feat(session): ✨ Added expirationThreshold setting

itpropro · Jan 17, 2024 · 9933b8e · 9933b8e
1 parent 171b63c
commit 9933b8e
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 5 deletions.
diff --git a/playground/nuxt.config.ts b/playground/nuxt.config.ts
@@ -63,6 +63,7 @@ export default defineNuxtConfig({
     session: {
       expirationCheck: true,
       automaticRefresh: true,
+      expirationThreshold: 3600,
     },
     middleware: {
       globalMiddlewareEnabled: true,

diff --git a/src/runtime/server/utils/session.ts b/src/runtime/server/utils/session.ts
@@ -120,9 +120,9 @@ export async function requireUserSession(event: H3Event) {
       })
     }
 
-    const expired = persistentSession?.exp <= Math.trunc(Date.now() / 1000) // TODO: Add expiration threshold
+    const expired = persistentSession?.exp <= (Math.trunc(Date.now() / 1000) + (sessionConfig.expirationThreshold && typeof sessionConfig.expirationThreshold === 'number' ? sessionConfig.expirationThreshold : 0))
     if (expired) {
-      logger.warn('Session expired')
+      logger.info('Session expired')
       // Automatic token refresh
       if (sessionConfig.automaticRefresh) {
         await refreshUserSession(event)

diff --git a/src/runtime/types/session.ts b/src/runtime/types/session.ts
@@ -31,8 +31,13 @@ export interface AuthSessionConfig {
    */
   expirationCheck?: boolean
   /**
-   * Maximum auth session duration in seconds
-   * @default 60 * 60 * 24 (3600 = 1 day)
+   * Amount of seconds before access token expiration to trigger automatic refresh
+   * @default 0
+   */
+  expirationThreshold?: number
+  /**
+   * Maximum auth session duration in seconds. Will be refreshed if session is refreshed
+   * @default 60 * 60 * 24 (86,400 = 1 day)
    */
   maxAge?: number
   /**
@@ -45,7 +50,7 @@ export interface AuthSessionConfig {
      */
     sameSite?: true | false | 'lax' | 'strict' | 'none' | undefined
     /**
-     * Cookie secure attribute - Consider setting to true for production, would enforce https only cookies
+     * Cookie secure attribute - Consider setting to true for production, enforces https only cookies
      * @default process.env.NODE_ENV === 'production'
      */
     secure?: boolean | undefined