Make the access tokens TTL configurable

crates/config/src/sections/hack.rs

@@ -1,4 +1,4 @@
-// Copyright 2021, 2022 The Matrix.org Foundation C.I.C.
+// Copyright 2023 The Matrix.org Foundation C.I.C.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -19,33 +19,42 @@ use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 use serde_with::serde_as;
 
-use super::ConfigurationSection;
+use crate::ConfigurationSection;
 
-fn default_ttl() -> Duration {
-    Duration::hours(1)
+fn default_token_ttl() -> Duration {
+    Duration::minutes(5)
 }
 
-/// Configuration related to Cross-Site Request Forgery protections
+/// Configuration sections for miscellaneous options
 #[serde_as]
-#[derive(Debug, Clone, Serialize, Deserialize, JsonSchema)]
-pub struct CsrfConfig {
-    /// Time-to-live of a CSRF token in seconds
+#[derive(Clone, Debug, Deserialize, JsonSchema, Serialize)]
+pub struct HackConfig {
+    /// Time-to-live of access tokens in seconds
     #[schemars(with = "u64", range(min = 60, max = 86400))]
-    #[serde(default = "default_ttl")]
+    #[serde(default = "default_token_ttl")]
     #[serde_as(as = "serde_with::DurationSeconds<i64>")]
-    pub ttl: Duration,
+    pub access_token_ttl: Duration,
+
+    /// Time-to-live of compatibility access tokens in seconds
+    #[schemars(with = "u64", range(min = 60, max = 86400))]
+    #[serde(default = "default_token_ttl")]
+    #[serde_as(as = "serde_with::DurationSeconds<i64>")]
+    pub compat_token_ttl: Duration,
 }
 
-impl Default for CsrfConfig {
+impl Default for HackConfig {
     fn default() -> Self {
-        Self { ttl: default_ttl() }
+        Self {
+            access_token_ttl: default_token_ttl(),
+            compat_token_ttl: default_token_ttl(),
+        }
     }
 }
 
 #[async_trait]
-impl ConfigurationSection for CsrfConfig {
+impl ConfigurationSection for HackConfig {
     fn path() -> &'static str {
-        "csrf"
+        "hack"
     }
 
     async fn generate<R>(_rng: R) -> anyhow::Result<Self>
@@ -59,29 +68,3 @@ impl ConfigurationSection for CsrfConfig {
         Self::default()
     }
 }
-
-#[cfg(test)]
-mod tests {
-    use figment::Jail;
-
-    use super::*;
-
-    #[test]
-    fn load_config() {
-        Jail::expect_with(|jail| {
-            jail.create_file(
-                "config.yaml",
-                r#"
-                    csrf:
-                      ttl: 1800
-                "#,
-            )?;
-
-            let config = CsrfConfig::load_from_file("config.yaml")?;
-
-            assert_eq!(config.ttl, Duration::minutes(30));
-
-            Ok(())
-        });
-    }
-}

crates/config/src/sections/mod.rs

@@ -18,9 +18,9 @@ use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 
 mod clients;
-mod csrf;
 mod database;
 mod email;
+mod hack;
 mod http;
 mod matrix;
 mod passwords;
@@ -32,9 +32,9 @@ mod upstream_oauth2;
 
 pub use self::{
     clients::{ClientAuthMethodConfig, ClientConfig, ClientsConfig},
-    csrf::CsrfConfig,
     database::{ConnectConfig as DatabaseConnectConfig, DatabaseConfig},
     email::{EmailConfig, EmailSmtpMode, EmailTransportConfig},
+    hack::HackConfig,
     http::{
         BindConfig as HttpBindConfig, HttpConfig, ListenerConfig as HttpListenerConfig,
         Resource as HttpResource, TlsConfig as HttpTlsConfig, UnixOrTcp,
@@ -81,10 +81,6 @@ pub struct RootConfig {
     #[serde(default)]
     pub templates: TemplatesConfig,
 
-    /// Configuration related to Cross-Site Request Forgery protections
-    #[serde(default)]
-    pub csrf: CsrfConfig,
-
     /// Configuration related to sending emails
     #[serde(default)]
     pub email: EmailConfig,
@@ -106,6 +102,10 @@ pub struct RootConfig {
     /// Configuration related to upstream OAuth providers
     #[serde(default)]
     pub upstream_oauth2: UpstreamOAuth2Config,
+
+    /// Miscellaneous configuration options
+    #[serde(default)]
+    pub hack: HackConfig,
 }
 
 #[async_trait]
@@ -124,13 +124,13 @@ impl ConfigurationSection for RootConfig {
             database: DatabaseConfig::generate(&mut rng).await?,
             telemetry: TelemetryConfig::generate(&mut rng).await?,
             templates: TemplatesConfig::generate(&mut rng).await?,
-            csrf: CsrfConfig::generate(&mut rng).await?,
             email: EmailConfig::generate(&mut rng).await?,
             passwords: PasswordsConfig::generate(&mut rng).await?,
             secrets: SecretsConfig::generate(&mut rng).await?,
             matrix: MatrixConfig::generate(&mut rng).await?,
             policy: PolicyConfig::generate(&mut rng).await?,
             upstream_oauth2: UpstreamOAuth2Config::generate(&mut rng).await?,
+            hack: HackConfig::generate(&mut rng).await?,
         })
     }
 
@@ -142,12 +142,12 @@ impl ConfigurationSection for RootConfig {
             telemetry: TelemetryConfig::test(),
             templates: TemplatesConfig::test(),
             passwords: PasswordsConfig::test(),
-            csrf: CsrfConfig::test(),
             email: EmailConfig::test(),
             secrets: SecretsConfig::test(),
             matrix: MatrixConfig::test(),
             policy: PolicyConfig::test(),
             upstream_oauth2: UpstreamOAuth2Config::test(),
+            hack: HackConfig::test(),
         }
     }
 }
@@ -165,9 +165,6 @@ pub struct AppConfig {
     #[serde(default)]
     pub templates: TemplatesConfig,
 
-    #[serde(default)]
-    pub csrf: CsrfConfig,
-
     #[serde(default)]
     pub email: EmailConfig,
 
@@ -180,6 +177,9 @@ pub struct AppConfig {
 
     #[serde(default)]
     pub policy: PolicyConfig,
+
+    #[serde(default)]
+    pub hack: HackConfig,
 }
 
 #[async_trait]
@@ -196,12 +196,12 @@ impl ConfigurationSection for AppConfig {
             http: HttpConfig::generate(&mut rng).await?,
             database: DatabaseConfig::generate(&mut rng).await?,
             templates: TemplatesConfig::generate(&mut rng).await?,
-            csrf: CsrfConfig::generate(&mut rng).await?,
             email: EmailConfig::generate(&mut rng).await?,
             passwords: PasswordsConfig::generate(&mut rng).await?,
             secrets: SecretsConfig::generate(&mut rng).await?,
             matrix: MatrixConfig::generate(&mut rng).await?,
             policy: PolicyConfig::generate(&mut rng).await?,
+            hack: HackConfig::generate(&mut rng).await?,
         })
     }
 
@@ -211,11 +211,11 @@ impl ConfigurationSection for AppConfig {
             database: DatabaseConfig::test(),
             templates: TemplatesConfig::test(),
             passwords: PasswordsConfig::test(),
-            csrf: CsrfConfig::test(),
             email: EmailConfig::test(),
             secrets: SecretsConfig::test(),
             matrix: MatrixConfig::test(),
             policy: PolicyConfig::test(),
+            hack: HackConfig::test(),
         }
     }
 }