fix(session): add connection timeout and retry options to redis (#8146)

* fix(session): add connection timeout and retry options to redis

* docs: add new redis options to docs

Signed-off-by: Amir Zarrinkafsh <nightah@me.com>

12 files changed, 120 insertions, 11 deletions

diff --git a/config.template.yml b/config.template.yml
index 54cd5cc88..c6231783d 100644
--- a/config.template.yml
+++ b/config.template.yml
@@ -797,6 +797,12 @@ session:
     ## Use a unix socket instead
     # host: '/var/run/redis/redis.sock'
 
+    ## The connection timeout in the duration common syntax.
+    # timeout: '5 seconds'
+
+    ## The maximum number of retries on a failed command. Set it to 0 to disable retries.
+    # max_retries: 3
+
     ## Username used for redis authentication. This is optional and a new feature in redis 6.0.
     # username: 'authelia'
 
diff --git a/docs/content/configuration/session/redis.md b/docs/content/configuration/session/redis.md
index a585d488f..b5dec107d 100644
--- a/docs/content/configuration/session/redis.md
+++ b/docs/content/configuration/session/redis.md
@@ -29,6 +29,8 @@ session:
   redis:
     host: '127.0.0.1'
     port: 6379
+    timeout: '5s'
+    max_retries: 0
     username: 'authelia'
     password: 'authelia'
     database_index: 0
@@ -80,6 +82,18 @@ quoted:
 host: '[fd00:1111:2222:3333::1]'
 ```
 
+### timeout
+
+{{< confkey type="string,integer" syntax="duration" default="5 seconds" required="no" >}}
+
+The Redis connection timeout.
+
+### max_retries
+
+{{< confkey type="integer" default="0" required="no" >}}
+
+The maximum number of retries on a failed command. Setting this option to 0 disables retries entirely.
+
 ### port
 
 {{< confkey type="integer" default="6379" required="no" >}}
diff --git a/docs/data/configkeys.json b/docs/data/configkeys.json
index 42ca4307f..cbaf653ba 100644
--- a/docs/data/configkeys.json
+++ b/docs/data/configkeys.json
@@ -435,6 +435,16 @@
         "env": "AUTHELIA_SESSION_REDIS_PORT"
     },
     {
+        "path": "session.redis.timeout",
+        "secret": false,
+        "env": "AUTHELIA_SESSION_REDIS_TIMEOUT"
+    },
+    {
+        "path": "session.redis.max_retries",
+        "secret": false,
+        "env": "AUTHELIA_SESSION_REDIS_MAX_RETRIES"
+    },
+    {
         "path": "session.redis.username",
         "secret": false,
         "env": "AUTHELIA_SESSION_REDIS_USERNAME"
diff --git a/docs/data/languages.json b/docs/data/languages.json
index 5c3985c62..cc1e0731b 100644
--- a/docs/data/languages.json
+++ b/docs/data/languages.json
@@ -433,7 +433,8 @@
             "display": "Chinese (Taiwan)",
             "locale": "zh-TW",
             "namespaces": [
-                "portal"
+                "portal",
+                "settings"
             ],
             "fallbacks": [
                 "en"
diff --git a/docs/data/misc.json b/docs/data/misc.json
index 2b9c11658..aa9efc8a9 100644
--- a/docs/data/misc.json
+++ b/docs/data/misc.json
@@ -7,8 +7,8 @@
     "latest": "4.38.17",
     "support": {
         "traefik": [
-            "v3.1.6",
-            "v2.11.12"
+            "v3.2.0",
+            "v2.11.13"
         ]
     }
 }
diff --git a/docs/static/schemas/latest/json-schema/configuration.json b/docs/static/schemas/latest/json-schema/configuration.json
index 873b1461a..97956a803 100644
--- a/docs/static/schemas/latest/json-schema/configuration.json
+++ b/docs/static/schemas/latest/json-schema/configuration.json
@@ -2832,6 +2832,26 @@
           "description": "The redis server port.",
           "default": 6379
         },
+        "timeout": {
+          "oneOf": [
+            {
+              "type": "string",
+              "pattern": "^\\d+\\s*(y|M|w|d|h|m|s|ms|((year|month|week|day|hour|minute|second|millisecond)s?))(\\s*\\d+\\s*(y|M|w|d|h|m|s|ms|((year|month|week|day|hour|minute|second|millisecond)s?)))*$"
+            },
+            {
+              "type": "integer",
+              "description": "The duration in seconds"
+            }
+          ],
+          "title": "Timeout",
+          "description": "The Redis server connection timeout."
+        },
+        "max_retries": {
+          "type": "integer",
+          "title": "Maximum Retries",
+          "description": "The maximum number of retries on a failed command.",
+          "default": 3
+        },
         "username": {
           "type": "string",
           "title": "Username",
diff --git a/docs/static/schemas/v4.38/json-schema/configuration.json b/docs/static/schemas/v4.38/json-schema/configuration.json
index 873b1461a..97956a803 100644
--- a/docs/static/schemas/v4.38/json-schema/configuration.json
+++ b/docs/static/schemas/v4.38/json-schema/configuration.json
@@ -2832,6 +2832,26 @@
           "description": "The redis server port.",
           "default": 6379
         },
+        "timeout": {
+          "oneOf": [
+            {
+              "type": "string",
+              "pattern": "^\\d+\\s*(y|M|w|d|h|m|s|ms|((year|month|week|day|hour|minute|second|millisecond)s?))(\\s*\\d+\\s*(y|M|w|d|h|m|s|ms|((year|month|week|day|hour|minute|second|millisecond)s?)))*$"
+            },
+            {
+              "type": "integer",
+              "description": "The duration in seconds"
+            }
+          ],
+          "title": "Timeout",
+          "description": "The Redis server connection timeout."
+        },
+        "max_retries": {
+          "type": "integer",
+          "title": "Maximum Retries",
+          "description": "The maximum number of retries on a failed command.",
+          "default": 3
+        },
         "username": {
           "type": "string",
           "title": "Username",
diff --git a/docs/static/schemas/v4.39/json-schema/configuration.json b/docs/static/schemas/v4.39/json-schema/configuration.json
index e1ac7f582..bc3db95db 100644
--- a/docs/static/schemas/v4.39/json-schema/configuration.json
+++ b/docs/static/schemas/v4.39/json-schema/configuration.json
@@ -2832,6 +2832,26 @@
           "description": "The redis server port.",
           "default": 6379
         },
+        "timeout": {
+          "oneOf": [
+            {
+              "type": "string",
+              "pattern": "^\\d+\\s*(y|M|w|d|h|m|s|ms|((year|month|week|day|hour|minute|second|millisecond)s?))(\\s*\\d+\\s*(y|M|w|d|h|m|s|ms|((year|month|week|day|hour|minute|second|millisecond)s?)))*$"
+            },
+            {
+              "type": "integer",
+              "description": "The duration in seconds"
+            }
+          ],
+          "title": "Timeout",
+          "description": "The Redis server connection timeout."
+        },
+        "max_retries": {
+          "type": "integer",
+          "title": "Maximum Retries",
+          "description": "The maximum number of retries on a failed command.",
+          "default": 3
+        },
         "username": {
           "type": "string",
           "title": "Username",
diff --git a/internal/configuration/config.template.yml b/internal/configuration/config.template.yml
index 54cd5cc88..c6231783d 100644
--- a/internal/configuration/config.template.yml
+++ b/internal/configuration/config.template.yml
@@ -797,6 +797,12 @@ session:
     ## Use a unix socket instead
     # host: '/var/run/redis/redis.sock'
 
+    ## The connection timeout in the duration common syntax.
+    # timeout: '5 seconds'
+
+    ## The maximum number of retries on a failed command. Set it to 0 to disable retries.
+    # max_retries: 3
+
     ## Username used for redis authentication. This is optional and a new feature in redis 6.0.
     # username: 'authelia'
 
diff --git a/internal/configuration/schema/keys.go b/internal/configuration/schema/keys.go
index 143d792ce..bc3b07460 100644
--- a/internal/configuration/schema/keys.go
+++ b/internal/configuration/schema/keys.go
@@ -193,6 +193,8 @@ var Keys = []string{
 	"session.cookies[]",
 	"session.redis.host",
 	"session.redis.port",
+	"session.redis.timeout",
+	"session.redis.max_retries",
 	"session.redis.username",
 	"session.redis.password",
 	"session.redis.database_index",
diff --git a/internal/configuration/schema/session.go b/internal/configuration/schema/session.go
index c2fc3f35b..2a01ed40e 100644
--- a/internal/configuration/schema/session.go
+++ b/internal/configuration/schema/session.go
@@ -43,14 +43,16 @@ type SessionCookie struct {
 
 // SessionRedis represents the configuration related to redis session store.
 type SessionRedis struct {
-	Host                     string `koanf:"host" json:"host" jsonschema:"title=Host" jsonschema_description:"The redis server host."`
-	Port                     int    `koanf:"port" json:"port" jsonschema:"default=6379,title=Host" jsonschema_description:"The redis server port."`
-	Username                 string `koanf:"username" json:"username" jsonschema:"title=Username" jsonschema_description:"The redis username."`
-	Password                 string `koanf:"password" json:"password" jsonschema:"title=Password" jsonschema_description:"The redis password."`
-	DatabaseIndex            int    `koanf:"database_index" json:"database_index" jsonschema:"default=0,title=Database Index" jsonschema_description:"The redis database index."`
-	MaximumActiveConnections int    `koanf:"maximum_active_connections" json:"maximum_active_connections" jsonschema:"default=8,title=Maximum Active Connections" jsonschema_description:"The maximum connections that can be made to redis at one time."`
-	MinimumIdleConnections   int    `koanf:"minimum_idle_connections" json:"minimum_idle_connections" jsonschema:"title=Minimum Idle Connections" jsonschema_description:"The minimum idle connections that should be open to redis."`
-	TLS                      *TLS   `koanf:"tls" json:"tls"`
+	Host                     string        `koanf:"host" json:"host" jsonschema:"title=Host" jsonschema_description:"The redis server host."`
+	Port                     int           `koanf:"port" json:"port" jsonschema:"default=6379,title=Host" jsonschema_description:"The redis server port."`
+	Timeout                  time.Duration `koanf:"timeout" json:"timeout" jsonschema:"default=5 seconds,title=Timeout" jsonschema_description:"The Redis server connection timeout."`
+	MaxRetries               int           `koanf:"max_retries" json:"max_retries" jsonschema:"default=3,title=Maximum Retries" jsonschema_description:"The maximum number of retries on a failed command."`
+	Username                 string        `koanf:"username" json:"username" jsonschema:"title=Username" jsonschema_description:"The redis username."`
+	Password                 string        `koanf:"password" json:"password" jsonschema:"title=Password" jsonschema_description:"The redis password."`
+	DatabaseIndex            int           `koanf:"database_index" json:"database_index" jsonschema:"default=0,title=Database Index" jsonschema_description:"The redis database index."`
+	MaximumActiveConnections int           `koanf:"maximum_active_connections" json:"maximum_active_connections" jsonschema:"default=8,title=Maximum Active Connections" jsonschema_description:"The maximum connections that can be made to redis at one time."`
+	MinimumIdleConnections   int           `koanf:"minimum_idle_connections" json:"minimum_idle_connections" jsonschema:"title=Minimum Idle Connections" jsonschema_description:"The minimum idle connections that should be open to redis."`
+	TLS                      *TLS          `koanf:"tls" json:"tls"`
 
 	HighAvailability *SessionRedisHighAvailability `koanf:"high_availability" json:"high_availability"`
 }
@@ -86,6 +88,8 @@ var DefaultSessionConfiguration = Session{
 // DefaultRedisConfiguration is the default redis configuration.
 var DefaultRedisConfiguration = SessionRedis{
 	Port:                     6379,
+	Timeout:                  time.Second * 5,
+	MaxRetries:               0,
 	MaximumActiveConnections: 8,
 	TLS: &TLS{
 		MinimumVersion: TLSVersion{Value: tls.VersionTLS12},
@@ -95,6 +99,8 @@ var DefaultRedisConfiguration = SessionRedis{
 // DefaultRedisHighAvailabilityConfiguration is the default redis configuration.
 var DefaultRedisHighAvailabilityConfiguration = SessionRedis{
 	Port:                     26379,
+	Timeout:                  time.Second * 5,
+	MaxRetries:               0,
 	MaximumActiveConnections: 8,
 	TLS: &TLS{
 		MinimumVersion: TLSVersion{Value: tls.VersionTLS12},
diff --git a/internal/session/provider_config.go b/internal/session/provider_config.go
index 3942d7661..3a2ec01f0 100644
--- a/internal/session/provider_config.go
+++ b/internal/session/provider_config.go
@@ -125,6 +125,8 @@ func NewSessionProvider(config schema.Session, certPool *x509.CertPool) (name st
 				Logger:           logging.LoggerCtxPrintf(logrus.TraceLevel),
 				MasterName:       config.Redis.HighAvailability.SentinelName,
 				SentinelAddrs:    addrs,
+				DialTimeout:      config.Redis.Timeout,
+				MaxRetries:       config.Redis.MaxRetries,
 				SentinelUsername: config.Redis.HighAvailability.SentinelUsername,
 				SentinelPassword: config.Redis.HighAvailability.SentinelPassword,
 				RouteByLatency:   config.Redis.HighAvailability.RouteByLatency,
@@ -155,6 +157,8 @@ func NewSessionProvider(config schema.Session, certPool *x509.CertPool) (name st
 				Logger:          logging.LoggerCtxPrintf(logrus.TraceLevel),
 				Network:         network,
 				Addr:            addr,
+				DialTimeout:     config.Redis.Timeout,
+				MaxRetries:      config.Redis.MaxRetries,
 				Username:        config.Redis.Username,
 				Password:        config.Redis.Password,
 				DB:              config.Redis.DatabaseIndex, // DB is the fasthttp/session property for the Redis DB Index.