summary refs log tree commit diff
path: root/synapse/storage/schema
diff options
context:
space:
mode:
authorreivilibre <oliverw@matrix.org>2021-11-26 14:27:14 +0000
committerGitHub <noreply@github.com>2021-11-26 14:27:14 +0000
commit1d8b80b3346b31a297668e093fb813d9ce7a1b48 (patch)
tree651c1adff845a6302f78fe6d02492927cfac418e /synapse/storage/schema
parentCreate healthcheck script for synapse-workers container (#11429) (diff)
downloadsynapse-1d8b80b3346b31a297668e093fb813d9ce7a1b48.tar.xz
Support expiry of refresh tokens and expiry of the overall session when refresh tokens are in use. (#11425)
Diffstat (limited to 'synapse/storage/schema')
-rw-r--r--synapse/storage/schema/main/delta/65/10_expirable_refresh_tokens.sql28
1 files changed, 28 insertions, 0 deletions
diff --git a/synapse/storage/schema/main/delta/65/10_expirable_refresh_tokens.sql b/synapse/storage/schema/main/delta/65/10_expirable_refresh_tokens.sql
new file mode 100644
index 0000000000..bdc491c817
--- /dev/null
+++ b/synapse/storage/schema/main/delta/65/10_expirable_refresh_tokens.sql
@@ -0,0 +1,28 @@
+/* Copyright 2021 The Matrix.org Foundation C.I.C
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+ALTER TABLE refresh_tokens
+  -- We add an expiry_ts column (in milliseconds since the Epoch) to refresh tokens.
+  -- They may not be used after they have expired.
+  -- If null, then the refresh token's lifetime is unlimited.
+  ADD COLUMN expiry_ts BIGINT DEFAULT NULL;
+
+ALTER TABLE refresh_tokens
+  -- We also add an ultimate session expiry time (in milliseconds since the Epoch).
+  -- No matter how much the access and refresh tokens are refreshed, they cannot
+  -- be extended past this time.
+  -- If null, then the session length is unlimited.
+  ADD COLUMN ultimate_session_expiry_ts BIGINT DEFAULT NULL;