pinakes-server: bound session concurrency; handle JoinError; make analytics

retention configurable Signed-off-by: NotAShelf <raf@notashelf.dev> Change-Id: Iaa35af821862eeadba0a4f384b2aec2c6a6a6964
2026-03-07 16:55:43 +03:00 · 2026-03-07 16:55:43 +03:00 · 01fc2021c0
commit 01fc2021c0
parent b24d4cbcdd
6 changed files with 42 additions and 16 deletions
--- a/crates/pinakes-server/src/auth.rs
+++ b/crates/pinakes-server/src/auth.rs
@ -84,26 +84,32 @@ pub async fn require_auth(
    let now = chrono::Utc::now();
    if session.expires_at < now {
      let username = session.username.clone();
-      // Delete expired session asynchronously (fire-and-forget)
-      let storage = state.storage.clone();
-      let token_owned = token.clone();
-      tokio::spawn(async move {
-        if let Err(e) = storage.delete_session(&token_owned).await {
-          tracing::error!(error = %e, "failed to delete expired session");
-        }
-      });
+      // Delete expired session in a bounded background task
+      if let Ok(permit) = state.session_semaphore.clone().try_acquire_owned() {
+        let storage = state.storage.clone();
+        let token_owned = token.clone();
+        tokio::spawn(async move {
+          if let Err(e) = storage.delete_session(&token_owned).await {
+            tracing::error!(error = %e, "failed to delete expired session");
+          }
+          drop(permit);
+        });
+      }
      tracing::info!(username = %username, "session expired");
      return unauthorized("session expired");
    }

-    // Update last_accessed timestamp asynchronously (fire-and-forget)
-    let storage = state.storage.clone();
-    let token_owned = token.clone();
-    tokio::spawn(async move {
-      if let Err(e) = storage.touch_session(&token_owned).await {
-        tracing::warn!(error = %e, "failed to update session last_accessed");
-      }
-    });
+    // Update last_accessed timestamp in a bounded background task
+    if let Ok(permit) = state.session_semaphore.clone().try_acquire_owned() {
+      let storage = state.storage.clone();
+      let token_owned = token.clone();
+      tokio::spawn(async move {
+        if let Err(e) = storage.touch_session(&token_owned).await {
+          tracing::warn!(error = %e, "failed to update session last_accessed");
+        }
+        drop(permit);
+      });
+    }

    // Parse role from string
    let role = match session.role.as_str() {