From 37cc8d7b77cfbc7749b735569c9929aff97365f5 Mon Sep 17 00:00:00 2001
From: Nikhil <118773738+pablohashescobar@users.noreply.github.com>
Date: Thu, 16 May 2024 16:17:05 +0530
Subject: [PATCH] [WEB - 1333]fix: session age for admin and user (#4477)

* dev: fix session token save on admin and remove session save every request

* dev: update session cookie age to environment variable

* fix: adding save every request django session

* dev:  nginx configuration

---------

Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
---
 apiserver/plane/authentication/utils/login.py |  6 +++
 apiserver/plane/settings/common.py            |  4 +-
 nginx/nginx.conf.dev                          | 31 ++++++++---
 nginx/nginx.conf.template                     | 51 +++++++++++++------
 4 files changed, 68 insertions(+), 24 deletions(-)

diff --git a/apiserver/plane/authentication/utils/login.py b/apiserver/plane/authentication/utils/login.py
index 45dbdc249..f5d453d02 100644
--- a/apiserver/plane/authentication/utils/login.py
+++ b/apiserver/plane/authentication/utils/login.py
@@ -1,5 +1,6 @@
 # Django imports
 from django.contrib.auth import login
+from django.conf import settings
 
 # Module imports
 from plane.authentication.utils.host import base_host
@@ -7,6 +8,11 @@ from plane.authentication.utils.host import base_host
 
 def user_login(request, user, is_app=False, is_admin=False, is_space=False):
     login(request=request, user=user)
+
+    # If is admin cookie set the custom age
+    if is_admin:
+        request.session.set_expiry(settings.ADMIN_SESSION_COOKIE_AGE)
+
     device_info = {
         "user_agent": request.META.get("HTTP_USER_AGENT", ""),
         "ip_address": request.META.get("REMOTE_ADDR", ""),
diff --git a/apiserver/plane/settings/common.py b/apiserver/plane/settings/common.py
index f043340a2..89696403e 100644
--- a/apiserver/plane/settings/common.py
+++ b/apiserver/plane/settings/common.py
@@ -328,14 +328,14 @@ DATA_UPLOAD_MAX_MEMORY_SIZE = int(os.environ.get("FILE_SIZE_LIMIT", 5242880))
 SESSION_COOKIE_SECURE = secure_origins
 SESSION_COOKIE_HTTPONLY = True
 SESSION_ENGINE = "plane.db.models.session"
-SESSION_COOKIE_AGE = 604800
+SESSION_COOKIE_AGE = os.environ.get("SESSION_COOKIE_AGE", 604800)
 SESSION_COOKIE_NAME = "plane-session-id"
 SESSION_COOKIE_DOMAIN = os.environ.get("COOKIE_DOMAIN", None)
 SESSION_SAVE_EVERY_REQUEST = True
 
 # Admin Cookie
 ADMIN_SESSION_COOKIE_NAME = "plane-admin-session-id"
-ADMIN_SESSION_COOKIE_AGE = 3600
+ADMIN_SESSION_COOKIE_AGE = os.environ.get("ADMIN_SESSION_COOKIE_AGE", 3600)
 
 # CSRF cookies
 CSRF_COOKIE_SECURE = secure_origins
diff --git a/nginx/nginx.conf.dev b/nginx/nginx.conf.dev
index 869c2e807..a6f20cbf5 100644
--- a/nginx/nginx.conf.dev
+++ b/nginx/nginx.conf.dev
@@ -18,37 +18,54 @@ http {
         add_header X-Forwarded-Proto         "${dollar}scheme";
         add_header X-Forwarded-Host          "${dollar}host";
         add_header X-Forwarded-For           "${dollar}proxy_add_x_forwarded_for";
-        add_header Host                      "${dollar}http_host";
+        add_header X-Real-IP                 "${dollar}remote_addr";
 
         location / {
-            proxy_pass http://web:3000/;
             proxy_http_version 1.1;
             proxy_set_header Upgrade ${dollar}http_upgrade;
             proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
+            proxy_pass http://web:3000/;
         }
 
         location /god-mode/ {
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade ${dollar}http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
             proxy_pass http://admin:3001/god-mode/;
         }
 
         location /api/ {
-            proxy_set_header X-Forwarded-For "${dollar}proxy_add_x_forwarded_for";
-            proxy_set_header Host            "${dollar}http_host";
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade ${dollar}http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
             proxy_pass http://api:8000/api/;
         }
 
         location /auth/ {
-            proxy_set_header X-Forwarded-For "${dollar}proxy_add_x_forwarded_for";
-            proxy_set_header Host            "${dollar}http_host";
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade ${dollar}http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
             proxy_pass http://api:8000/auth/;
         }
 
         location /spaces/ {
-            rewrite ^/spaces/?$ /spaces/login break;
+            rewrite ^/spaces/?$ /spaces/login break;            
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade ${dollar}http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
             proxy_pass http://space:3002/spaces/;
         }
 
         location /${BUCKET_NAME}/ {
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade ${dollar}http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
             proxy_pass http://plane-minio:9000/uploads/;
         }
     }
diff --git a/nginx/nginx.conf.template b/nginx/nginx.conf.template
index a03e8ee5f..56fdae8dc 100644
--- a/nginx/nginx.conf.template
+++ b/nginx/nginx.conf.template
@@ -18,34 +18,55 @@ http {
         add_header X-Forwarded-Proto         "${dollar}scheme";
         add_header X-Forwarded-Host          "${dollar}host";
         add_header X-Forwarded-For           "${dollar}proxy_add_x_forwarded_for";
-        add_header Host                      "${dollar}http_host";
+        add_header X-Real-IP                 "${dollar}remote_addr";
 
         location / {
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade ${dollar}http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
             proxy_pass http://web:3000/;
         }
 
-        location /api/ {
-            proxy_set_header X-Forwarded-For "${dollar}proxy_add_x_forwarded_for";
-            proxy_set_header Host            "${dollar}http_host";
-            proxy_pass http://api:8000/api/;
-        }
-
-        location /spaces/ {
-            proxy_pass http://space:3000/spaces/;
-        }
-        
         location /god-mode/ {
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade ${dollar}http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
             proxy_pass http://admin:3000/god-mode/;
         }
 
+        location /api/ {
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade ${dollar}http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
+            proxy_pass http://api:8000/api/;
+        }
+
         location /auth/ {
-            proxy_set_header X-Forwarded-For "${dollar}proxy_add_x_forwarded_for";
-            proxy_set_header Host            "${dollar}http_host";
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade ${dollar}http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
             proxy_pass http://api:8000/auth/;
         }
 
+        location /spaces/ {
+            rewrite ^/spaces/?$ /spaces/login break;            
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade ${dollar}http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
+            proxy_pass http://space:3000/spaces/;
+        }
+
         location /${BUCKET_NAME}/ {
-            proxy_pass http://plane-minio:9000/${BUCKET_NAME}/;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade ${dollar}http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host ${dollar}http_host;
+            proxy_pass http://plane-minio:9000/uploads/;
         }
     }
-}
\ No newline at end of file
+}