fix(striker-ui-api): make cookie original max age configable

1 year ago · a7709df2a6
parent 5a1ad20d7f
commit a7709df2a6
2 changed files with 12 additions and 6 deletions
--- a/striker-ui-api/src/lib/consts/ENV.ts
+++ b/striker-ui-api/src/lib/consts/ENV.ts
@ -7,6 +7,14 @@ import { resolveGid, resolveUid } from '../shell';
 */
 export const COOKIE_PREFIX = process.env.COOKIE_PREFIX ?? 'suiapi';

+/**
+ * The max lifespan of a session cookie in milliseconds.
+ *
+ * @default 28800000
+ */
+export const COOKIE_ORIGINAL_MAX_AGE =
+  Number(process.env.COOKIE_ORIGINAL_MAX_AGE) || 28800000;
+
 /**
 * The fallback job progress value when queuing jobs.
 *
--- a/striker-ui-api/src/middlewares/session.ts
+++ b/striker-ui-api/src/middlewares/session.ts
@ -4,15 +4,13 @@ import expressSession, {
  Store as BaseSessionStore,
 } from 'express-session';

-import { DELETED } from '../lib/consts';
+import { COOKIE_ORIGINAL_MAX_AGE, DELETED } from '../lib/consts';

 import { getLocalHostUUID, query, timestamp, write } from '../lib/accessModule';
 import { cname } from '../lib/cname';
 import { getSessionSecret } from '../lib/getSessionSecret';
 import { stderr, stdout, stdoutVar, uuid } from '../lib/shell';

-const DEFAULT_COOKIE_ORIGINAL_MAX_AGE = 28800000; // 8 hours
-
 export class SessionStore extends BaseSessionStore {
  constructor(options = {}) {
    super(options);
@ -85,7 +83,7 @@ export class SessionStore extends BaseSessionStore {
    const data: SessionData = {
      cookie: {
        maxAge: cookieMaxAge,
-        originalMaxAge: DEFAULT_COOKIE_ORIGINAL_MAX_AGE,
+        originalMaxAge: COOKIE_ORIGINAL_MAX_AGE,
      },
      passport: { user: userUuid },
    };
@ -169,7 +167,7 @@ export class SessionStore extends BaseSessionStore {

  public static calculateCookieMaxAge(
    sessionModifiedDate: string,
-    cookieOriginalMaxAge: number = DEFAULT_COOKIE_ORIGINAL_MAX_AGE,
+    cookieOriginalMaxAge: number = COOKIE_ORIGINAL_MAX_AGE,
  ) {
    const sessionModifiedEpoch = Date.parse(sessionModifiedDate);
    const sessionDeadlineEpoch = sessionModifiedEpoch + cookieOriginalMaxAge;
@ -185,7 +183,7 @@ export default (async () =>
  expressSession({
    cookie: {
      httpOnly: true,
-      maxAge: DEFAULT_COOKIE_ORIGINAL_MAX_AGE,
+      maxAge: COOKIE_ORIGINAL_MAX_AGE,
      secure: false,
    },
    genid: ({ originalUrl }) => {