summaryrefslogtreecommitdiff
path: root/migrations
diff options
context:
space:
mode:
authorpennae <github@quasiparticle.net>2022-07-13 18:09:19 +0200
committerpennae <github@quasiparticle.net>2022-07-13 18:09:19 +0200
commitd6da876cabe0180acd0ebca173d973c8d3450d99 (patch)
treed0a76d4c9a2e83d918e87258865f11ae2c4b49af /migrations
parentd62d1be05ca16a4836ad66440fda477f4ed6817a (diff)
downloadminor-skulk-d6da876cabe0180acd0ebca173d973c8d3450d99.tar.gz
minor-skulk-d6da876cabe0180acd0ebca173d973c8d3450d99.tar.xz
minor-skulk-d6da876cabe0180acd0ebca173d973c8d3450d99.zip
keep oauth tokens around a bit after expiry
firefox wants to delete profile access tokens after they're expired and logs errors if it can't do that. since this happens every hour we can end up with a bunch of error logs very quickly, so we better let it do what it wants.
Diffstat (limited to 'migrations')
-rw-r--r--migrations/20220713142453_token_deletion_grace_period.down.sql2
-rw-r--r--migrations/20220713142453_token_deletion_grace_period.up.sql13
2 files changed, 15 insertions, 0 deletions
diff --git a/migrations/20220713142453_token_deletion_grace_period.down.sql b/migrations/20220713142453_token_deletion_grace_period.down.sql
new file mode 100644
index 0000000..afbac32
--- /dev/null
+++ b/migrations/20220713142453_token_deletion_grace_period.down.sql
@@ -0,0 +1,2 @@
+drop procedure prune_expired_tokens;
+alter procedure prune_expired_tokens_1() rename to prune_expired_tokens;
diff --git a/migrations/20220713142453_token_deletion_grace_period.up.sql b/migrations/20220713142453_token_deletion_grace_period.up.sql
new file mode 100644
index 0000000..6228602
--- /dev/null
+++ b/migrations/20220713142453_token_deletion_grace_period.up.sql
@@ -0,0 +1,13 @@
+alter procedure prune_expired_tokens() rename to prune_expired_tokens_1;
+
+create procedure prune_expired_tokens()
+language sql
+begin atomic
+ delete from key_fetch where expires_at <= now();
+ -- give oauth tokens a grace period, otherwise firefox will log an error
+ -- once per hour trying to destroy a token that has already been timed out.
+ delete from oauth_token where expires_at + '1 day'::interval <= now();
+ delete from oauth_authorization where expires_at <= now();
+ delete from device_commands where expires <= now();
+ delete from invite_codes where expires_at <= now();
+end;