Merge pull request #184 from refactor-group/179-renew-sessions-for-active-users

calebbourg · web-flow · commit 494259171d83 · 2025-08-15T12:17:03.000-04:00
Update the Session on Reads
diff --git a/.github/workflows/deploy_to_do.yml b/.github/workflows/deploy_to_do.yml
@@ -99,6 +99,8 @@ jobs:
           BACKEND_SERVICE_API_PATH=${{ vars.BACKEND_SERVICE_API_PATH }}
           # API version to use between frontend and backend
           BACKEND_API_VERSION=${{ vars.BACKEND_API_VERSION }}
+          # Session expiry duration in seconds (default: 24 hours = 86400 seconds)
+          BACKEND_SESSION_EXPIRY_SECONDS=${{ vars.BACKEND_SESSION_EXPIRY_SECONDS }}
           # Deployment environment used (development, staging, production)
           RUST_ENV=${{ vars.RUST_ENV }}
 
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -78,6 +78,7 @@ services:
       BACKEND_API_VERSION: ${BACKEND_API_VERSION}
       BACKEND_ALLOWED_ORIGINS: ${BACKEND_ALLOWED_ORIGINS}
       BACKEND_LOG_FILTER_LEVEL: ${BACKEND_LOG_FILTER_LEVEL}
+      BACKEND_SESSION_EXPIRY_SECONDS: ${BACKEND_SESSION_EXPIRY_SECONDS}
       TIPTAP_APP_ID: ${TIPTAP_APP_ID}
       TIPTAP_URL: ${TIPTAP_URL}
       TIPTAP_AUTH_KEY: ${TIPTAP_AUTH_KEY}
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -87,6 +87,7 @@ main() {
             local interface="${BACKEND_INTERFACE:-0.0.0.0}"
             local port="${BACKEND_PORT:-4000}"
             local origins="${BACKEND_ALLOWED_ORIGINS:-*}"
+            local session_expiry="${BACKEND_SESSION_EXPIRY_SECONDS:-86400}"
             
             log_info "Starting Refactor Platform API server..."
             log_debug "Log level: $log_level, Interface: $interface, Port: $port"
@@ -97,6 +98,7 @@ main() {
                 -i "$interface" \
                 -p "$port" \
                 --allowed-origins="$origins" \
+                --backend-session-expiry-seconds="$session_expiry" \
                 "$@"
             ;;
             
diff --git a/service/src/config.rs b/service/src/config.rs
@@ -142,6 +142,10 @@ pub struct Config {
         .map(|s| s.parse::<RustEnv>().unwrap()),
     )]
     pub runtime_env: RustEnv,
+
+    /// Session expiry duration in seconds (default: 24 hours = 86400 seconds)
+    #[arg(long, env, default_value_t = 86400)]
+    pub backend_session_expiry_seconds: u64,
 }
 
 impl Default for Config {
diff --git a/web/src/extractors/authenticated_user.rs b/web/src/extractors/authenticated_user.rs
@@ -6,9 +6,6 @@ use axum::{
 };
 use axum_login::AuthSession;
 use domain::users;
-use log::*;
-use tower_sessions::Session;
-
 pub(crate) struct AuthenticatedUser(pub users::Model);
 
 #[async_trait]
@@ -26,16 +23,6 @@ where
             .await
             .map_err(|(status, msg)| (status, msg.to_string()))?;
 
-        // Touch the session to update activity timestamp for session renewal
-        if let Ok(tower_session) = Session::from_request_parts(parts, state).await {
-            if let Err(e) = tower_session.save().await {
-                warn!("Failed to touch session for activity renewal: {e:?}");
-                // Continue with authentication - session touch failure shouldn't block authentication
-            } else {
-                trace!("Session touched successfully for activity renewal");
-            }
-        }
-
         match session.user {
             Some(user) => Ok(AuthenticatedUser(user)),
             None => Err((StatusCode::UNAUTHORIZED, "Unauthorized".to_string())),
diff --git a/web/src/lib.rs b/web/src/lib.rs
@@ -51,7 +51,12 @@ pub async fn init_server(app_state: AppState) -> Result<()> {
         // Get non-secure cookies for local testing, while production automatically gets secure cookies
         .with_secure(app_state.config.is_production())
         .with_same_site(tower_sessions::cookie::SameSite::Lax) // Assists in CSRF protection
-        .with_expiry(Expiry::OnInactivity(Duration::days(1)));
+        .with_expiry(Expiry::OnInactivity(Duration::seconds(
+            app_state.config.backend_session_expiry_seconds as i64,
+        )))
+        // Save session on every request to reset the inactivity timer
+        // This ensures active users stay logged in
+        .with_always_save(true);
 
     // Auth service
     let backend = Backend::new(&app_state.database_connection);
diff --git a/web/src/router.rs b/web/src/router.rs
@@ -493,7 +493,8 @@ mod organization_endpoints_tests {
 
             let session_layer = SessionManagerLayer::new(session_store)
                 .with_secure(false)
-                .with_expiry(Expiry::OnInactivity(Duration::days(1)));
+                .with_expiry(Expiry::OnInactivity(Duration::days(1)))
+                .with_always_save(true);
 
             // Auth service
             let backend = Backend::new(db);
