From d9d88eb028becff34fd24b99a35bfa5635afb935 Mon Sep 17 00:00:00 2001
From: Jordan Bancino <jordan@bancino.net>
Date: Wed, 28 Dec 2022 15:52:19 +0000
Subject: [PATCH] Periodically purge old user interactive auth sessions.

Keeping them around is going to take up a lot of storage. If it takes more
than a half hour for a client to complete the auth, make him start over.
---
 src/Telodendria.c         |  3 ++-
 src/UserInteractiveAuth.c | 29 +++++++++++++++++------------
 2 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/src/Telodendria.c b/src/Telodendria.c
index 8a0c30d..4252dc1 100644
--- a/src/Telodendria.c
+++ b/src/Telodendria.c
@@ -68,7 +68,8 @@ TelodendriaMemoryHook(MemoryAction a, MemoryInfo * i, void *args)
             break;
     }
 
-    Log(lc, LOG_DEBUG, "%s:%d: %s %lu bytes of memory at %p.",
+    Log(lc, a == MEMORY_BAD_POINTER ? LOG_WARNING : LOG_DEBUG,
+        "%s:%d: %s %lu bytes of memory at %p.",
         MemoryInfoGetFile(i), MemoryInfoGetLine(i),
         action, MemoryInfoGetSize(i),
         MemoryInfoGetPointer(i));
diff --git a/src/UserInteractiveAuth.c b/src/UserInteractiveAuth.c
index d159cc1..8e443a0 100644
--- a/src/UserInteractiveAuth.c
+++ b/src/UserInteractiveAuth.c
@@ -70,19 +70,21 @@ UserInteractiveAuth(HttpServerContext * context, Db * db,
         HashMap *persist;
         char *session = UtilRandomString(24);
 
-        ref = DbCreate(db, 2, "user_interactive", session);
+        ref = DbLock(db, 1, "user_interactive");
+        if (!ref)
+        {
+            ref = DbCreate(db, 1, "user_interactive");
+        }
+
         persist = DbJson(ref);
-
-        HashMapSet(persist, "created",
-                   JsonValueInteger(UtilServerTs()));
-        HashMapSet(persist, "completed", JsonValueBoolean(0));
-
+        HashMapSet(persist, session, JsonValueNull());
         DbUnlock(db, ref);
 
         HttpResponseStatus(context, HTTP_UNAUTHORIZED);
         response = BuildDummyFlow();
 
-        HashMapSet(response, "session", JsonValueString(session));
+        HashMapSet(response, "session",
+            JsonValueString(UtilStringDuplicate(session)));
 
         return response;
     }
@@ -118,10 +120,10 @@ UserInteractiveAuth(HttpServerContext * context, Db * db,
         return MatrixErrorCreate(M_INVALID_PARAM);
     }
 
-    /* Check to see if session exists */
-    ref = DbLock(db, 2, "user_interactive", sessionStr);
+    ref = DbLock(db, 1, "user_interactive");
 
-    if (!ref)
+    /* Check to see if session exists */
+    if (!ref || !HashMapGet(DbJson(ref), sessionStr))
     {
         HttpResponseStatus(context, HTTP_BAD_REQUEST);
         return MatrixErrorCreate(M_UNKNOWN);
@@ -129,13 +131,16 @@ UserInteractiveAuth(HttpServerContext * context, Db * db,
 
     /* We only need to know that it exists. */
     DbUnlock(db, ref);
-    DbDelete(db, 2, "user_interactive", sessionStr);
 
     return NULL;                   /* All good, auth successful */
 }
 
 void
-UserInteractiveAuthCleanup(MatrixHttpHandlerArgs *args)
+UserInteractiveAuthCleanup(MatrixHttpHandlerArgs * args)
 {
     Log(args->lc, LOG_DEBUG, "Purging old user interactive auth sessions...");
+    if (!DbDelete(args->db, 1, "user_interactive"))
+    {
+        Log(args->lc, LOG_ERR, "Failed to purge user_interactive.");
+    }
 }