feat: add session expiry (#951)

2024-08-09 15:59:00 +02:00
parent 25452ff063
commit 6dafbaae48
7 changed files with 56 additions and 9 deletions
--- a/packages/auth/callbacks.ts
+++ b/packages/auth/callbacks.ts
@@ -7,7 +7,8 @@ import { eq, inArray } from "@homarr/db";
 import { groupMembers, groupPermissions } from "@homarr/db/schema/sqlite";
 import { getPermissionsWithChildren } from "@homarr/definitions";

-import { expireDateAfter, generateSessionToken, sessionMaxAgeInSeconds, sessionTokenCookieName } from "./session";
+import { env } from "./env.mjs";
+import { expireDateAfter, generateSessionToken, sessionTokenCookieName } from "./session";

 export const getCurrentUserPermissionsAsync = async (db: Database, userId: string) => {
  const dbGroupMembers = await db.query.groupMembers.findMany({
@@ -53,18 +54,18 @@ export const createSignInCallback =
    }

    const sessionToken = generateSessionToken();
-    const sessionExpiry = expireDateAfter(sessionMaxAgeInSeconds);
+    const sessionExpires = expireDateAfter(env.AUTH_SESSION_EXPIRY_TIME);

    await adapter.createSession({
      sessionToken,
      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
      userId: user.id!,
-      expires: sessionExpiry,
+      expires: sessionExpires,
    });

    cookies().set(sessionTokenCookieName, sessionToken, {
      path: "/",
-      expires: sessionExpiry,
+      expires: sessionExpires,
      httpOnly: true,
      sameSite: "lax",
      secure: true,