Improve session handling (#7)

jobs.yaml

@@ -40,3 +40,9 @@ jobs:
     queue: fuzzysearch_owo_core
     custom:
       initiator: schedule
+  - name: remove expired sessions
+    every: "30 * * * *"
+    job_type: remove_expired_sessions
+    queue: fuzzysearch_owo_core
+    custom:
+      initiator: schedule

queries/user_session/remove_expired.sql

@@ -0,0 +1,4 @@
+DELETE FROM
+    user_session
+WHERE
+    last_used < current_timestamp - interval '30 days';

src/jobs.rs

@@ -421,7 +421,6 @@ impl Job for ToggleSiteAccounts {
     }
 }
 
-#[derive(Serialize, Deserialize)]
 struct MigrateOwnedMediaAccounts;
 
 impl Job for MigrateOwnedMediaAccounts {
@@ -446,6 +445,30 @@ impl Job for MigrateOwnedMediaAccounts {
     }
 }
 
+struct RemoveExpiredSessions;
+
+impl Job for RemoveExpiredSessions {
+    const NAME: &'static str = "remove_expired_sessions";
+    type Data = ();
+    type Queue = Queue;
+
+    fn queue(&self) -> Self::Queue {
+        Queue::Core
+    }
+
+    fn extra(&self) -> Result<Option<JobExtra>, serde_json::Error> {
+        Ok(None)
+    }
+
+    fn args(self) -> Result<Vec<serde_json::Value>, serde_json::Error> {
+        Ok(vec![])
+    }
+
+    fn deserialize(_args: Vec<serde_json::Value>) -> Result<Self::Data, serde_json::Error> {
+        Ok(())
+    }
+}
+
 #[derive(Debug, Clone, Deserialize, Serialize)]
 #[serde(rename_all = "snake_case")]
 pub enum JobInitiator {
@@ -1121,6 +1144,14 @@ pub async fn start_job_processing(ctx: JobContext) -> Result<(), Error> {
         Ok(())
     });
 
+    RemoveExpiredSessions::register(&mut forge, |cx, _job, _args| async move {
+        sqlx::query_file!("queries/user_session/remove_expired.sql")
+            .execute(&cx.conn)
+            .await?;
+
+        Ok(())
+    });
+
     let mut client = forge.finalize();
 
     client.labels(labels);

src/main.rs

@@ -729,7 +729,10 @@ async fn main() {
                     .cookie_http_only(true)
                     .session_lifecycle(SessionLifecycle::PersistentSession(
                         PersistentSession::default()
-                            .session_ttl(actix_web::cookie::time::Duration::days(365)),
+                            .session_ttl(actix_web::cookie::time::Duration::days(30))
+                            .session_ttl_extension_policy(
+                                actix_session::config::TtlExtensionPolicy::OnEveryRequest,
+                            ),
                     ))
                     .build();
 

templates/user/settings.html

@@ -175,23 +175,6 @@ <h2 class="subtitle is-4">Security</h2>
               completing the forgot password process.
             </p>
 
-            <div class="field mt-5">
-              <h3 class="subtitle is-5">
-                <span class="icon-text">
-                  <span class="icon">
-                    <i class="bi bi-person-fill-lock"></i>
-                  </span>
-                  <span>Sessions</span>
-                </span>
-              </h3>
-
-              <div class="control">
-                <a class="button is-link is-outlined" href="/auth/sessions">
-                  Active Sessions
-                </a>
-              </div>
-            </div>
-
             {% if passkeys_enabled %}
             <div class="field mt-5">
               <h3 class="subtitle is-5 mt-3">
@@ -257,6 +240,23 @@ <h3 class="subtitle is-5 mt-3">
               {% endif %}
             </div>
             {% endif %}
+
+            <div class="field mt-5">
+              <h3 class="subtitle is-5">
+                <span class="icon-text">
+                  <span class="icon">
+                    <i class="bi bi-person-fill-lock"></i>
+                  </span>
+                  <span>Sessions</span>
+                </span>
+              </h3>
+
+              <div class="control">
+                <a class="button is-link is-outlined" href="/auth/sessions">
+                  Active Sessions
+                </a>
+              </div>
+            </div>
           </div>
 
           <div class="block mt-6">