[management] Replace in-memory expose tracker with SQL-backed operations (#5494)

The expose tracker used sync.Map for in-memory TTL tracking of active expose sessions, which broke and lost all sessions on restart. Replace with SQL-backed operations that reuse the existing meta_last_renewed_at column: - Add store methods: RenewEphemeralService, GetExpiredEphemeralServices, CountEphemeralServicesByPeer, EphemeralServiceExists - Move duplicate/limit checks inside a transaction with row-level locking (SELECT ... FOR UPDATE) to prevent concurrent bypass - Reaper re-checks expiry under row lock to avoid deleting a just-renewed service and prevent duplicate event emission - Add composite index on (source, source_peer) for efficient queries - Batch-limit and column-select the reaper query to avoid DB/GC spikes - Filter out malformed rows with empty source_peer
2026-04-18 08:16:39 +00:00 · 2026-03-04 18:15:13 +01:00
parent 9e01ea7aae
commit 8e7b016be2
8 changed files with 461 additions and 376 deletions
--- a/management/internals/modules/reverseproxy/service/service.go
+++ b/management/internals/modules/reverseproxy/service/service.go
@@ -133,8 +133,8 @@ type Service struct {
 	Meta              Meta       `gorm:"embedded;embeddedPrefix:meta_"`
 	SessionPrivateKey string     `gorm:"column:session_private_key"`
 	SessionPublicKey  string     `gorm:"column:session_public_key"`
-	Source            string     `gorm:"default:'permanent'"`
-	SourcePeer        string
+	Source            string     `gorm:"default:'permanent';index:idx_service_source_peer"`
+	SourcePeer        string     `gorm:"index:idx_service_source_peer"`
 }

 func NewService(accountID, name, domain, proxyCluster string, targets []*Target, enabled bool) *Service {