From 98734b1c316f1f3f0919eca0312d40ccb1c3dab6 Mon Sep 17 00:00:00 2001 From: Ivo Oskamp Date: Thu, 28 May 2026 16:13:32 +0200 Subject: [PATCH] auth: purge expired sessions in worker tick --- .../clearview/src/clearview_app/worker.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/containers/clearview/src/clearview_app/worker.py b/containers/clearview/src/clearview_app/worker.py index 3d3f6ca..501106d 100644 --- a/containers/clearview/src/clearview_app/worker.py +++ b/containers/clearview/src/clearview_app/worker.py @@ -14,10 +14,13 @@ from .config import ( SCAN_TARGET_MAX_RETRIES, SCAN_TARGET_TIMEOUT_SEC, ) +from .auth.sessions import purge_expired from .db import SessionLocal from .models import PermissionDeviation, ScanJob, ScanTarget, TenantProfile from .scanners import AuthConfig, ProbeResult, probe, scan +_SESSION_PURGE_INTERVAL_SEC = 300 + log = logging.getLogger(__name__) @@ -25,6 +28,7 @@ class ScanWorker: def __init__(self) -> None: self._stop_event = threading.Event() self._thread: threading.Thread | None = None + self._last_session_purge: float = 0.0 def start(self) -> None: if self._thread and self._thread.is_alive(): @@ -41,10 +45,25 @@ class ScanWorker: def _run(self) -> None: while not self._stop_event.is_set(): + self._maybe_purge_sessions() did_work = self._process_next_job() if not did_work: self._stop_event.wait(SCAN_JOB_POLL_INTERVAL_SEC) + def _maybe_purge_sessions(self) -> None: + now = time.monotonic() + if now - self._last_session_purge < _SESSION_PURGE_INTERVAL_SEC: + return + self._last_session_purge = now + try: + with SessionLocal() as db: + removed = purge_expired(db) + db.commit() + if removed: + log.info("purged %d expired auth sessions", removed) + except Exception: + log.exception("auth session purge failed") + def _process_next_job(self) -> bool: with SessionLocal() as db: # Atomic claim: lock the chosen queued row and skip rows already