fix: add auth session lifetime

packages/auth/server/config.ts

@@ -1,6 +1,11 @@
 import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
 import { env } from '@documenso/lib/utils/env';
 
+/**
+ * How long a session should live for in milliseconds.
+ */
+export const AUTH_SESSION_LIFETIME = 1000 * 60 * 60 * 24 * 30; // 30 days.
+
 export type OAuthClientOptions = {
   id: string;
   scope: string[];

packages/auth/server/lib/session/session-cookies.ts

@@ -9,6 +9,7 @@ import {
 import { appLog } from '@documenso/lib/utils/debugger';
 import { env } from '@documenso/lib/utils/env';
 
+import { AUTH_SESSION_LIFETIME } from '../../config';
 import { generateSessionToken } from './session';
 
 export const sessionCookieName = formatSecureCookieName('sessionId');
@@ -33,7 +34,7 @@ export const sessionCookieOptions = {
   sameSite: useSecureCookies ? 'none' : 'lax', // Todo: (RR7) This feels wrong?
   secure: useSecureCookies,
   domain: getCookieDomain(),
-  // Todo: (RR7) Max age for specific auth cookies.
+  expires: new Date(Date.now() + AUTH_SESSION_LIFETIME),
 } as const;
 
 export const extractSessionCookieFromHeaders = (headers: Headers): string | null => {

packages/auth/server/lib/session/session.ts

@@ -5,6 +5,8 @@ import { type Session, type User, UserSecurityAuditLogType } from '@prisma/clien
 import type { RequestMetadata } from '@documenso/lib/universal/extract-request-metadata';
 import { prisma } from '@documenso/prisma';
 
+import { AUTH_SESSION_LIFETIME } from '../../config';
+
 /**
  * The user object to pass around the app.
  *
@@ -54,7 +56,7 @@ export const createSession = async (
     userId,
     updatedAt: new Date(),
     createdAt: new Date(),
-    expiresAt: new Date(Date.now() + 1000 * 60 * 60 * 24 * 30),
+    expiresAt: new Date(Date.now() + AUTH_SESSION_LIFETIME),
     ipAddress: metadata.ipAddress ?? null,
     userAgent: metadata.userAgent ?? null,
   };