feat: Don't allow negative values for expiresIn

alex9smith · alex9smith · commit 2557bbf803c0 · 2025-07-02T11:55:03.000+01:00
diff --git a/README.md b/README.md
@@ -21,7 +21,7 @@ unless the `client` options is provided to override them.
   ☣️ Legacy reap behaviors use DynamoDB [`scan`](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-dynamodb/classes/scancommand.html)
   functionality that can incur significant costs. Should instead enable [DynamoDB TTL](http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/TTL.html)
   and select the `expires` field. TODO should we just remove it since we're already making a breaking change?
-- `expiresIn` Optional set the number of seconds for DynamoDB TTL. Defaults to the cookie's maxAge.
+- `expiresIn` Optional set the number of seconds for DynamoDB TTL. Defaults to the cookie's maxAge. Must be a positive integer.
 
 ## Usage
 
diff --git a/lib/connect-dynamodb.js b/lib/connect-dynamodb.js
@@ -68,7 +68,20 @@ module.exports = function (connect) {
     if (this.reapInterval > 0) {
       this._reap = setInterval(this.reap.bind(this), this.reapInterval);
     }
-    this.expiresIn = null == options.expiresIn ? 0 : options.expiresIn
+    if (options.expiresIn) {
+      if (!Number.isInteger(options.expiresIn)) {
+        console.warn("`expiresIn` must be an integer. Reverting to default behaviour");
+        this.expiresIn = 0;
+      }
+      else if (options.expiresIn < 0) {
+        console.warn("Negative `expiresIn` values are not supported. Reverting to default behaviour");
+        this.expiresIn = 0;
+      } else {
+        this.expiresIn = options.expiresIn;
+      }
+    } else {
+      this.expiresIn = 0;
+    }
   }
 
   /*
diff --git a/test/test.js b/test/test.js
@@ -69,6 +69,34 @@ describe("DynamoDBStore", () => {
         })
         .finally(done);
     });
+
+    it("should store a valid expiresIn", () => {
+      const store = new DynamoDBStore({
+        table: "sessions-test",
+        expiresIn: 3600
+      });
+      store.expiresIn.should.equal(3600);
+    });
+
+    it("should revert expiresIn to 0 when set to a non-integer", () => {
+      const consoleWarnStub = sinon.stub(console, 'warn');
+      const store = new DynamoDBStore({
+        table: "sessions-test",
+        expiresIn: 1.5
+      });
+      store.expiresIn.should.equal(0);
+      consoleWarnStub.restore();
+    });
+
+    it("should revert expiresIn to 0 when set to a negative integer", () => {
+      const consoleWarnStub = sinon.stub(console, 'warn');
+      const store = new DynamoDBStore({
+        table: "sessions-test",
+        expiresIn: -10
+      });
+      store.expiresIn.should.equal(0);
+      consoleWarnStub.restore();
+    });
   });
 
   describe("Initializing", () => {
