optimize sql queries / indexing

Signed-off-by: chandi Langecker <git@chandi.it>

lib/Db/SessionMapper.php

@@ -38,9 +38,7 @@ class SessionMapper extends QBMapper {
 		$qb = $this->db->getQueryBuilder();
 		$result = $qb->select('*')
 			->from($this->getTableName())
-			->where($qb->expr()->eq('board_id', $qb->createNamedParameter($boardId)))
-			->andWhere($qb->expr()->eq('user_id', $qb->createNamedParameter($userId)))
-			->andWhere($qb->expr()->eq('token', $qb->createNamedParameter($token)))
+			->where($qb->expr()->eq('token', $qb->createNamedParameter($token)))
 			->andWhere($qb->expr()->gt('last_contact', $qb->createNamedParameter(time() - SessionService::SESSION_VALID_TIME)))
 			->executeQuery();
 
@@ -49,7 +47,11 @@ class SessionMapper extends QBMapper {
 		if ($data === false) {
 			throw new DoesNotExistException('Session is invalid');
 		}
-		return Session::fromRow($data);
+		$session = Session::fromRow($data);
+		if ($session->getUserId() != $userId || $session->getBoardId() != $boardId) {
+			throw new DoesNotExistException('Session is invalid');
+		}
+		return $session;
 	}
 
 	public function findAllActive($boardId) {

lib/Migration/Version10900Date202206151724222.php

@@ -58,8 +58,8 @@ class Version10900Date202206151724222 extends SimpleMigrationStep {
 				'unsigned' => true,
 			]);
 			$table->setPrimaryKey(['id']);
+			$table->addIndex(['board_id'], 'rd_session_board_id_idx');
 			$table->addIndex(['token'], 'rd_session_token_idx');
-			$table->addIndex(['last_contact'], 'ts_lastcontact');
 		}
 		return $schema;
 	}