feat: 优化会话过期逻辑

Dockerfile-base

@@ -29,7 +29,7 @@ RUN set -ex \
     && chmod 755 /usr/local/bin/check \
     && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz
 
-ARG WISP_VERSION=v0.2.1
+ARG WISP_VERSION=v0.2.2
 RUN set -ex \
     && wget https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \
     && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \

backend/framework/src/main/java/org/jumpserver/chen/framework/session/impl/JMSSession.java

@@ -17,6 +17,7 @@
 import org.jumpserver.chen.framework.jms.impl.ReplayHandlerImpl;
 import org.jumpserver.chen.framework.session.QueryAuditFunction;
 import org.jumpserver.chen.framework.session.SessionManager;
+import org.jumpserver.chen.framework.session.controller.dialog.Button;
 import org.jumpserver.chen.framework.session.controller.dialog.Dialog;
 import org.jumpserver.chen.framework.session.controller.message.MessageLevel;
 import org.jumpserver.chen.framework.session.exception.SessionException;
@@ -29,6 +30,7 @@
 import java.sql.SQLException;
 import java.text.SimpleDateFormat;
 import java.time.Instant;
+import java.time.LocalDateTime;
 import java.util.List;
 
 @Slf4j
@@ -45,9 +47,14 @@ public class JMSSession extends BaseSession {
     private final List<Common.CommandACL> commandACLs;
     private final long maxIdleTimeDelta;
     private final long expireTime;
+
+
     private long lastActiveTime;
 
-    private int maxSessionTime;
+    private LocalDateTime maxSessionEndTime;
+    private LocalDateTime dynamicEndTime;
+    private String dynamicEndReason;
+
     private Thread waitIdleTimeThread;
     @Setter
     private String gatewayId;
@@ -86,13 +93,37 @@ public JMSSession(Common.Session session,
         this.commandACLs = tokenResp.getData().getFilterRulesList();
         this.expireTime = tokenResp.getData().getExpireInfo().getExpireAt();
         this.maxIdleTimeDelta = tokenResp.getData().getSetting().getMaxIdleTime();
-        this.maxSessionTime = tokenResp.getData().getSetting().getMaxSessionTime();
+
+        this.maxSessionEndTime = LocalDateTime.now().plusHours(tokenResp.getData().getSetting().getMaxSessionTime());
+        this.dynamicEndTime = LocalDateTime.now().plusHours(tokenResp.getData().getSetting().getMaxSessionTime());
+
         this.canUpload = tokenResp.getData().getPermission().getEnableUpload();
         this.canDownload = tokenResp.getData().getPermission().getEnableDownload();
         this.canCopy = tokenResp.getData().getPermission().getEnableCopy();
         this.canPaste = tokenResp.getData().getPermission().getEnablePaste();
     }
 
+
+    public void setDynamicEndInfo(String reason) {
+        this.dynamicEndReason = reason;
+        this.dynamicEndTime = LocalDateTime.now().plusMinutes(10);
+
+        var dialog = new Dialog(MessageUtils.get("PermissionExpiredDialogTitle"));
+
+        dialog.setBody(MessageUtils.get("PermissionExpiredDialogMessage"));
+
+        dialog.addButton(new Button(MessageUtils.get("Cancel"), "cancel", () -> this.getController().closeDialog()));
+
+        this.getController().showDialog(dialog);
+
+    }
+
+    public void resetDynamicEndInfo() {
+        this.dynamicEndReason = "";
+        this.dynamicEndTime = this.maxSessionEndTime;
+    }
+
+
     @Override
     public void recordCommand(String command) {
         CommandRecord commandRecord = new CommandRecord(command);
@@ -183,11 +214,15 @@ private void startWaitIdleTime() {
                             this.close("OverMaxIdleTimeError", "idle_disconnect", this.maxIdleTimeDelta);
                             return;
                         }
-
-                        if (now - this.lastActiveTime > (long) this.maxSessionTime * 1000 * 60 * 60) {
-                            this.close("OverMaxSessionTimeError", "max_session_timeout", this.maxSessionTime);
+                        if (LocalDateTime.now().isAfter(this.maxSessionEndTime)) {
+                            this.close("OverMaxSessionTimeError", "max_session_timeout", this.maxSessionEndTime);
                             return;
                         }
+                        if (LocalDateTime.now().isAfter(this.dynamicEndTime)) {
+                            this.close("OverMaxSessionTimeError", this.dynamicEndReason, this.dynamicEndTime);
+                            return;
+                        }
+
                     }
                 } catch (InterruptedException e) {
                     log.info("JMSSession waitIdleTimeThread interrupted, close it");

backend/web/src/main/java/org/jumpserver/chen/web/hook/RegisterJMSEvent.java

@@ -78,11 +78,14 @@ public void onNext(ServiceOuterClass.TaskResponse taskResponse) {
                         if (targetSession != null) {
                             switch (taskResponse.getTask().getAction()) {
                                 case KillSession ->
-                                        targetSession.close("SessionClosedBy","admin_terminate", taskResponse.getTask().getTerminatedBy());
+                                        targetSession.close("SessionClosedBy", "admin_terminate", taskResponse.getTask().getTerminatedBy());
 
                                 case LockSession -> targetSession.lockSession(taskResponse.getTask().getCreatedBy());
                                 case UnlockSession ->
                                         targetSession.unloadSession(taskResponse.getTask().getCreatedBy());
+                                case TokenPermExpired ->
+                                        targetSession.setDynamicEndInfo(taskResponse.getTask().getTokenStatus().getDetail());
+                                case TokenPermValid -> targetSession.resetDynamicEndInfo();
                             }
                             var req = ServiceOuterClass.FinishedTaskRequest
                                     .newBuilder()

backend/web/src/main/java/org/jumpserver/chen/web/service/impl/JmsSessionService.java

@@ -126,6 +126,7 @@ private Common.Session createJMSSession(ServiceOuterClass.TokenResponse tokenRes
                 .setProtocol(tokenResp.getData().getAsset().getProtocols(0).getName())
                 .setDateStart(System.currentTimeMillis() / 1000)
                 .setRemoteAddr(remoteAddr)
+                .setTokenId(tokenResp.getData().getKeyId())
                 .build();
 
         var sessionResp = this.serviceBlockingStub.createSession(