VIA-183 AS/DB Extract session max age as an environment variable

anoop-surej-nhs · anoop-surej-nhs · commit cf9d80df501b · 2025-06-10T14:09:42.000+01:00
diff --git a/.env.template b/.env.template
@@ -15,6 +15,9 @@ NHS_LOGIN_CLIENT_ID=vita-app-sandpit
 NHS_LOGIN_SCOPE='openid profile'
 NHS_LOGIN_PRIVATE_KEY=
 
+# Active Session Expiry
+MAX_SESSION_AGE_MINUTES=59
+
 # NBS
 NBS_URL=https://<nbs-link>
 NBS_BOOKING_PATH=/nhs-app
diff --git a/auth.ts b/auth.ts
@@ -8,10 +8,9 @@ import { isValidSignIn } from "@src/utils/auth/callbacks/is-valid-signin";
 import { getToken } from "@src/utils/auth/callbacks/get-token";
 import { getUpdatedSession } from "@src/utils/auth/callbacks/get-updated-session";
 
-const MAX_SESSION_AGE_SECONDS: number = 12 * 60 * 60; // 12 hours of continuous usage
-
 export const { handlers, signIn, signOut, auth } = NextAuth(async () => {
   const config: AppConfig = await configProvider();
+  const MAX_SESSION_AGE_SECONDS: number = config.MAX_SESSION_AGE_MINUTES * 60;
 
   return {
     providers: [await NHSLoginAuthProvider()],
@@ -24,7 +23,7 @@ export const { handlers, signIn, signOut, auth } = NextAuth(async () => {
     },
     session: {
       strategy: "jwt",
-      maxAge: MAX_SESSION_AGE_SECONDS, // 12 hours of continuous usage
+      maxAge: MAX_SESSION_AGE_SECONDS,
     },
     trustHost: true,
     callbacks: {
diff --git a/infrastructure/environments/dev/locals.tf b/infrastructure/environments/dev/locals.tf
@@ -28,6 +28,8 @@ locals {
     NHS_LOGIN_URL   = "https://auth.sandpit.signin.nhs.uk"
     NHS_LOGIN_SCOPE = "openid profile"
 
+    MAX_SESSION_AGE_MINUTES = 59
+
     AUTH_TRUST_HOST = "true"
     AUTH_SECRET     = random_password.auth_secret.result
     APP_VERSION     = local.app_version
diff --git a/infrastructure/environments/preprod/locals.tf b/infrastructure/environments/preprod/locals.tf
@@ -28,6 +28,8 @@ locals {
     NHS_LOGIN_URL   = "https://auth.sandpit.signin.nhs.uk"
     NHS_LOGIN_SCOPE = "openid profile"
 
+    MAX_SESSION_AGE_MINUTES = 59
+
     AUTH_TRUST_HOST = "true"
     AUTH_SECRET     = random_password.auth_secret.result
     APP_VERSION     = local.app_version
diff --git a/src/utils/config.ts b/src/utils/config.ts
@@ -12,6 +12,7 @@ type AppConfig = {
   NHS_LOGIN_PRIVATE_KEY: string;
   NBS_URL: string;
   NBS_BOOKING_PATH: string;
+  MAX_SESSION_AGE_MINUTES: number;
 };
 
 const configProvider = async (): Promise<AppConfig> => {
@@ -55,6 +56,9 @@ const configProvider = async (): Promise<AppConfig> => {
       SSM_PREFIX,
       "NBS_BOOKING_PATH",
     ),
+    MAX_SESSION_AGE_MINUTES: Number(
+      await getFromEnvironmentOrSSM(SSM_PREFIX, "MAX_SESSION_AGE_MINUTES"),
+    ),
   };
 };
 
