28 lines
971 B
Python
28 lines
971 B
Python
|
|
"""User.session_epoch for server-side session revocation (SA4)
|
||
|
|
|
||
|
|
A monotonic per-user counter. A signed session cookie records the epoch it was minted under;
|
||
|
|
current_user rejects any cookie whose epoch is stale. Bumped on password reset, password change,
|
||
|
|
or "log out everywhere" — so a stolen/copied client-side cookie dies on those events instead of
|
||
|
|
staying valid until it expires. Existing rows default to 0 (matching a fresh cookie's absent/0 epoch).
|
||
|
|
"""
|
||
|
|
from typing import Sequence, Union
|
||
|
|
|
||
|
|
import sqlalchemy as sa
|
||
|
|
from alembic import op
|
||
|
|
|
||
|
|
revision: str = "0053_user_session_epoch"
|
||
|
|
down_revision: Union[str, None] = "0052_plex_show_meta"
|
||
|
|
branch_labels: Union[str, Sequence[str], None] = None
|
||
|
|
depends_on: Union[str, Sequence[str], None] = None
|
||
|
|
|
||
|
|
|
||
|
|
def upgrade() -> None:
|
||
|
|
op.add_column(
|
||
|
|
"users",
|
||
|
|
sa.Column("session_epoch", sa.Integer(), nullable=False, server_default="0"),
|
||
|
|
)
|
||
|
|
|
||
|
|
|
||
|
|
def downgrade() -> None:
|
||
|
|
op.drop_column("users", "session_epoch")
|