From 91151597dfc5a4a48cd9db305664f47d4dc554ef Mon Sep 17 00:00:00 2001
From: Daniel Wagner-Hall <dawagner@gmail.com>
Date: Fri, 5 Dec 2025 12:50:39 +0000
Subject: [PATCH] Expire sessions after 1 hour

It looks like something changed with either GitHub or browsers such that
GitHub is frequently giving 401s. I'm not sure whether that's because
they're expiring tokens more readily, or sessions are lasting longer
than they used to.

Ideally Octocrab would notice 401s and force a re-auth, but it doesn't
have an obvious hook for that. Instead, just expire sessions after an
hour so that we will stop seeing existing tokens, and will automatically
redirect people to fetch new tokens.
---
 Cargo.lock                 | 37 ++++++++++++++++++++++++-------------
 Cargo.toml                 |  1 +
 src/bin/trainee-tracker.rs |  2 +-
 3 files changed, 26 insertions(+), 14 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 72da197..208ece1 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -493,12 +493,12 @@ dependencies = [
 
 [[package]]
 name = "deranged"
-version = "0.4.0"
+version = "0.5.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9c9e6a11ca8224451684bc0d7d5a7adbf8f2fd6887261a1cfc3c0432f9d4068e"
+checksum = "ececcb659e7ba858fb4f10388c250a7252eb0a27373f1a72b8748afdd248e587"
 dependencies = [
  "powerfmt",
- "serde",
+ "serde_core",
 ]
 
 [[package]]
@@ -2724,10 +2724,11 @@ checksum = "56e6fa9c48d24d85fb3de5ad847117517440f6beceb7798af16b4a87d616b8d0"
 
 [[package]]
 name = "serde"
-version = "1.0.219"
+version = "1.0.228"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6"
+checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e"
 dependencies = [
+ "serde_core",
  "serde_derive",
 ]
 
@@ -2766,11 +2767,20 @@ dependencies = [
  "typeid",
 ]
 
+[[package]]
+name = "serde_core"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad"
+dependencies = [
+ "serde_derive",
+]
+
 [[package]]
 name = "serde_derive"
-version = "1.0.219"
+version = "1.0.228"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00"
+checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -3170,9 +3180,9 @@ dependencies = [
 
 [[package]]
 name = "time"
-version = "0.3.41"
+version = "0.3.44"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a7619e19bc266e0f9c5e6686659d394bc57973859340060a69221e57dbc0c40"
+checksum = "91e7d9e3bb61134e77bde20dd4825b97c010155709965fedf0f49bb138e52a9d"
 dependencies = [
  "deranged",
  "itoa",
@@ -3187,15 +3197,15 @@ dependencies = [
 
 [[package]]
 name = "time-core"
-version = "0.1.4"
+version = "0.1.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9e9a38711f559d9e3ce1cdb06dd7c5b8ea546bc90052da6d06bb76da74bb07c"
+checksum = "40868e7c1d2f0b8d73e4a8c7f0ff63af4f6d19be117e90bd73eb1d62cf831c6b"
 
 [[package]]
 name = "time-macros"
-version = "0.2.22"
+version = "0.2.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3526739392ec93fd8b359c8e98514cb3e8e021beb4e5f597b00a0221f8ed8a49"
+checksum = "30cfb0125f12d9c277f35663a0a33f8c30190f4e4574868a330595412d34ebf3"
 dependencies = [
  "num-conv",
  "time-core",
@@ -3509,6 +3519,7 @@ dependencies = [
  "serde_urlencoded",
  "sheets",
  "slack-with-types",
+ "time",
  "tokio",
  "tower",
  "tower-http",
diff --git a/Cargo.toml b/Cargo.toml
index b2a9a40..8f95aaa 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -44,6 +44,7 @@ serde_json = "1"
 serde_urlencoded = "0.7.1"
 sheets = "0.7.0"
 slack-with-types = "0.1.1"
+time = "0.3.44"
 tokio = { version = "1", features = ["macros", "rt-multi-thread"] }
 tower = "0.5.2"
 tower-http = { version = "0.6.6", features = ["fs"] }
diff --git a/src/bin/trainee-tracker.rs b/src/bin/trainee-tracker.rs
index 5f04425..ac9a59b 100644
--- a/src/bin/trainee-tracker.rs
+++ b/src/bin/trainee-tracker.rs
@@ -47,7 +47,7 @@ async fn main() {
     let session_store = MemoryStore::default();
     let session_layer = SessionManagerLayer::new(session_store)
         .with_secure(is_secure)
-        .with_expiry(Expiry::OnSessionEnd);
+        .with_expiry(Expiry::OnInactivity(time::Duration::HOUR));
 
     let app = axum::Router::new()
         .route("/api/ok", get(trainee_tracker::endpoints::health_check))