Merge pull request #5882 from avalonmediasystem/session_overflow

Limit the number of stream tokens in a user session to avoid SessionOverflow errors
avalonmediasystem · Jun 25, 2024 · 28fd378 · 28fd378
2 parents 8842a38 + 0809dbd
commit 28fd378
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 2 deletions.
diff --git a/app/models/stream_token.rb b/app/models/stream_token.rb
@@ -17,6 +17,8 @@ class StreamToken < ActiveRecord::Base
   class Unauthorized < Exception; end
 
   #  attr_accessible :token, :target, :expires
+  class_attribute :max_tokens_per_user
+  self.max_tokens_per_user = 2000
 
   def self.media_token(session)
     session[:hash_tokens] ||= []
@@ -75,7 +77,7 @@ def self.logout!(session)
 
   def self.purge_expired!(session)
     purged = expired.delete_all
-    session[:hash_tokens] = StreamToken.where(token: Array(session[:hash_tokens])).pluck(:token)
+    session[:hash_tokens] = StreamToken.where(token: Array(session[:hash_tokens])).order(expires: :desc).limit(max_tokens_per_user).pluck(:token)
     purged
   end
 

diff --git a/db/migrate/20240624204921_change_sessions_data_to_medium_text.rb b/db/migrate/20240624204921_change_sessions_data_to_medium_text.rb
@@ -0,0 +1,5 @@
+class ChangeSessionsDataToMediumText < ActiveRecord::Migration[7.0]
+  def change
+    change_column :sessions, :data, :text, limit: 16777215
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.0].define(version: 2024_05_31_201828) do
+ActiveRecord::Schema[7.0].define(version: 2024_06_24_204921) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
 

diff --git a/spec/models/stream_token_spec.rb b/spec/models/stream_token_spec.rb
@@ -131,5 +131,20 @@
         expect(session[:hash_tokens]).not_to include(token)
       end
     end
+
+    context 'with custom max_tokens_per_user' do
+      before do
+        allow(StreamToken).to receive(:max_tokens_per_user).and_return(10)
+      end
+
+      it 'limits the number of tokens in the session' do
+        (1..10).each { |i| StreamToken.find_or_create_session_token(session, i.to_s) }
+        expect(session[:hash_tokens].size).to eq 11
+        expect(session[:hash_tokens]).to include(token)
+        StreamToken.purge_expired!(session)
+        expect(session[:hash_tokens].size).to eq 10
+        expect(session[:hash_tokens]).not_to include(token)
+      end
+    end
   end
 end