fix: add auth session lifetime

packages/auth/server/config.ts

@@ -1,6 +1,11 @@
 import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
 import { env } from '@documenso/lib/utils/env';
 
+/**
+ * How long a session should live for in milliseconds.
+ */
+export const AUTH_SESSION_LIFETIME = 1000 * 60 * 60 * 24 * 30; // 30 days.
+
 export type OAuthClientOptions = {
   id: string;
   scope: string[];

packages/auth/server/lib/session/session-cookies.ts

@@ -9,6 +9,7 @@ import {
 import { appLog } from '@documenso/lib/utils/debugger';
 import { env } from '@documenso/lib/utils/env';
 
+import { AUTH_SESSION_LIFETIME } from '../../config';
 import { generateSessionToken } from './session';
 
 export const sessionCookieName = formatSecureCookieName('sessionId');
@@ -33,7 +34,7 @@ export const sessionCookieOptions = {
   sameSite: useSecureCookies ? 'none' : 'lax', // Todo: (RR7) This feels wrong?
   secure: useSecureCookies,
   domain: getCookieDomain(),
-  // Todo: (RR7) Max age for specific auth cookies.
+  expires: new Date(Date.now() + AUTH_SESSION_LIFETIME),
 } as const;
 
 export const extractSessionCookieFromHeaders = (headers: Headers): string | null => {

packages/auth/server/lib/session/session.ts

@@ -5,6 +5,8 @@ import { type Session, type User, UserSecurityAuditLogType } from '@prisma/clien
 import type { RequestMetadata } from '@documenso/lib/universal/extract-request-metadata';
 import { prisma } from '@documenso/prisma';
 
+import { AUTH_SESSION_LIFETIME } from '../../config';
+
 /**
  * The user object to pass around the app.
  *
@@ -54,7 +56,7 @@ export const createSession = async (
     userId,
     updatedAt: new Date(),
     createdAt: new Date(),
-    expiresAt: new Date(Date.now() + 1000 * 60 * 60 * 24 * 30),
+    expiresAt: new Date(Date.now() + AUTH_SESSION_LIFETIME),
     ipAddress: metadata.ipAddress ?? null,
     userAgent: metadata.userAgent ?? null,
   };

packages/lib/server-only/document/get-recipient-or-sender-by-share-link-slug.ts

@@ -34,7 +34,9 @@ export const getRecipientOrSenderByShareLinkSlug = async ({
       documentId,
       email,
     },
-    include: {
+    select: {
+      email: true,
+      name: true,
       signatures: true,
     },
   });

packages/trpc/utils/trpc-error-handler.ts

@@ -1,7 +1,6 @@
 import type { ErrorHandlerOptions } from '@trpc/server/unstable-core-do-not-import';
 
 import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
-import { env } from '@documenso/lib/utils/env';
 import { buildLogger } from '@documenso/lib/utils/logger';
 
 const logger = buildLogger();
@@ -11,11 +10,6 @@ export const handleTrpcRouterError = (
   { error, path }: Pick<ErrorHandlerOptions<undefined>, 'error' | 'path'>,
   source: 'trpc' | 'apiV1' | 'apiV2',
 ) => {
-  // Always log the error on production for now.
-  if (env('NODE_ENV') !== 'development') {
-    console.error(error);
-  }
-
   const appError = AppError.parseError(error.cause || error);
 
   const isAppError = error.cause instanceof AppError;
@@ -30,6 +24,8 @@ export const handleTrpcRouterError = (
   const isLoggableTrpcError = !isAppError && errorCodesToAlertOn.includes(error.code);
 
   if (isLoggableAppError || isLoggableTrpcError) {
+    console.error(error);
+
     logger.error(error, {
       method: path,
       context: {