From 764d3569ce6584764b5f91e89e91a7623afd4f40 Mon Sep 17 00:00:00 2001 From: kolaente Date: Tue, 24 Feb 2026 11:48:14 +0100 Subject: [PATCH] fix: close leaked database sessions Add defer s.Close() to sessions that were never closed: - auth.GetAuthFromClaims inline session - models.deleteUsers cron function - notifications.notify database insert --- pkg/models/user_delete.go | 1 + pkg/modules/auth/auth.go | 4 +++- pkg/notifications/notification.go | 1 + 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/pkg/models/user_delete.go b/pkg/models/user_delete.go index d63b8f2e0..8a45f5a7c 100644 --- a/pkg/models/user_delete.go +++ b/pkg/models/user_delete.go @@ -42,6 +42,7 @@ func RegisterUserDeletionCron() { func deleteUsers() { s := db.NewSession() + defer s.Close() users := []*user.User{} err := s.Where(builder.Lt{"deletion_scheduled_at": time.Now()}). Find(&users) diff --git a/pkg/modules/auth/auth.go b/pkg/modules/auth/auth.go index 8cf5cb2ae..816474ba0 100644 --- a/pkg/modules/auth/auth.go +++ b/pkg/modules/auth/auth.go @@ -155,7 +155,9 @@ func GetAuthFromClaims(c *echo.Context) (a web.Auth, err error) { // check if we have a token in context and use it if that's the case if c.Get("api_token") != nil { apiToken := c.Get("api_token").(*models.APIToken) - u, err := user.GetUserByID(db.NewSession(), apiToken.OwnerID) + s := db.NewSession() + defer s.Close() + u, err := user.GetUserByID(s, apiToken.OwnerID) if err != nil { return nil, err } diff --git a/pkg/notifications/notification.go b/pkg/notifications/notification.go index 9f05c33a9..83677364d 100644 --- a/pkg/notifications/notification.go +++ b/pkg/notifications/notification.go @@ -109,6 +109,7 @@ func notifyDB(notifiable Notifiable, notification Notification) (err error) { } s := db.NewSession() + defer s.Close() dbNotification := &DatabaseNotification{ NotifiableID: notifiable.RouteForDB(), Notification: content,