fix(settings): normalize API token timestamps (#5599)

* fix(settings): normalize API token timestamps

* refactor(api-token): share timestamp threshold

---------

Co-authored-by: Tomilla <5007859+Tomilla@users.noreply.github.com>
This commit is contained in:
Tomi lla
2026-06-27 16:30:58 +08:00
committed by GitHub
parent 6964d84742
commit 7a2179535a
7 changed files with 141 additions and 4 deletions
@@ -0,0 +1,49 @@
package database
import (
"testing"
"github.com/mhsanaei/3x-ui/v3/internal/database/model"
"gorm.io/driver/sqlite"
"gorm.io/gorm"
"gorm.io/gorm/logger"
)
func TestNormalizeApiTokenCreatedAtSeconds(t *testing.T) {
originalDB := db
t.Cleanup(func() { db = originalDB })
var err error
db, err = gorm.Open(sqlite.Open(":memory:"), &gorm.Config{Logger: logger.Discard})
if err != nil {
t.Fatalf("open sqlite: %v", err)
}
if err := db.AutoMigrate(&model.ApiToken{}); err != nil {
t.Fatalf("migrate api_tokens: %v", err)
}
rows := []model.ApiToken{
{Name: "seconds", Token: "a", CreatedAt: 1_782_485_394},
{Name: "milliseconds", Token: "b", CreatedAt: 1_782_485_394_270},
}
if err := db.Create(&rows).Error; err != nil {
t.Fatalf("seed api tokens: %v", err)
}
if err := normalizeApiTokenCreatedAtSeconds(); err != nil {
t.Fatalf("normalize timestamps: %v", err)
}
if err := normalizeApiTokenCreatedAtSeconds(); err != nil {
t.Fatalf("normalize timestamps again: %v", err)
}
var got []model.ApiToken
if err := db.Order("id asc").Find(&got).Error; err != nil {
t.Fatalf("read api tokens: %v", err)
}
for _, row := range got {
if row.CreatedAt != 1_782_485_394 {
t.Fatalf("%s created_at = %d, want seconds", row.Name, row.CreatedAt)
}
}
}
+12
View File
@@ -94,6 +94,9 @@ func initModels() error {
if err := migrateHostVerifyPeerCertByNameColumn(); err != nil {
return err
}
if err := normalizeApiTokenCreatedAtSeconds(); err != nil {
return err
}
if err := dropLegacyForeignKeys(); err != nil {
return err
}
@@ -1085,6 +1088,15 @@ func InitDB(dbPath string) error {
return runSeeders(isUsersEmpty)
}
// normalizeApiTokenCreatedAtSeconds repairs rows written while ApiToken used
// autoCreateTime:milli. The threshold separates modern Unix milliseconds from
// Unix seconds and makes this safe to run on every startup.
func normalizeApiTokenCreatedAtSeconds() error {
return db.Model(&model.ApiToken{}).
Where("created_at >= ?", model.ApiTokenUnixMillisecondsThreshold).
UpdateColumn("created_at", gorm.Expr("created_at / ?", 1000)).Error
}
// sqliteSynchronous returns the SQLite synchronous mode, defaulting to FULL.
// Whitelisted because the value is interpolated directly into a PRAGMA string.
func sqliteSynchronous() string {
+5 -1
View File
@@ -149,12 +149,16 @@ type HistoryOfSeeders struct {
SeederName string `json:"seederName"`
}
// ApiTokenUnixMillisecondsThreshold separates legacy millisecond timestamps
// from the seconds-based API token timestamp contract.
const ApiTokenUnixMillisecondsThreshold int64 = 100_000_000_000
type ApiToken struct {
Id int `json:"id" gorm:"primaryKey;autoIncrement"`
Name string `json:"name" gorm:"uniqueIndex;not null"`
Token string `json:"token" gorm:"not null"` // SHA-256 hash; the plaintext is shown only once at creation
Enabled bool `json:"enabled" gorm:"default:true"`
CreatedAt int64 `json:"createdAt" gorm:"autoCreateTime:milli"`
CreatedAt int64 `json:"createdAt" gorm:"autoCreateTime"`
}
// MarshalJSON emits settings, streamSettings, and sniffing as nested JSON