enforce max session length

2026-02-10 20:02:26 +00:00 · 2025-10-24 16:14:21 -07:00
parent 629f17294a
commit 39d6b93d42
12 changed files with 249 additions and 81 deletions
--- a/server/routers/org/checkOrgUserAccess.ts
+++ b/server/routers/org/checkOrgUserAccess.ts
@@ -68,7 +68,6 @@ export async function checkOrgUserAccess(
    next: NextFunction
 ): Promise<any> {
    try {
-        logger.debug("here0 ")
        const parsedParams = paramsSchema.safeParse(req.params);
        if (!parsedParams.success) {
            return next(
@@ -116,7 +115,8 @@ export async function checkOrgUserAccess(

        const policyCheck = await checkOrgAccessPolicy({
            orgId,
-            userId
+            userId,
+            session: req.session
        });

        // if we get here, the user has an org join, we just don't know if they pass the policies
--- a/server/routers/org/updateOrg.ts
+++ b/server/routers/org/updateOrg.ts
@@ -24,7 +24,8 @@ const updateOrgParamsSchema = z
 const updateOrgBodySchema = z
    .object({
        name: z.string().min(1).max(255).optional(),
-        requireTwoFactor: z.boolean().optional()
+        requireTwoFactor: z.boolean().optional(),
+        maxSessionLengthHours: z.number().nullable().optional()
    })
    .strict()
    .refine((data) => Object.keys(data).length > 0, {
@@ -80,6 +81,7 @@ export async function updateOrg(
        const isLicensed = await isLicensedOrSubscribed(orgId);
        if (!isLicensed) {
            parsedBody.data.requireTwoFactor = undefined;
+            parsedBody.data.maxSessionLengthHours = undefined;
        }

        if (
@@ -100,7 +102,8 @@ export async function updateOrg(
            .update(orgs)
            .set({
                name: parsedBody.data.name,
-                requireTwoFactor: parsedBody.data.requireTwoFactor
+                requireTwoFactor: parsedBody.data.requireTwoFactor,
+                maxSessionLengthHours: parsedBody.data.maxSessionLengthHours
            })
            .where(eq(orgs.orgId, orgId))
            .returning();
--- a/server/routers/resource/getExchangeToken.ts
+++ b/server/routers/resource/getExchangeToken.ts
@@ -76,7 +76,8 @@ export async function getExchangeToken(
        // check org policy here
        const hasAccess = await checkOrgAccessPolicy({
            orgId: resource[0].orgId,
-            userId: req.user!.userId
+            userId: req.user!.userId,
+            session: req.session
        });

        if (!hasAccess.allowed || hasAccess.error) {