feat: extendSessionOnUse to automatically renew Parse Sessions

spec/Auth.spec.js

@@ -94,6 +94,35 @@ describe('Auth', () => {
  });
  });
 
+ it('can use extendSessionOnUse', async () => {
+ await reconfigureServer({
+ extendSessionOnUse: true,
+ });
+
+ const user = new Parse.User();
+ await user.signUp({
+ username: 'hello',
+ password: 'password',
+ });
+ const session = await new Parse.Query(Parse.Session).first();
+ const updatedAt = new Date('2010');
+ const expiry = new Date();
+ expiry.setHours(expiry.getHours() + 1);
+
+ await Parse.Server.database.update(
+ '_Session',
+ { objectId: session.id },
+ {
+ expiresAt: { __type: 'Date', iso: expiry.toISOString() },
+ updatedAt: updatedAt.toISOString(),
+ }
+ );
+ await session.fetch();
+ await new Promise(resolve => setTimeout(resolve, 1000));
+ await session.fetch();
+ expect(session.get('expiresAt') > expiry).toBeTrue();
+ });
+
  it('should load auth without a config', async () => {
  const user = new Parse.User();
  await user.signUp({

spec/index.spec.js

@@ -367,6 +367,22 @@ describe('server', () => {
  });
  });
 
+ it('should throw when extendSessionOnUse is invalid', async () => {
+ await expectAsync(
+ reconfigureServer({
+ extendSessionOnUse: 'yolo',
+ })
+ ).toBeRejectedWith('extendSessionOnUse must be a boolean value');
+ });
+
+ it('should throw when revokeSessionOnPasswordReset is invalid', async () => {
+ await expectAsync(
+ reconfigureServer({
+ revokeSessionOnPasswordReset: 'yolo',
+ })
+ ).toBeRejectedWith('revokeSessionOnPasswordReset must be a boolean value');
+ });
+
  it('fails if the session length is not a number', done => {
  reconfigureServer({ sessionLength: 'test' })
  .then(done.fail)

src/Auth.js

@@ -3,6 +3,8 @@ import { isDeepStrictEqual } from 'util';
 import { getRequestObject, resolveError } from './triggers';
 import Deprecator from './Deprecator/Deprecator';
 import { logger } from './logger';
+import RestQuery from './RestQuery';
+import RestWrite from './RestWrite';
 
 // An Auth object tells you who is requesting something and whether
 // the master key was used.
@@ -66,6 +68,47 @@ function nobody(config) {
  return new Auth({ config, isMaster: false });
 }
 
+const throttle = {};
+const renewSessionIfNeeded = async ({ config, session, sessionToken }) => {
+ if (!config?.extendSessionOnUse) {
+ return;
+ }
+ clearTimeout(throttle[sessionToken]);
+ throttle[sessionToken] = setTimeout(async () => {
+ try {
+ if (!session) {
+ const { results } = await new RestQuery(
+ config,
+ master(config),
+ '_Session',
+ { sessionToken },
+ { limit: 1 }
+ ).execute();
+ console.log({ results });
+ session = results[0];
+ }
+ const lastUpdated = new Date(session?.updatedAt);
+ const yesterday = new Date();
+ yesterday.setDate(yesterday.getDate() - 1);
+ if (lastUpdated > yesterday || !session) {
+ return;
+ }
+ const expiresAt = config.generateSessionExpiresAt();
+ await new RestWrite(
+ config,
+ master(config),
+ '_Session',
+ { objectId: session.objectId },
+ { expiresAt: Parse._encode(expiresAt) }
+ ).execute();
+ } catch (e) {
+ if (e?.code !== Parse.Error.OBJECT_NOT_FOUND) {
+ logger.error('Could not update session expiry: ', e);
+ }
+ }
+ }, 500);
+};
+
 // Returns a promise that resolves to an Auth object
 const getAuthForSessionToken = async function ({
  config,
@@ -78,6 +121,7 @@ const getAuthForSessionToken = async function ({
  const userJSON = await cacheController.user.get(sessionToken);
  if (userJSON) {
  const cachedUser = Parse.Object.fromJSON(userJSON);
+ renewSessionIfNeeded({ config, sessionToken });
  return Promise.resolve(
  new Auth({
  config,
@@ -112,18 +156,20 @@ const getAuthForSessionToken = async function ({
  if (results.length !== 1 || !results[0]['user']) {
  throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN, 'Invalid session token');
  }
+ const session = results[0];
  const now = new Date(),
- expiresAt = results[0].expiresAt ? new Date(results[0].expiresAt.iso) : undefined;
+ expiresAt = session.expiresAt ? new Date(session.expiresAt.iso) : undefined;
  if (expiresAt < now) {
  throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN, 'Session token is expired.');
  }
- const obj = results[0]['user'];
+ const obj = session.user;
  delete obj.password;
  obj['className'] = '_User';
  obj['sessionToken'] = sessionToken;
  if (cacheController) {
  cacheController.user.put(sessionToken, obj);
  }
+ renewSessionIfNeeded({ config, session, sessionToken });
  const userObject = Parse.Object.fromJSON(obj);
  return new Auth({
  config,

src/Config.js

@@ -86,6 +86,7 @@ export class Config {
  logLevels,
  rateLimit,
  databaseOptions,
+ extendSessionOnUse,
  }) {
  if (masterKey === readOnlyMasterKey) {
  throw new Error('masterKey and readOnlyMasterKey should be different');
@@ -103,6 +104,10 @@ export class Config {
  throw 'revokeSessionOnPasswordReset must be a boolean value';
  }
 
+ if (typeof extendSessionOnUse !== 'boolean') {
+ throw 'extendSessionOnUse must be a boolean value';
+ }
+
  if (publicServerURL) {
  if (!publicServerURL.startsWith('http://') && !publicServerURL.startsWith('https://')) {
  throw 'publicServerURL should be a valid HTTPS URL starting with https://';

src/Options/Definitions.js

@@ -227,6 +227,12 @@ module.exports.ParseServerOptions = {
  action: parsers.booleanParser,
  default: true,
  },
+ extendSessionOnUse: {
+ env: 'PARSE_SERVER_EXTEND_SESSION_ON_USE',
+ help: 'Whether Parse Server should automatically extend a valid session by the sessionLength',
+ action: parsers.booleanParser,
+ default: false,
+ },
  fileKey: {
  env: 'PARSE_SERVER_FILE_KEY',
  help: 'Key for your files',

src/Options/index.js

@@ -203,6 +203,9 @@ export interface ParseServerOptions {
  /* Session duration, in seconds, defaults to 1 year
  :DEFAULT: 31536000 */
  sessionLength: ?number;
+ /* Whether Parse Server should automatically extend a valid session by the sessionLength
+ :DEFAULT: false */
+ extendSessionOnUse: ?boolean;
  /* Default value for limit option on queries, defaults to `100`.
  :DEFAULT: 100 */
  defaultLimit: ?number;