null/BillTracker
null
/
BillTracker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

docs: v0.19.4 changelog, remove completed session cleanup from FUTURE.md

This commit is contained in:
null 2026-05-09 20:21:22 -05:00
parent 399882f282
commit 3a1d6133f6
2 changed files with 11 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
FUTURE.md
View File

@ -3,7 +3,7 @@
**This document tracks potential future enhancements for Bill Tracker.** **This document tracks potential future enhancements for Bill Tracker.**
**Last Updated:** 2026-05-09 **Last Updated:** 2026-05-09
**Current Version:** v0.19.3 **Current Version:** v0.19.4
## How to Use This Document ## How to Use This Document
@ -53,31 +53,7 @@ Migrations are not atomic. If a migration fails partway through, database is lef
- Log transaction state for debugging - Log transaction state for debugging
- Test with intentional failures to verify rollback - Test with intentional failures to verify rollback
### Session Token Expiry Not Enforced at Database Level
**Priority:** CRITICAL
**Added:** 2026-05-08 by Neo
**Description:**
Session tokens expire in application logic but database records persist indefinitely.
**Rationale:**
- `/services/authService.js` checks `expires_at > datetime('now')` in code
- Expired sessions accumulate in `sessions` table
- No cleanup worker for orphaned/expired sessions
- Risk of table bloat and potential token reuse if bugs exist
**Implementation Notes:**
- Files to modify: `/home/kaspa/.openclaw/Projects/bill-tracker/db/database.js`, `/services/cleanupService.js`
- Estimated effort: 4 hours
- Add:
- Database-level cleanup job (runs daily via admin cleanup service)
- SQL:
```sql
DELETE FROM sessions WHERE expires_at < datetime('now');
```
- Consider adding `created_at` + `last_used_at` for better cleanup targeting
---
### 🟠 HIGH ### 🟠 HIGH

10
HISTORY.md
View File

@ -1,5 +1,15 @@
# Bill Tracker — Changelog # Bill Tracker — Changelog
## v0.19.4
### Added
- **Session token expiry cleanup** — Expired sessions are now purged automatically on startup, every 24 hours, and per-user on login. Prevents `sessions` table bloat and potential token reuse.
- **`created_at` column on sessions** — v0.43 migration adds `created_at` to the sessions table for better cleanup targeting.
- **`SESSION_CLEANUP_INTERVAL_MS` env var** — Configurable cleanup interval (default 24h, max 7 days). Invalid values are rejected with a warning.
### Security
- **Input validation on `SESSION_CLEANUP_INTERVAL_MS`** — Rejects 0, negative, and >7-day values to prevent DoS via event loop starvation (Hudson finding).
## v0.19.3 ## v0.19.3
### Fixed ### Fixed