Add session timeout configuration

Add configurable session timeouts to replace hardcoded values. The config now
supports 'sessions.timeout' and 'sessions.cleanupInterval' using Go duration
format (e.g., '5m', '30s'). Custom JSON unmarshaling ensures only duration
strings are accepted, not numeric values.

Author: dgellow

internal/config/load.go

@@ -5,6 +5,8 @@ import (
 	"fmt"
 	"os"
 	"strings"
+
+	"github.com/dgellow/mcp-front/internal"
 )
 
 // Load loads and processes the config with immediate env var resolution
@@ -129,6 +131,19 @@ func ValidateConfig(config *Config) error {
 		}
 	}
 
+	// Validate proxy session configuration
+	if config.Proxy.Sessions != nil {
+		if config.Proxy.Sessions.Timeout < 0 {
+			return fmt.Errorf("proxy.sessions.timeout cannot be negative")
+		}
+		if config.Proxy.Sessions.CleanupInterval < 0 {
+			return fmt.Errorf("proxy.sessions.cleanupInterval cannot be negative")
+		}
+		if config.Proxy.Sessions.Timeout > 0 && config.Proxy.Sessions.CleanupInterval > config.Proxy.Sessions.Timeout {
+			internal.LogWarn("Session cleanup interval is greater than session timeout")
+		}
+	}
+
 	return nil
 }
 

internal/config/load_test.go

@@ -2,6 +2,7 @@ package config
 
 import (
 	"testing"
+	"time"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -103,3 +104,106 @@ func TestValidateConfig_UserTokensRequireOAuth(t *testing.T) {
 		})
 	}
 }
+
+func TestValidateConfig_SessionConfig(t *testing.T) {
+	tests := []struct {
+		name          string
+		config        *Config
+		expectError   string
+		expectTimeout time.Duration
+		expectCleanup time.Duration
+	}{
+		{
+			name: "valid_session_config",
+			config: &Config{
+				Proxy: ProxyConfig{
+					BaseURL: "https://test.example.com",
+					Addr:    ":8080",
+					Auth: &BearerTokenAuthConfig{
+						Kind: AuthKindBearerToken,
+					},
+					Sessions: &SessionConfig{
+						Timeout:         10 * time.Minute,
+						CleanupInterval: 2 * time.Minute,
+					},
+				},
+				MCPServers: map[string]*MCPClientConfig{},
+			},
+			expectError:   "",
+			expectTimeout: 10 * time.Minute,
+			expectCleanup: 2 * time.Minute,
+		},
+		{
+			name: "negative_timeout",
+			config: &Config{
+				Proxy: ProxyConfig{
+					BaseURL: "https://test.example.com",
+					Addr:    ":8080",
+					Auth: &BearerTokenAuthConfig{
+						Kind: AuthKindBearerToken,
+					},
+					Sessions: &SessionConfig{
+						Timeout:         -1 * time.Minute,
+						CleanupInterval: 2 * time.Minute,
+					},
+				},
+				MCPServers: map[string]*MCPClientConfig{},
+			},
+			expectError: "proxy.sessions.timeout cannot be negative",
+		},
+		{
+			name: "negative_cleanup_interval",
+			config: &Config{
+				Proxy: ProxyConfig{
+					BaseURL: "https://test.example.com",
+					Addr:    ":8080",
+					Auth: &BearerTokenAuthConfig{
+						Kind: AuthKindBearerToken,
+					},
+					Sessions: &SessionConfig{
+						Timeout:         10 * time.Minute,
+						CleanupInterval: -30 * time.Second,
+					},
+				},
+				MCPServers: map[string]*MCPClientConfig{},
+			},
+			expectError: "proxy.sessions.cleanupInterval cannot be negative",
+		},
+		{
+			name: "empty_session_config",
+			config: &Config{
+				Proxy: ProxyConfig{
+					BaseURL: "https://test.example.com",
+					Addr:    ":8080",
+					Auth: &BearerTokenAuthConfig{
+						Kind: AuthKindBearerToken,
+					},
+					Sessions: &SessionConfig{
+						Timeout:         0,
+						CleanupInterval: 0,
+					},
+				},
+				MCPServers: map[string]*MCPClientConfig{},
+			},
+			expectError:   "",
+			expectTimeout: 0,
+			expectCleanup: 0,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := ValidateConfig(tt.config)
+			if tt.expectError != "" {
+				assert.Error(t, err)
+				assert.Contains(t, err.Error(), tt.expectError)
+			} else {
+				assert.NoError(t, err)
+				if tt.config.Proxy.Sessions != nil {
+					assert.Equal(t, tt.expectTimeout, tt.config.Proxy.Sessions.Timeout)
+					assert.Equal(t, tt.expectCleanup, tt.config.Proxy.Sessions.CleanupInterval)
+				}
+			}
+		})
+	}
+}

internal/config/types.go

@@ -112,6 +112,12 @@ type MCPClientConfig struct {
 	InlineConfig json.RawMessage `json:"inline,omitempty"`
 }
 
+// SessionConfig represents session management configuration
+type SessionConfig struct {
+	Timeout         time.Duration
+	CleanupInterval time.Duration
+}
+
 // AdminConfig represents admin UI configuration
 type AdminConfig struct {
 	Enabled     bool     `json:"enabled"`
@@ -138,11 +144,12 @@ type OAuthAuthConfig struct {
 
 // ProxyConfig represents the proxy configuration with resolved values
 type ProxyConfig struct {
-	BaseURL string       `json:"baseURL"`
-	Addr    string       `json:"addr"`
-	Name    string       `json:"name"`
-	Auth    interface{}  `json:"-"` // OAuthAuthConfig or BearerTokenAuthConfig
-	Admin   *AdminConfig `json:"admin,omitempty"`
+	BaseURL  string         `json:"baseURL"`
+	Addr     string         `json:"addr"`
+	Name     string         `json:"name"`
+	Auth     interface{}    `json:"-"` // OAuthAuthConfig or BearerTokenAuthConfig
+	Admin    *AdminConfig   `json:"admin,omitempty"`
+	Sessions *SessionConfig `json:"sessions,omitempty"`
 }
 
 // Config represents the config structure with resolved values

internal/config/unmarshal.go

@@ -20,7 +20,7 @@ func (c *MCPClientConfig) UnmarshalJSON(data []byte) error {
 		Env               map[string]json.RawMessage `json:"env,omitempty"`
 		URL               json.RawMessage            `json:"url,omitempty"`
 		Headers           map[string]json.RawMessage `json:"headers,omitempty"`
-		Timeout           time.Duration              `json:"timeout,omitempty"`
+		Timeout           string                     `json:"timeout,omitempty"`
 		Options           *Options                   `json:"options,omitempty"`
 		RequiresUserToken bool                       `json:"requiresUserToken,omitempty"`
 		TokenSetup        *TokenSetupConfig          `json:"tokenSetup,omitempty"`
@@ -33,12 +33,20 @@ func (c *MCPClientConfig) UnmarshalJSON(data []byte) error {
 	}
 
 	c.TransportType = raw.TransportType
-	c.Timeout = raw.Timeout
 	c.Options = raw.Options
 	c.RequiresUserToken = raw.RequiresUserToken
 	c.TokenSetup = raw.TokenSetup
 	c.InlineConfig = raw.InlineConfig
 
+	// Parse timeout if present
+	if raw.Timeout != "" {
+		timeout, err := time.ParseDuration(raw.Timeout)
+		if err != nil {
+			return fmt.Errorf("parsing timeout: %w", err)
+		}
+		c.Timeout = timeout
+	}
+
 	if c.TransportType == "" {
 		return fmt.Errorf("transportType is required")
 	}
@@ -191,11 +199,12 @@ func (o *OAuthAuthConfig) UnmarshalJSON(data []byte) error {
 func (p *ProxyConfig) UnmarshalJSON(data []byte) error {
 	// Use a raw type to parse references
 	type rawProxy struct {
-		BaseURL json.RawMessage `json:"baseURL"`
-		Addr    json.RawMessage `json:"addr"`
-		Name    string          `json:"name"`
-		Auth    json.RawMessage `json:"auth"`
-		Admin   *AdminConfig    `json:"admin"`
+		BaseURL  json.RawMessage `json:"baseURL"`
+		Addr     json.RawMessage `json:"addr"`
+		Name     string          `json:"name"`
+		Auth     json.RawMessage `json:"auth"`
+		Admin    *AdminConfig    `json:"admin"`
+		Sessions *SessionConfig  `json:"sessions"`
 	}
 
 	var raw rawProxy
@@ -205,6 +214,7 @@ func (p *ProxyConfig) UnmarshalJSON(data []byte) error {
 
 	p.Name = raw.Name
 	p.Admin = raw.Admin
+	p.Sessions = raw.Sessions
 
 	// Normalize admin emails for consistent comparison
 	if p.Admin != nil && len(p.Admin.AdminEmails) > 0 {
@@ -335,3 +345,35 @@ func (c *MCPClientConfig) ApplyUserToken(userToken string) *MCPClientConfig {
 
 	return &result
 }
+
+// UnmarshalJSON implements custom unmarshaling for SessionConfig
+func (s *SessionConfig) UnmarshalJSON(data []byte) error {
+	var raw struct {
+		Timeout         string `json:"timeout"`
+		CleanupInterval string `json:"cleanupInterval"`
+	}
+
+	if err := json.Unmarshal(data, &raw); err != nil {
+		return err
+	}
+
+	// Parse timeout if present
+	if raw.Timeout != "" {
+		timeout, err := time.ParseDuration(raw.Timeout)
+		if err != nil {
+			return fmt.Errorf("parsing timeout: %w", err)
+		}
+		s.Timeout = timeout
+	}
+
+	// Parse cleanupInterval if present
+	if raw.CleanupInterval != "" {
+		interval, err := time.ParseDuration(raw.CleanupInterval)
+		if err != nil {
+			return fmt.Errorf("parsing cleanupInterval: %w", err)
+		}
+		s.CleanupInterval = interval
+	}
+
+	return nil
+}

internal/config/unmarshal_test.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"os"
 	"testing"
+	"time"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -329,3 +330,92 @@ func TestOAuthAuthConfig_ValidationErrors(t *testing.T) {
 		})
 	}
 }
+
+func TestSessionConfig_UnmarshalJSON(t *testing.T) {
+	tests := []struct {
+		name            string
+		input           string
+		expectedTimeout time.Duration
+		expectedCleanup time.Duration
+		expectedError   bool
+	}{
+		{
+			name: "valid durations",
+			input: `{
+				"timeout": "10m",
+				"cleanupInterval": "2m"
+			}`,
+			expectedTimeout: 10 * time.Minute,
+			expectedCleanup: 2 * time.Minute,
+		},
+		{
+			name: "empty strings",
+			input: `{
+				"timeout": "",
+				"cleanupInterval": ""
+			}`,
+			expectedTimeout: 0,
+			expectedCleanup: 0,
+		},
+		{
+			name:            "missing fields",
+			input:           `{}`,
+			expectedTimeout: 0,
+			expectedCleanup: 0,
+		},
+		{
+			name: "invalid duration format",
+			input: `{
+				"timeout": "invalid",
+				"cleanupInterval": "2m"
+			}`,
+			expectedError: true,
+		},
+		{
+			name: "numeric values rejected",
+			input: `{
+				"timeout": 600000000000,
+				"cleanupInterval": 120000000000
+			}`,
+			expectedError: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			var config SessionConfig
+			err := json.Unmarshal([]byte(tt.input), &config)
+
+			if tt.expectedError {
+				assert.Error(t, err)
+			} else {
+				assert.NoError(t, err)
+				assert.Equal(t, tt.expectedTimeout, config.Timeout)
+				assert.Equal(t, tt.expectedCleanup, config.CleanupInterval)
+			}
+		})
+	}
+}
+
+func TestProxyConfig_SessionConfigIntegration(t *testing.T) {
+	input := `{
+		"baseURL": "http://localhost:8080",
+		"addr": ":8080",
+		"auth": {
+			"kind": "bearerToken",
+			"tokens": {}
+		},
+		"sessions": {
+			"timeout": "15m",
+			"cleanupInterval": "3m"
+		}
+	}`
+
+	var config ProxyConfig
+	err := json.Unmarshal([]byte(input), &config)
+	require.NoError(t, err)
+
+	require.NotNil(t, config.Sessions)
+	assert.Equal(t, 15*time.Minute, config.Sessions.Timeout)
+	assert.Equal(t, 3*time.Minute, config.Sessions.CleanupInterval)
+}