feat: Don't allow negative values for expiresIn

alex9smith · alex9smith · commit 825094caad9e · 2025-07-02T12:00:21.000+01:00
diff --git a/README.md b/README.md
@@ -21,7 +21,7 @@ unless the `client` options is provided to override them.
   ☣️ Legacy reap behaviors use DynamoDB [`scan`](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-dynamodb/classes/scancommand.html)
   functionality that can incur significant costs. Should instead enable [DynamoDB TTL](http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/TTL.html)
   and select the `expires` field. TODO should we just remove it since we're already making a breaking change?
-- `expiresIn` Optional set the number of seconds for DynamoDB TTL. Defaults to the cookie's maxAge.
+- `expiresIn` Optional set the number of seconds for DynamoDB TTL. Defaults to the cookie's maxAge. Must be a positive integer.
 
 ## Usage
 
diff --git a/lib/connect-dynamodb.js b/lib/connect-dynamodb.js
@@ -68,7 +68,20 @@ module.exports = function (connect) {
     if (this.reapInterval > 0) {
       this._reap = setInterval(this.reap.bind(this), this.reapInterval);
     }
-    this.expiresIn = null == options.expiresIn ? 0 : options.expiresIn
+    if (options.expiresIn) {
+      if (!Number.isInteger(options.expiresIn)) {
+        console.warn("`expiresIn` must be an integer. Reverting to default behaviour");
+        this.expiresIn = 0;
+      }
+      else if (options.expiresIn < 0) {
+        console.warn("Negative `expiresIn` values are not supported. Reverting to default behaviour");
+        this.expiresIn = 0;
+      } else {
+        this.expiresIn = options.expiresIn;
+      }
+    } else {
+      this.expiresIn = 0;
+    }
   }
 
   /*
diff --git a/test/test.js b/test/test.js
@@ -79,8 +79,6 @@ describe("DynamoDBStore", () => {
         })
         .finally(done);
     });
-<<<<<<< Updated upstream
-=======
 
     it("should store a valid expiresIn", () => {
       const store = new DynamoDBStore({
@@ -98,14 +96,16 @@ describe("DynamoDBStore", () => {
       store.expiresIn.should.equal(0);
     });
 
+    it("should revert expiresIn to 0 when set to a negative integer", () => {
+    });
+
     it("should revert expiresIn to 0 when set to a negative integer", () => {
       const store = new DynamoDBStore({
         table: "sessions-test",
         expiresIn: -10
       });
       store.expiresIn.should.equal(0);
     });
->>>>>>> Stashed changes
   });
 
   describe("Initializing", () => {
