diff --git a/.sqlx/query-1c260c68aeeb055a4ac1a056d445f71f3f5f3b9bea6b497b93abfa5938ccea22.json b/.sqlx/query-1c260c68aeeb055a4ac1a056d445f71f3f5f3b9bea6b497b93abfa5938ccea22.json deleted file mode 100644 index 044b7bc..0000000 --- a/.sqlx/query-1c260c68aeeb055a4ac1a056d445f71f3f5f3b9bea6b497b93abfa5938ccea22.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "db_name": "PostgreSQL", - "query": "SELECT COUNT(*) FROM auth.sessions s\n INNER JOIN auth.tokens t ON t.id = s.token_id\n WHERE t.expires_at > now()", - "describe": { - "columns": [ - { - "ordinal": 0, - "name": "count", - "type_info": "Int8" - } - ], - "parameters": { - "Left": [] - }, - "nullable": [ - null - ] - }, - "hash": "1c260c68aeeb055a4ac1a056d445f71f3f5f3b9bea6b497b93abfa5938ccea22" -} diff --git a/src/cli.rs b/src/cli.rs index 03cb9a4..1e65e4c 100644 --- a/src/cli.rs +++ b/src/cli.rs @@ -282,10 +282,6 @@ async fn serve(cfg: ServeConfig, role: handoff::Role) -> Result<()> { }; let gc_handle = tokio::spawn(token_gc::run(state.pool.clone(), state.metrics.clone())); - let sessions_handle = tokio::spawn(http::active_sessions_gauge( - state.pool.clone(), - state.metrics.clone(), - )); let tls = match (cfg.tls_cert, cfg.tls_key, cfg.tls_ca) { (Some(cert), Some(key), Some(ca)) => Some((cert, key, ca)), @@ -364,9 +360,7 @@ async fn serve(cfg: ServeConfig, role: handoff::Role) -> Result<()> { let result = http::serve(listener, tls, state, shared, handoff_shutdown).await; gc_handle.abort(); - sessions_handle.abort(); let _ = gc_handle.await; // JoinError here means cancelled (expected) or panicked (already exiting) - let _ = sessions_handle.await; // The handoff thread either exited cleanly on commit (we already saw // handoff_shutdown=true) or it is still parked in accept() on the // control socket. We're going down anyway; don't wait. diff --git a/src/http.rs b/src/http.rs index 87fb493..9e6d224 100644 --- a/src/http.rs +++ b/src/http.rs @@ -511,25 +511,6 @@ async fn metrics_handler(State(state): State) -> impl IntoResponse { .into_response() } -/// Background task that refreshes the `auth_active_sessions_total` gauge every 60 s. -/// Running this as a task keeps the DB query off the scrape hot path. -pub async fn active_sessions_gauge(pool: sqlx::PgPool, metrics: Arc) { - let mut interval = tokio::time::interval(Duration::from_secs(60)); - loop { - interval.tick().await; - if let Ok(Some(n)) = sqlx::query_scalar!( - "SELECT COUNT(*) FROM auth.sessions s - INNER JOIN auth.tokens t ON t.id = s.token_id - WHERE t.expires_at > now()" - ) - .fetch_one(&pool) - .await - { - metrics.active_sessions_total.set(n as f64); - } - } -} - async fn shutdown_signal() { use tokio::signal; diff --git a/src/metrics.rs b/src/metrics.rs index 63dc1f6..d24a6a5 100644 --- a/src/metrics.rs +++ b/src/metrics.rs @@ -180,10 +180,6 @@ define_metrics! { gauge token_gc_last_run_timestamp_seconds("token_gc_last_run_timestamp_seconds") => "Unix timestamp of the last successful GC pass", - // Session count for capacity planning and anomaly detection. - gauge active_sessions_total("auth_active_sessions_total") - => "Current number of active (non-expired) sessions", - // Signing key lifecycle events. counter signing_key_rotations_total("auth_signing_key_rotations_total") => "Signing keys generated (new active key created)",