analytics/lib/workers/clean_user_sessions.ex
Adrian Gruntkowski 373d4dd665
Implement token-based sessions (#4463)
* Turn `Plausible.Auth.UserSession` into full schema

* Implement token based sessions and use them as default

* Ignore expired user sessions during retrieval from DB

* Implement plug bumping user session last used and timeout timestamps

* Implement Oban worker removing expired user sessions with grace period

* Implement legacy session conversion on touch, when applicable

* Update `UserAuth` moduledoc

* Extend `UserAuth` tests to account for db-backed session tokens

* Update CHANGELOG

* Add tests for `UserSessionTouch` plug

* Add test for `CleanUserSessions` worker

* Add logging of legacy session retrievals

* Use single update permitting stale records  when touching user session

* Don't fetch session and user for external API endpoints (/api/event too)

* Refactor `Users.with_subscription/1` and expose helper query

* Skip fetching session in legacy `SessionTimeoutPlug`

* Rely on user session assign from `AuthContext` in `SentryContext`

* Silence legacy session warnings in `UserSessionTouchTest`

* Rely on session assign from `AuthPlug` in `SuperAdminOnlyPlug`

* Change `UserAuth` to get session, user and last subscription in one go

* Avoid refetching user session in `AuthorizeSiteAccess` plug

* Fix code formatting

* Refactor `UserAuth.get_user_token/1` (h/t @aerosol)

* Remove bogus empty opts from `scope` declarations in router

* Only touch session once an hour and keep `user.last_seen` in sync

* Bring back logging of legacy token use
2024-09-03 11:34:37 +02:00

28 lines
625 B
Elixir

defmodule Plausible.Workers.CleanUserSessions do
@moduledoc """
Job removing expired user sessions. A grace period is applied.
"""
use Plausible.Repo
use Oban.Worker, queue: :clean_user_sessions
@grace_period Duration.new!(day: -7)
@spec grace_period_duration() :: Duration.t()
def grace_period_duration(), do: @grace_period
@impl Oban.Worker
def perform(_job) do
grace_cutoff =
NaiveDateTime.utc_now(:second)
|> NaiveDateTime.shift(@grace_period)
Repo.delete_all(
from us in Plausible.Auth.UserSession,
where: us.timeout_at < ^grace_cutoff
)
:ok
end
end