fix: delete token by correct platformID && feat: adminToken can be retained for five minutes after deleting (#3313)

pkg/common/storage/controller/auth.go

@@ -17,6 +17,8 @@ import (
 type AuthDatabase interface {
 	// If the result is empty, no error is returned.
 	GetTokensWithoutError(ctx context.Context, userID string, platformID int) (map[string]int, error)
+
+	GetTemporaryTokensWithoutError(ctx context.Context, userID string, platformID int, token string) error
 	// Create token
 	CreateToken(ctx context.Context, userID string, platformID int) (string, error)
 
@@ -52,6 +54,10 @@ func (a *authDatabase) GetTokensWithoutError(ctx context.Context, userID string,
 	return a.cache.GetTokensWithoutError(ctx, userID, platformID)
 }
 
+func (a *authDatabase) GetTemporaryTokensWithoutError(ctx context.Context, userID string, platformID int, token string) error {
+	return a.cache.HasTemporaryToken(ctx, userID, platformID, token)
+}
+
 func (a *authDatabase) SetTokenMapByUidPid(ctx context.Context, userID string, platformID int, m map[string]int) error {
 	return a.cache.SetTokenMapByUidPid(ctx, userID, platformID, m)
 }
@@ -85,23 +91,30 @@ func (a *authDatabase) CreateToken(ctx context.Context, userID string, platformI
 		return "", err
 	}
 
-	deleteTokenKey, kickedTokenKey, err := a.checkToken(ctx, tokens, platformID)
+	deleteTokenKey, kickedTokenKey, adminTokens, err := a.checkToken(ctx, tokens, platformID)
 	if err != nil {
 		return "", err
 	}
 	if len(deleteTokenKey) != 0 {
-		err = a.cache.DeleteTokenByUidPid(ctx, userID, platformID, deleteTokenKey)
+		err = a.cache.DeleteTokenByTokenMap(ctx, userID, deleteTokenKey)
 		if err != nil {
 			return "", err
 		}
 	}
 	if len(kickedTokenKey) != 0 {
-		for _, k := range kickedTokenKey {
-			err := a.cache.SetTokenFlagEx(ctx, userID, platformID, k, constant.KickedToken)
-			if err != nil {
-				return "", err
+		for plt, ks := range kickedTokenKey {
+			for _, k := range ks {
+				err := a.cache.SetTokenFlagEx(ctx, userID, plt, k, constant.KickedToken)
+				if err != nil {
+					return "", err
+				}
+				log.ZDebug(ctx, "kicked token in create token", "token", k)
 			}
-			log.ZDebug(ctx, "kicked token in create token", "token", k)
+		}
+	}
+	if len(adminTokens) != 0 {
+		if err = a.cache.DeleteAndSetTemporary(ctx, userID, constant.AdminPlatformID, adminTokens); err != nil {
+			return "", err
 		}
 	}
 
@@ -119,12 +132,13 @@ func (a *authDatabase) CreateToken(ctx context.Context, userID string, platformI
 	return tokenString, nil
 }
 
-func (a *authDatabase) checkToken(ctx context.Context, tokens map[int]map[string]int, platformID int) ([]string, []string, error) {
-	// todo: Move the logic for handling old data to another location.
+// checkToken will check token by tokenPolicy and return deleteToken,kickToken,deleteAdminToken
+func (a *authDatabase) checkToken(ctx context.Context, tokens map[int]map[string]int, platformID int) (map[int][]string, map[int][]string, []string, error) {
+	// todo: Asynchronous deletion of old data.
 	var (
 		loginTokenMap  = make(map[int][]string) // The length of the value of the map must be greater than 0
-		deleteToken    = make([]string, 0)
-		kickToken      = make([]string, 0)
+		deleteToken    = make(map[int][]string)
+		kickToken      = make(map[int][]string)
 		adminToken     = make([]string, 0)
 		unkickTerminal = ""
 	)
@@ -133,7 +147,7 @@ func (a *authDatabase) checkToken(ctx context.Context, tokens map[int]map[string
 		for k, v := range tks {
 			_, err := tokenverify.GetClaimFromToken(k, authverify.Secret(a.accessSecret))
 			if err != nil || v != constant.NormalToken {
-				deleteToken = append(deleteToken, k)
+				deleteToken[plfID] = append(deleteToken[plfID], k)
 			} else {
 				if plfID != constant.AdminPlatformID {
 					loginTokenMap[plfID] = append(loginTokenMap[plfID], k)
@@ -153,14 +167,15 @@ func (a *authDatabase) checkToken(ctx context.Context, tokens map[int]map[string
 			}
 			limit := a.multiLogin.MaxNumOneEnd
 			if l > limit {
-				kickToken = append(kickToken, ts[:l-limit]...)
+				kickToken[plt] = ts[:l-limit]
 			}
 		}
 	case constant.AllLoginButSameTermKick:
 		for plt, ts := range loginTokenMap {
-			kickToken = append(kickToken, ts[:len(ts)-1]...)
+			kickToken[plt] = ts[:len(ts)-1]
+
 			if plt == platformID {
-				kickToken = append(kickToken, ts[len(ts)-1])
+				kickToken[plt] = append(kickToken[plt], ts[len(ts)-1])
 			}
 		}
 	case constant.PCAndOther:
@@ -168,29 +183,33 @@ func (a *authDatabase) checkToken(ctx context.Context, tokens map[int]map[string
 		if constant.PlatformIDToClass(platformID) != unkickTerminal {
 			for plt, ts := range loginTokenMap {
 				if constant.PlatformIDToClass(plt) != unkickTerminal {
-					kickToken = append(kickToken, ts...)
+					kickToken[plt] = ts
 				}
 			}
 		} else {
 			var (
-				preKick   []string
-				isReserve = true
+				preKickToken string
+				preKickPlt   int
+				reserveToken = false
 			)
 			for plt, ts := range loginTokenMap {
 				if constant.PlatformIDToClass(plt) != unkickTerminal {
 					// Keep a token from another end
-					if isReserve {
-						isReserve = false
-						kickToken = append(kickToken, ts[:len(ts)-1]...)
-						preKick = append(preKick, ts[len(ts)-1])
+					if !reserveToken {
+						reserveToken = true
+						kickToken[plt] = ts[:len(ts)-1]
+						preKickToken = ts[len(ts)-1]
+						preKickPlt = plt
 						continue
 					} else {
 						// Prioritize keeping Android
 						if plt == constant.AndroidPlatformID {
-							kickToken = append(kickToken, preKick...)
-							kickToken = append(kickToken, ts[:len(ts)-1]...)
+							if preKickToken != "" {
+								kickToken[preKickPlt] = append(kickToken[preKickPlt], preKickToken)
+							}
+							kickToken[plt] = ts[:len(ts)-1]
 						} else {
-							kickToken = append(kickToken, ts...)
+							kickToken[plt] = ts
 						}
 					}
 				}
@@ -203,19 +222,19 @@ func (a *authDatabase) checkToken(ctx context.Context, tokens map[int]map[string
 
 		for plt, ts := range loginTokenMap {
 			if constant.PlatformIDToClass(plt) == constant.PlatformIDToClass(platformID) {
-				kickToken = append(kickToken, ts...)
+				kickToken[plt] = ts
 			} else {
 				if _, ok := reserved[constant.PlatformIDToClass(plt)]; !ok {
 					reserved[constant.PlatformIDToClass(plt)] = struct{}{}
-					kickToken = append(kickToken, ts[:len(ts)-1]...)
+					kickToken[plt] = ts[:len(ts)-1]
 					continue
 				} else {
-					kickToken = append(kickToken, ts...)
+					kickToken[plt] = ts
 				}
 			}
 		}
 	default:
-		return nil, nil, errs.New("unknown multiLogin policy").Wrap()
+		return nil, nil, nil, errs.New("unknown multiLogin policy").Wrap()
 	}
 
 	//var adminTokenMaxNum = a.multiLogin.MaxNumOneEnd
@@ -226,8 +245,9 @@ func (a *authDatabase) checkToken(ctx context.Context, tokens map[int]map[string
 	//if l > adminTokenMaxNum {
 	//	kickToken = append(kickToken, adminToken[:l-adminTokenMaxNum]...)
 	//}
+	var deleteAdminToken []string
 	if platformID == constant.AdminPlatformID {
-		kickToken = append(kickToken, adminToken...)
+		deleteAdminToken = adminToken
 	}
-	return deleteToken, kickToken, nil
+	return deleteToken, kickToken, deleteAdminToken, nil
 }