From 87da514b7cb92003b4ba1fb546f7bbc8eb38f50a Mon Sep 17 00:00:00 2001
From: Syfaro <syfaro@huefox.com>
Date: Thu, 29 Feb 2024 13:49:32 -0500
Subject: [PATCH] Reduce session lifetime, remove stale sessions from database.

---
 jobs.yaml                               |  6 +++++
 queries/user_session/remove_expired.sql |  4 +++
 sqlx-data.json                          | 10 ++++++++
 src/jobs.rs                             | 33 +++++++++++++++++++++++-
 src/main.rs                             |  5 +++-
 templates/user/settings.html            | 34 ++++++++++++-------------
 6 files changed, 73 insertions(+), 19 deletions(-)
 create mode 100644 queries/user_session/remove_expired.sql

diff --git a/jobs.yaml b/jobs.yaml
index befcced..2500c49 100644
--- a/jobs.yaml
+++ b/jobs.yaml
@@ -40,3 +40,9 @@ jobs:
     queue: fuzzysearch_owo_core
     custom:
       initiator: schedule
+  - name: remove expired sessions
+    every: "30 * * * *"
+    job_type: remove_expired_sessions
+    queue: fuzzysearch_owo_core
+    custom:
+      initiator: schedule
diff --git a/queries/user_session/remove_expired.sql b/queries/user_session/remove_expired.sql
new file mode 100644
index 0000000..598c99a
--- /dev/null
+++ b/queries/user_session/remove_expired.sql
@@ -0,0 +1,4 @@
+DELETE FROM
+    user_session
+WHERE
+    last_used < current_timestamp - interval '30 days';
diff --git a/sqlx-data.json b/sqlx-data.json
index 1a930e9..1639117 100644
--- a/sqlx-data.json
+++ b/sqlx-data.json
@@ -1632,6 +1632,16 @@
     },
     "query": "SELECT\n    id \"id!\",\n    owner_id \"owner_id!\",\n    perceptual_hash,\n    sha256_hash \"sha256_hash!: Sha256Hash\",\n    last_modified \"last_modified!\",\n    content_url,\n    content_size,\n    thumb_url,\n    event_count \"event_count!\",\n    last_event,\n    accounts \"accounts: sqlx::types::Json<Vec<OwnedMediaItemAccount>>\"\nFROM\n    owned_media_item_accounts\nWHERE\n    id = $1\n    AND owner_id = $2;\n"
   },
+  "5f95ec95ced2426b886d630e012a1b1699b360e226ed2a0d6a2314b3bd2a9472": {
+    "describe": {
+      "columns": [],
+      "nullable": [],
+      "parameters": {
+        "Left": []
+      }
+    },
+    "query": "DELETE FROM\n    user_session\nWHERE\n    last_used < current_timestamp - interval '30 days';\n"
+  },
   "61379e0464f4576a6958754033b3997dc844d8e3932f7f2c0d83fb6d7c45a913": {
     "describe": {
       "columns": [
diff --git a/src/jobs.rs b/src/jobs.rs
index f2786e5..14860ac 100644
--- a/src/jobs.rs
+++ b/src/jobs.rs
@@ -421,7 +421,6 @@ impl Job for ToggleSiteAccounts {
     }
 }
 
-#[derive(Serialize, Deserialize)]
 struct MigrateOwnedMediaAccounts;
 
 impl Job for MigrateOwnedMediaAccounts {
@@ -446,6 +445,30 @@ impl Job for MigrateOwnedMediaAccounts {
     }
 }
 
+struct RemoveExpiredSessions;
+
+impl Job for RemoveExpiredSessions {
+    const NAME: &'static str = "remove_expired_sessions";
+    type Data = ();
+    type Queue = Queue;
+
+    fn queue(&self) -> Self::Queue {
+        Queue::Core
+    }
+
+    fn extra(&self) -> Result<Option<JobExtra>, serde_json::Error> {
+        Ok(None)
+    }
+
+    fn args(self) -> Result<Vec<serde_json::Value>, serde_json::Error> {
+        Ok(vec![])
+    }
+
+    fn deserialize(_args: Vec<serde_json::Value>) -> Result<Self::Data, serde_json::Error> {
+        Ok(())
+    }
+}
+
 #[derive(Debug, Clone, Deserialize, Serialize)]
 #[serde(rename_all = "snake_case")]
 pub enum JobInitiator {
@@ -1121,6 +1144,14 @@ pub async fn start_job_processing(ctx: JobContext) -> Result<(), Error> {
         Ok(())
     });
 
+    RemoveExpiredSessions::register(&mut forge, |cx, _job, _args| async move {
+        sqlx::query_file!("queries/user_session/remove_expired.sql")
+            .execute(&cx.conn)
+            .await?;
+
+        Ok(())
+    });
+
     let mut client = forge.finalize();
 
     client.labels(labels);
diff --git a/src/main.rs b/src/main.rs
index 33f35c9..9cdbf7f 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -729,7 +729,10 @@ async fn main() {
                     .cookie_http_only(true)
                     .session_lifecycle(SessionLifecycle::PersistentSession(
                         PersistentSession::default()
-                            .session_ttl(actix_web::cookie::time::Duration::days(365)),
+                            .session_ttl(actix_web::cookie::time::Duration::days(30))
+                            .session_ttl_extension_policy(
+                                actix_session::config::TtlExtensionPolicy::OnEveryRequest,
+                            ),
                     ))
                     .build();
 
diff --git a/templates/user/settings.html b/templates/user/settings.html
index be3f403..f3301ff 100644
--- a/templates/user/settings.html
+++ b/templates/user/settings.html
@@ -175,23 +175,6 @@ <h2 class="subtitle is-4">Security</h2>
               completing the forgot password process.
             </p>
 
-            <div class="field mt-5">
-              <h3 class="subtitle is-5">
-                <span class="icon-text">
-                  <span class="icon">
-                    <i class="bi bi-person-fill-lock"></i>
-                  </span>
-                  <span>Sessions</span>
-                </span>
-              </h3>
-
-              <div class="control">
-                <a class="button is-link is-outlined" href="/auth/sessions">
-                  Active Sessions
-                </a>
-              </div>
-            </div>
-
             {% if passkeys_enabled %}
             <div class="field mt-5">
               <h3 class="subtitle is-5 mt-3">
@@ -257,6 +240,23 @@ <h3 class="subtitle is-5 mt-3">
               {% endif %}
             </div>
             {% endif %}
+
+            <div class="field mt-5">
+              <h3 class="subtitle is-5">
+                <span class="icon-text">
+                  <span class="icon">
+                    <i class="bi bi-person-fill-lock"></i>
+                  </span>
+                  <span>Sessions</span>
+                </span>
+              </h3>
+
+              <div class="control">
+                <a class="button is-link is-outlined" href="/auth/sessions">
+                  Active Sessions
+                </a>
+              </div>
+            </div>
           </div>
 
           <div class="block mt-6">