keep oauth tokens around a bit after expiry

firefox wants to delete profile access tokens after they're expired and
logs errors if it can't do that. since this happens every hour we can
end up with a bunch of error logs very quickly, so we better let it do
what it wants.

2 files changed, 15 insertions, 0 deletions

diff --git a/migrations/20220713142453_token_deletion_grace_period.down.sql b/migrations/20220713142453_token_deletion_grace_period.down.sql
new file mode 100644
index 0000000..afbac32
--- /dev/null
+++ b/migrations/20220713142453_token_deletion_grace_period.down.sql
@@ -0,0 +1,2 @@
+drop procedure prune_expired_tokens;
+alter procedure prune_expired_tokens_1() rename to prune_expired_tokens;
diff --git a/migrations/20220713142453_token_deletion_grace_period.up.sql b/migrations/20220713142453_token_deletion_grace_period.up.sql
new file mode 100644
index 0000000..6228602
--- /dev/null
+++ b/migrations/20220713142453_token_deletion_grace_period.up.sql
@@ -0,0 +1,13 @@
+alter procedure prune_expired_tokens() rename to prune_expired_tokens_1;
+
+create procedure prune_expired_tokens()
+language sql
+begin atomic
+       delete from key_fetch where expires_at <= now();
+       -- give oauth tokens a grace period, otherwise firefox will log an error
+       -- once per hour trying to destroy a token that has already been timed out.
+       delete from oauth_token where expires_at + '1 day'::interval <= now();
+       delete from oauth_authorization where expires_at <= now();
+       delete from device_commands where expires <= now();
+       delete from invite_codes where expires_at <= now();
+end;