From b16742b0e782bc795fa748d46c3eb6438fb19adc Mon Sep 17 00:00:00 2001
From: Owen Jacobson <owen@grimoire.ca>
Date: Wed, 11 Sep 2024 21:52:57 -0400
Subject: Expire tokens based on when they were last used, not based on when
 they were issued.

This lets us shorten the expiry interval - by quite a bit. Tokens in regular use will now live indefinitely, while tokens that go unused for _one week_ will be invalidated and deleted. This will reduce the number of "dead" tokens (still valid, but _de facto_ no longer in use) stored in the table, and limit the exposure period if a token is leaked and then not used immediately.

It's also much less likely to produce surprise logouts three months after installation. You'll either stay logged in, or have to log in again much, much sooner, making it feel a lot more regular and less surprising.
---
 ...30f5b66862611e6db9fd855fe12046a5c0576ca53d62.json | 12 ------------
 ...21da5b6914e66b5ceeec04ffc2f5bf7d170b7dd3a1e9.json | 20 --------------------
 ...9272b013b1ac76a28471e63d0492132b9c12c63a1f9c.json | 12 ++++++++++++
 ...83b68a8abceb822eb5db2e7dd8e509d4f79c106f8561.json | 20 ++++++++++++++++++++
 ...914ca95d73b98061793f07e8ed62dd01ced5b56f0757.json | 12 ++++++++++++
 5 files changed, 44 insertions(+), 32 deletions(-)
 delete mode 100644 .sqlx/query-011ebe4604fb41aeec4330f5b66862611e6db9fd855fe12046a5c0576ca53d62.json
 delete mode 100644 .sqlx/query-73f26168299574e17f0a21da5b6914e66b5ceeec04ffc2f5bf7d170b7dd3a1e9.json
 create mode 100644 .sqlx/query-873b8b58360d717ea2099272b013b1ac76a28471e63d0492132b9c12c63a1f9c.json
 create mode 100644 .sqlx/query-df84b2afcb1493b3643a83b68a8abceb822eb5db2e7dd8e509d4f79c106f8561.json
 create mode 100644 .sqlx/query-fb41b6c3faaf20424f1b914ca95d73b98061793f07e8ed62dd01ced5b56f0757.json

(limited to '.sqlx')

diff --git a/.sqlx/query-011ebe4604fb41aeec4330f5b66862611e6db9fd855fe12046a5c0576ca53d62.json b/.sqlx/query-011ebe4604fb41aeec4330f5b66862611e6db9fd855fe12046a5c0576ca53d62.json
deleted file mode 100644
index 51462ff..0000000
--- a/.sqlx/query-011ebe4604fb41aeec4330f5b66862611e6db9fd855fe12046a5c0576ca53d62.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-  "db_name": "SQLite",
-  "query": "\n                delete\n                from token\n                where issued_at < $1\n            ",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Right": 1
-    },
-    "nullable": []
-  },
-  "hash": "011ebe4604fb41aeec4330f5b66862611e6db9fd855fe12046a5c0576ca53d62"
-}
diff --git a/.sqlx/query-73f26168299574e17f0a21da5b6914e66b5ceeec04ffc2f5bf7d170b7dd3a1e9.json b/.sqlx/query-73f26168299574e17f0a21da5b6914e66b5ceeec04ffc2f5bf7d170b7dd3a1e9.json
deleted file mode 100644
index eb1bae1..0000000
--- a/.sqlx/query-73f26168299574e17f0a21da5b6914e66b5ceeec04ffc2f5bf7d170b7dd3a1e9.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "db_name": "SQLite",
-  "query": "\n                insert\n                into token (secret, login, issued_at)\n                values ($1, $2, $3)\n                returning secret as \"secret!\"\n            ",
-  "describe": {
-    "columns": [
-      {
-        "name": "secret!",
-        "ordinal": 0,
-        "type_info": "Text"
-      }
-    ],
-    "parameters": {
-      "Right": 3
-    },
-    "nullable": [
-      false
-    ]
-  },
-  "hash": "73f26168299574e17f0a21da5b6914e66b5ceeec04ffc2f5bf7d170b7dd3a1e9"
-}
diff --git a/.sqlx/query-873b8b58360d717ea2099272b013b1ac76a28471e63d0492132b9c12c63a1f9c.json b/.sqlx/query-873b8b58360d717ea2099272b013b1ac76a28471e63d0492132b9c12c63a1f9c.json
new file mode 100644
index 0000000..edd3825
--- /dev/null
+++ b/.sqlx/query-873b8b58360d717ea2099272b013b1ac76a28471e63d0492132b9c12c63a1f9c.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "\n                update token\n                set last_used_at = $1\n                where secret = $2\n            ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "873b8b58360d717ea2099272b013b1ac76a28471e63d0492132b9c12c63a1f9c"
+}
diff --git a/.sqlx/query-df84b2afcb1493b3643a83b68a8abceb822eb5db2e7dd8e509d4f79c106f8561.json b/.sqlx/query-df84b2afcb1493b3643a83b68a8abceb822eb5db2e7dd8e509d4f79c106f8561.json
new file mode 100644
index 0000000..c788557
--- /dev/null
+++ b/.sqlx/query-df84b2afcb1493b3643a83b68a8abceb822eb5db2e7dd8e509d4f79c106f8561.json
@@ -0,0 +1,20 @@
+{
+  "db_name": "SQLite",
+  "query": "\n                insert\n                into token (secret, login, issued_at, last_used_at)\n                values ($1, $2, $3, $3)\n                returning secret as \"secret!\"\n            ",
+  "describe": {
+    "columns": [
+      {
+        "name": "secret!",
+        "ordinal": 0,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "df84b2afcb1493b3643a83b68a8abceb822eb5db2e7dd8e509d4f79c106f8561"
+}
diff --git a/.sqlx/query-fb41b6c3faaf20424f1b914ca95d73b98061793f07e8ed62dd01ced5b56f0757.json b/.sqlx/query-fb41b6c3faaf20424f1b914ca95d73b98061793f07e8ed62dd01ced5b56f0757.json
new file mode 100644
index 0000000..b91b18b
--- /dev/null
+++ b/.sqlx/query-fb41b6c3faaf20424f1b914ca95d73b98061793f07e8ed62dd01ced5b56f0757.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "\n                delete\n                from token\n                where last_used_at < $1\n            ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": []
+  },
+  "hash": "fb41b6c3faaf20424f1b914ca95d73b98061793f07e8ed62dd01ced5b56f0757"
+}
-- 
cgit v1.2.3