldVal.Value == value {
 		return nil
 	}
+	sessionLifeTime := 0
 	switch key {
 	case "IsOffline":
 		if !global.CONF.Base.IsEnterprise {
 			return buserr.New("ErrNotSupportInEnterpriseEdition")
 		}
+	case "SessionTimeout":
+		sessionLifeTime, err = strconv.Atoi(value)
+		if err != nil {
+			return err
+		}
 	case "AppStoreLastModified":
 		exist, _ := settingRepo.Get(repo.WithByKey("AppStoreLastModified"))
 		if exist.ID == 0 {
@@ -200,6 +206,14 @@ func (u *SettingService) Update(c *gin.Context, key, value string) error {
 	if err := settingRepo.Update(key, value); err != nil {
 		return err
 	}
+	if key == "ExpirationDays" {
+		if err := xpack.AuthProvider.SyncPasswordExpirationTime(value); err != nil {
+			return err
+		}
+	}
+	if key == "SessionTimeout" {
+		global.SESSION.ApplyTimeout(sessionLifeTime)
+	}
 
 	switch key {
 	case "BindDomain":
@@ -504,37 +518,6 @@ func (u *SettingService) LoadFromCert() (*dto.SSLInfo, error) {
 	return &data, nil
 }
 
-func (u *SettingService) HandlePasswordExpired(c *gin.Context, old, new string) error {
-	setting, err := settingRepo.Get(repo.WithByKey("Password"))
-	if err != nil {
-		return err
-	}
-	passwordFromDB, err := encrypt.StringDecrypt(setting.Value)
-	if err != nil {
-		return err
-	}
-	if passwordFromDB == old {
-		newPassword, err := encrypt.StringEncrypt(new)
-		if err != nil {
-			return err
-		}
-		if err := settingRepo.Update("Password", newPassword); err != nil {
-			return err
-		}
-
-		expiredSetting, err := settingRepo.Get(repo.WithByKey("ExpirationDays"))
-		if err != nil {
-			return err
-		}
-		timeout, _ := strconv.Atoi(expiredSetting.Value)
-		if err := settingRepo.Update("ExpirationTime", time.Now().AddDate(0, 0, timeout).Format(constant.DateTimeLayout)); err != nil {
-			return err
-		}
-		return nil
-	}
-	return buserr.New("ErrInitialPassword")
-}
-
 func (u *SettingService) GetTerminalInfo() (*dto.TerminalInfo, error) {
 	setting, err := settingRepo.List()
 	if err != nil {