feat(store): add option to 'jobSessionStoreCleanup' to revoke sessions after N days

Author: dirkdev98

packages/store/src/session-store-jobs.js

@@ -6,11 +6,15 @@ import { sessionStoreCleanupExpiredSessions } from "./session-store.js";
  * {@link sessionStoreCleanupExpiredSessions}. By default, removes expired and revoked
  * sessions after 14 days.
  *
+ * If 'maxSessionLifetimeInDays' is provided, even active sessions will be removed if
+ * they are created 'maxSessionLifetimeInDays'-days ago.
+ *
  * Recommended interval: daily
  * Recommended cronExpression: 0 2 * * *
  *
  * @param {{
  *   maxRevokedAgeInDays?: number,
+ *   maxSessionLifetimeInDays?: number,
  * }} [options]
  * @returns {import("./queue-worker.js").QueueWorkerHandler}
  */
@@ -27,6 +31,7 @@ export function jobSessionStoreCleanup(options) {
       newEventFromEvent(event),
       sql,
       options?.maxRevokedAgeInDays ?? 14,
+      options?.maxSessionLifetimeInDays,
     );
 
     eventStop(event);

packages/store/src/session-store.js

@@ -390,12 +390,14 @@ export async function sessionStoreRefreshTokens(
  * @param {import("@compas/stdlib").InsightEvent} event
  * @param {import("postgres").Sql<{}>} sql
  * @param {number} maxRevokedAgeInDays
+ * @param {number} [maxSessionLifetimeInDays]
  * @returns {Promise<void>}
  */
 export async function sessionStoreCleanupExpiredSessions(
   event,
   sql,
   maxRevokedAgeInDays,
+  maxSessionLifetimeInDays,
 ) {
   eventStart(event, "sessionStore.cleanupExpiredSessions");
 
@@ -423,6 +425,15 @@ export async function sessionStoreCleanupExpiredSessions(
     accessTokensNotExists: {},
   });
 
+  if (!isNil(maxSessionLifetimeInDays) && maxSessionLifetimeInDays > 1) {
+    const d = new Date();
+    d.setDate(d.getDate() - maxSessionLifetimeInDays);
+
+    await queries.sessionStoreDelete(sql, {
+      createdAtLowerThan: d,
+    });
+  }
+
   eventStop(event);
 }