Add automatic cleanup of authentications.

Author: v0ctor

internal/config/main.go

@@ -30,6 +30,7 @@ type Config struct {
 	AwsKeyId     string `env:"AWS_KEY_ID"`
 	AwsKeySecret string `env:"AWS_KEY_SECRET"`
 
+	AuthenticationMaxAge                     time.Duration `env:"AUTHENTICATION_MAX_AGE" envDefault:"336h"`          // 14 days
 	AuthenticationPasswordChallengeRateLimit int           `env:"AUTHENTICATION_PASSWORD_RATE_LIMIT" envDefault:"5"` // per (person ID/email) and hour
 	AuthenticationCaptchaChallengeRateLimit  int           `env:"AUTHENTICATION_CAPTCHA_RATE_LIMIT" envDefault:"5"`  // per person ID and hour
 	AuthorizationMaxAge                      time.Duration `env:"AUTHORIZATION_MAX_AGE" envDefault:"24h"`

internal/jobs/authentications.go

@@ -0,0 +1,51 @@
+package jobs
+
+import (
+	"context"
+	"time"
+
+	"github.com/avptp/brain/internal/generated/container"
+	"github.com/avptp/brain/internal/generated/data/authentication"
+	"github.com/avptp/brain/internal/generated/data/privacy"
+	"github.com/madflojo/tasks"
+)
+
+func cleanExpiredAuthentications(ctx context.Context, ctn *container.Container) *tasks.Task {
+	return &tasks.Task{
+		Interval: time.Hour,
+		TaskFunc: func() error {
+			cfg := ctn.GetConfig()
+			log := ctn.GetLogger()
+			data := ctn.GetData()
+
+			allowCtx := privacy.DecisionContext(ctx, privacy.Allow)
+
+			vertices, err := data.Authentication.
+				Delete().
+				Where(
+					authentication.LastUsedAtLT(
+						time.Now().Add(-cfg.AuthenticationMaxAge),
+					),
+				).
+				Exec(allowCtx)
+
+			if err != nil {
+				return err
+			}
+
+			log.Info(
+				"task completed: clean expired authentications",
+				"vertices", vertices,
+			)
+
+			return nil
+		},
+		ErrFunc: func(e error) {
+			log := ctn.GetLogger()
+
+			log.Error(
+				e.Error(),
+			)
+		},
+	}
+}

internal/jobs/main.go

@@ -10,5 +10,6 @@ import (
 type Job func(ctx context.Context, ctn *container.Container) *tasks.Task
 
 var All = []Job{
+	cleanExpiredAuthentications,
 	cleanExpiredAuthorizations,
 }