fix: Fix multiple bugs with new authentication flow

server/src/services/session-auth.service.spec.ts

@@ -0,0 +1,39 @@
+import {
+  afterEach,
+  describe,
+  expect,
+  it
+} from 'vitest';
+import { getSessionTokenTtlMs } from './session-auth.service';
+
+const TEN_YEARS_MS = 10 * 365 * 24 * 60 * 60 * 1000;
+
+describe('session-auth.service', () => {
+  const originalTtl = process.env.SESSION_TOKEN_TTL_MS;
+
+  afterEach(() => {
+    if (originalTtl === undefined) {
+      delete process.env.SESSION_TOKEN_TTL_MS;
+    } else {
+      process.env.SESSION_TOKEN_TTL_MS = originalTtl;
+    }
+  });
+
+  it('defaults session tokens to a very long lifetime', () => {
+    delete process.env.SESSION_TOKEN_TTL_MS;
+
+    expect(getSessionTokenTtlMs()).toBe(TEN_YEARS_MS);
+  });
+
+  it('honors SESSION_TOKEN_TTL_MS when configured', () => {
+    process.env.SESSION_TOKEN_TTL_MS = '3600000';
+
+    expect(getSessionTokenTtlMs()).toBe(3_600_000);
+  });
+
+  it('falls back to the default when SESSION_TOKEN_TTL_MS is invalid', () => {
+    process.env.SESSION_TOKEN_TTL_MS = 'not-a-number';
+
+    expect(getSessionTokenTtlMs()).toBe(TEN_YEARS_MS);
+  });
+});

server/src/services/session-auth.service.ts

@@ -4,7 +4,7 @@ import { SessionTokenEntity } from '../entities/SessionTokenEntity';
 import { getUserById } from '../cqrs';
 import type { AuthUserPayload } from '../cqrs/types';
 
-const DEFAULT_TOKEN_TTL_MS = 24 * 60 * 60 * 1000;
+const DEFAULT_TOKEN_TTL_MS = 10 * 365 * 24 * 60 * 60 * 1000;
 
 export interface IssuedSessionToken {
   token: string;