Page MenuHomePhabricator
Differential D5979

[keyserver] Clean up stale (>30min old) SIWE nonces
ClosedPublic
Actions

Authored by atul on Dec 21 2022, 4:59 PM.
Tags
None
Referenced Files
F3249454: D5979.diff
Fri, Nov 15, 2:50 PM
Unknown Object (File)
Mon, Nov 4, 1:16 AM
Unknown Object (File)
Mon, Nov 4, 1:16 AM
Unknown Object (File)
Mon, Nov 4, 1:16 AM
Unknown Object (File)
Mon, Nov 4, 1:16 AM
Unknown Object (File)
Mon, Nov 4, 1:16 AM
Unknown Object (File)
Mon, Oct 28, 11:33 AM
Unknown Object (File)
Tue, Oct 22, 5:16 PM
View All Files
Subscribers
None

Details

Reviewers
ashoat
tomek
Commits
rCOMM0eaf5cf64463: [keyserver] Clean up stale (>30min old) SIWE nonces
Summary

We decided that SIWE nonces should be valid for 30 minutes. In this diff we clean up stale nonces that are no longer valid from the siwe_nonces table every 24 hours as part of a cron job.

But doesn't that mean that a nonce could be valid for far longer than 30 minutes?

We're also going to be checking the creation_time of the nonce on every request to ensure that it's <30 minutes old. This is more to reduce clutter in the siwe_nonces table.

Test Plan
  1. Changed the lifetime to a minute and modified cron job schedule to force a run and observed that all the rows in siwe_nonces were removed (they were all stale):

03a698.png (452×1 px, 86 KB)

  1. Changed the lifetime to a minute and modified cron job schedule to force a run and added a bunch of nonces <1m old and ensured that only the stale rows in siwe_nonces were removed:

67504a.png (306×1 px, 60 KB)

Diff Detail

Repository
rCOMM Comm
Branch
master
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

atul created this revision.Dec 21 2022, 4:59 PM
atul published this revision for review.Dec 21 2022, 4:59 PM
atul edited the test plan for this revision. (Show Details)
Harbormaster completed remote builds in B14648: Diff 19983.Dec 21 2022, 5:14 PM
ashoat accepted this revision.Dec 21 2022, 5:35 PM
This revision is now accepted and ready to land.Dec 21 2022, 5:35 PM
atul updated this revision to Diff 20001.Dec 21 2022, 10:27 PM

fix nonceLifetime (changed to 1min when testing)

This revision was landed with ongoing or failed builds.Dec 21 2022, 10:29 PM
Closed by commit rCOMM0eaf5cf64463: [keyserver] Clean up stale (>30min old) SIWE nonces (authored by atul). · Explain Why
This revision was automatically updated to reflect the committed changes.
atul added a commit: rCOMM0eaf5cf64463: [keyserver] Clean up stale (>30min old) SIWE nonces.
Harbormaster completed remote builds in B14665: Diff 20001.Dec 21 2022, 10:41 PM

Revision Contents
Changeset List

PathSize
keyserver/
src/
cron/
2 lines
deleters/
17 lines

Diff 19983

View Options

keyserver/src/cron/cron.js

Loading...
View Options

keyserver/src/deleters/siwe-nonce-deleters.js

Loading...