fix: Parse Server option extendSessionOnUse not working for session lengths < 24 hours (#9113)

2024-05-27 20:03:11 +05:30
parent d8ebdb3632
commit 0a054e6b54
5 changed files with 38 additions and 7 deletions
--- a/spec/Auth.spec.js
+++ b/spec/Auth.spec.js
@@ -260,3 +260,24 @@ describe('Auth', () => {
    });
  });
 });
+
+describe('extendSessionOnUse', () => {
+  it(`shouldUpdateSessionExpiry()`, async () => {
+    const { shouldUpdateSessionExpiry } = require('../lib/Auth');
+    let update = new Date(Date.now() - 86410 * 1000);
+
+    const res = shouldUpdateSessionExpiry(
+      { sessionLength: 86460 },
+      { updatedAt: update }
+    );
+
+    update = new Date(Date.now() - 43210 * 1000);
+    const res2 = shouldUpdateSessionExpiry(
+      { sessionLength: 86460 },
+      { updatedAt: update }
+    );
+
+    expect(res).toBe(true);
+    expect(res2).toBe(false);
+  });
+});
--- a/src/Auth.js
+++ b/src/Auth.js
@@ -67,6 +67,17 @@ function nobody(config) {
  return new Auth({ config, isMaster: false });
 }

+/**
+ * Checks whether session should be updated based on last update time & session length.
+ */
+function shouldUpdateSessionExpiry(config, session) {
+  const resetAfter = config.sessionLength / 2;
+  const lastUpdated = new Date(session?.updatedAt);
+  const skipRange = new Date();
+  skipRange.setTime(skipRange.getTime() - resetAfter * 1000);
+  return lastUpdated <= skipRange;
+}
+
 const throttle = {};
 const renewSessionIfNeeded = async ({ config, session, sessionToken }) => {
  if (!config?.extendSessionOnUse) {
@@ -88,10 +99,7 @@ const renewSessionIfNeeded = async ({ config, session, sessionToken }) => {
        const { results } = await query.execute();
        session = results[0];
      }
-      const lastUpdated = new Date(session?.updatedAt);
-      const yesterday = new Date();
-      yesterday.setDate(yesterday.getDate() - 1);
-      if (lastUpdated > yesterday || !session) {
+      if (!shouldUpdateSessionExpiry(config, session) || !session) {
        return;
      }
      const expiresAt = config.generateSessionExpiresAt();
@@ -579,6 +587,7 @@ module.exports = {
  maintenance,
  nobody,
  readOnly,
+  shouldUpdateSessionExpiry,
  getAuthForSessionToken,
  getAuthForLegacySessionToken,
  findUsersWithAuthData,
--- a/src/Options/Definitions.js
+++ b/src/Options/Definitions.js
@@ -259,7 +259,8 @@ module.exports.ParseServerOptions = {
  },
  extendSessionOnUse: {
    env: 'PARSE_SERVER_EXTEND_SESSION_ON_USE',
-    help: 'Whether Parse Server should automatically extend a valid session by the sessionLength',
+    help:
+      "Whether Parse Server should automatically extend a valid session by the sessionLength. In order to reduce the number of session updates in the database, a session will only be extended when a request is received after at least half of the current session's lifetime has passed.",
    action: parsers.booleanParser,
    default: false,
  },
--- a/src/Options/docs.js
+++ b/src/Options/docs.js
@@ -47,7 +47,7 @@
 * @property {String} encryptionKey Key for encrypting your files
 * @property {Boolean} enforcePrivateUsers Set to true if new users should be created without public read and write access.
 * @property {Boolean} expireInactiveSessions Sets whether we should expire the inactive sessions, defaults to true. If false, all new sessions are created with no expiration date.
- * @property {Boolean} extendSessionOnUse Whether Parse Server should automatically extend a valid session by the sessionLength
+ * @property {Boolean} extendSessionOnUse Whether Parse Server should automatically extend a valid session by the sessionLength. In order to reduce the number of session updates in the database, a session will only be extended when a request is received after at least half of the current session's lifetime has passed.
 * @property {String} fileKey Key for your files
 * @property {Adapter<FilesAdapter>} filesAdapter Adapter module for the files sub-system
 * @property {FileUploadOptions} fileUpload Options for file uploads
--- a/src/Options/index.js
+++ b/src/Options/index.js
@@ -228,7 +228,7 @@ export interface ParseServerOptions {
  /* Session duration, in seconds, defaults to 1 year
  :DEFAULT: 31536000 */
  sessionLength: ?number;
-  /* Whether Parse Server should automatically extend a valid session by the sessionLength
+  /* Whether Parse Server should automatically extend a valid session by the sessionLength. In order to reduce the number of session updates in the database, a session will only be extended when a request is received after at least half of the current session's lifetime has passed.
  :DEFAULT: false */
  extendSessionOnUse: ?boolean;
  /* Default value for limit option on queries, defaults to `100`.