Merge branch 'feat/session-expiration-cleanup' into 'main'
feat(session-cleanup): implement session expiration cleanup See merge request unboundsoftware/auth0mock!216
This commit was merged in pull request #221.
This commit is contained in:
@@ -29,6 +29,25 @@ const users = initialUsers(process.env.USERS_FILE || './users.json')
|
||||
const sessions = {}
|
||||
const challenges = {}
|
||||
|
||||
// Session TTL in milliseconds (5 minutes)
|
||||
const SESSION_TTL_MS = 5 * 60 * 1000
|
||||
|
||||
// Periodically clean up old sessions to prevent memory leaks
|
||||
setInterval(() => {
|
||||
const now = Date.now()
|
||||
let cleaned = 0
|
||||
for (const [key, session] of Object.entries(sessions)) {
|
||||
if (session.createdAt && now - session.createdAt > SESSION_TTL_MS) {
|
||||
delete sessions[key]
|
||||
delete challenges[key]
|
||||
cleaned++
|
||||
}
|
||||
}
|
||||
if (cleaned > 0) {
|
||||
debug(`Cleaned up ${cleaned} expired sessions`)
|
||||
}
|
||||
}, 60000) // Run every minute
|
||||
|
||||
const corsOpts = (req, cb) => {
|
||||
cb(null, { origin: req.headers.origin })
|
||||
}
|
||||
@@ -163,7 +182,8 @@ app.post('/code', (req, res) => {
|
||||
nonce: req.body.nonce,
|
||||
clientId: req.body.clientId,
|
||||
codeChallenge: req.body.codeChallenge,
|
||||
customClaims: [claim]
|
||||
customClaims: [claim],
|
||||
createdAt: Date.now()
|
||||
}
|
||||
res.redirect(
|
||||
`${req.body.redirect}?code=${code}&state=${encodeURIComponent(state)}`
|
||||
@@ -185,7 +205,13 @@ app.get('/authorize', (req, res) => {
|
||||
session.nonce = nonce
|
||||
session.state = state
|
||||
session.codeChallenge = codeChallenge
|
||||
session.createdAt = Date.now() // Refresh timestamp
|
||||
sessions[codeChallenge] = session
|
||||
// Clean up old session entry if different key
|
||||
if (code !== codeChallenge) {
|
||||
delete sessions[code]
|
||||
delete challenges[code]
|
||||
}
|
||||
res.redirect(`${redirect}?code=${codeChallenge}&state=${state}`)
|
||||
return
|
||||
}
|
||||
@@ -197,6 +223,7 @@ app.get('/authorize', (req, res) => {
|
||||
session.nonce = nonce
|
||||
session.state = state
|
||||
session.codeChallenge = codeChallenge
|
||||
session.createdAt = Date.now() // Refresh timestamp
|
||||
res.send(`
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
|
||||
Reference in New Issue
Block a user