feat(backend): periodically clean up expired rows

packages/auth/migrations/20220504163005_create_access_token_table.js

@@ -3,7 +3,7 @@ exports.up = function (knex) {
     table.uuid('id').notNullable().primary()
     table.string('value').notNullable().unique()
     table.string('managementId').notNullable()
-    table.integer('expiresIn')
+    table.integer('expiresIn').notNullable()
     table.uuid('grantId').notNullable()
     table.foreign('grantId').references('grants.id').onDelete('CASCADE')
 

packages/auth/src/accessToken/model.ts

@@ -22,5 +22,5 @@ export class AccessToken extends BaseModel {
   public value!: string
   public managementId!: string
   public grantId!: string
-  public expiresIn?: number
+  public expiresIn!: number
 }

packages/auth/src/accessToken/service.ts

@@ -73,9 +73,7 @@ export async function createAccessTokenService({
 
 function isTokenExpired(token: AccessToken): boolean {
   const now = new Date(Date.now())
-  const expiresAt = token.expiresIn
-    ? token.createdAt.getTime() + token.expiresIn
-    : Infinity
+  const expiresAt = token.createdAt.getTime() + token.expiresIn
   return expiresAt < now.getTime()
 }
 

packages/auth/src/app.ts

@@ -27,6 +27,24 @@ export interface AppContextData extends DefaultContext {
 
 export type AppContext = Koa.ParameterizedContext<DefaultState, AppContextData>
 
+export interface DatabaseCleanupRule {
+  /**
+   * the name of the column containing the starting time from which the age will be computed
+   * ex: `createdAt` or `updatedAt`
+   */
+  absoluteStartTimeColumnName: string
+  /**
+   * the name of the column containing the time offset, in seconds, since
+   * `absoluteStartTimeColumnName`, which specifies when the row expires
+   */
+  expirationOffsetColumnName: string
+  /**
+   * the minimum number of days since expiration before rows of
+   * this table will be considered safe to delete during clean up
+   */
+  defaultExpirationOffsetDays: number
+}
+
 type ContextType<T> = T extends (
   ctx: infer Context
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
@@ -54,6 +72,9 @@ export class App {
   private closeEmitter!: EventEmitter
   private logger!: Logger
   private config!: IAppConfig
+  private databaseCleanupRules!: {
+    [tableName: string]: DatabaseCleanupRule | undefined
+  }
   public isShuttingDown = false
 
   public constructor(private container: IocContract<AppServices>) {}
@@ -73,6 +94,14 @@ export class App {
     this.koa.context.logger = await this.container.use('logger')
     this.koa.context.closeEmitter = await this.container.use('closeEmitter')
     this.publicRouter = new Router<DefaultState, AppContext>()
+    this.databaseCleanupRules = {
+      accessTokens: {
+        absoluteStartTimeColumnName: 'createdAt',
+        expirationOffsetColumnName: 'expiresIn',
+        defaultExpirationOffsetDays: this.config
+          .accessTokenDeletionDays
+      }
+    }
 
     this.koa.keys = [this.config.cookieKey]
     this.koa.use(
@@ -107,6 +136,12 @@ export class App {
     )
 
     await this._setupRoutes()
+
+    if (this.config.env !== 'test') {
+      for (let i = 0; i < this.config.databaseCleanupWorkers; i++) {
+        process.nextTick(() => this.processDatabaseCleanup())
+      }
+    }
   }
 
   public listen(port: number | string): void {
@@ -233,4 +268,36 @@ export class App {
 
     this.koa.use(this.publicRouter.middleware())
   }
+
+  private async processDatabaseCleanup(): Promise<void> {
+    const knex = await this.container.use('knex')
+
+    const tableNames = Object.keys(this.databaseCleanupRules)
+    for (const tableName of tableNames) {
+      const rule = this.databaseCleanupRules[tableName]
+      if (rule) {
+        try {
+          /**
+           * NOTE: do not remove seemingly pointless interpolations such as '${'??'}'
+           * because they are necessary for preventing SQL injection attacks
+           */
+          await knex(tableName)
+            .whereRaw(
+              `?? + make_interval(0, 0, 0, 0, 0, 0, ??) + interval '${'??'}' < NOW()`,
+              [
+                rule.absoluteStartTimeColumnName,
+                rule.expirationOffsetColumnName,
+                `${rule.defaultExpirationOffsetDays} days`
+              ]
+            )
+            .del()
+        } catch (err) {
+          this.logger.warn(
+            { error: err.message, tableName },
+            'processDatabaseCleanup error'
+          )
+        }
+      }
+    }
+  }
 }

packages/auth/src/config/app.ts

@@ -43,5 +43,7 @@ export const Config = {
   authServerDomain: envString('AUTH_SERVER_DOMAIN', 'http://localhost:3006'), // TODO: replace this with whatever frontend port ends up being
   waitTimeSeconds: envInt('WAIT_SECONDS', 5),
   cookieKey: envString('COOKIE_KEY', crypto.randomBytes(32).toString('hex')),
-  accessTokenExpirySeconds: envInt('ACCESS_TOKEN_EXPIRY_SECONDS', 10 * 60) // Default 10 minutes
+  accessTokenExpirySeconds: envInt('ACCESS_TOKEN_EXPIRY_SECONDS', 10 * 60), // Default 10 minutes
+  databaseCleanupWorkers: envInt('DATABASE_CLEANUP_WORKERS', 1),
+  accessTokenDeletionDays: 30
 }