Merge pull request #2643 from Infisical/daniel/fix-cleanup-job-fail

fix: `timestamp out of range` error during daily cleanup
Infisical · Oct 24, 2024 · 45b9de6 · 45b9de6
2 parents 71081d8 + 114966d
commit 45b9de6
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/backend/src/services/identity-access-token/identity-access-token-dal.ts b/backend/src/services/identity-access-token/identity-access-token-dal.ts
@@ -98,6 +98,9 @@ export const identityAccessTokenDALFactory = (db: TDbClient) => {
 
   const removeExpiredTokens = async (tx?: Knex) => {
     logger.info(`${QueueName.DailyResourceCleanUp}: remove expired access token started`);
+
+    const MAX_TTL = 315_360_000; // Maximum TTL value in seconds (10 years)
+
     try {
       const docs = (tx || db)(TableName.IdentityAccessToken)
         .where({
@@ -120,15 +123,17 @@ export const identityAccessTokenDALFactory = (db: TDbClient) => {
                   .whereNotNull("accessTokenLastRenewedAt")
                   // accessTokenLastRenewedAt + convert_integer_to_seconds(accessTokenTTL) < present_date
                   .andWhereRaw(
-                    `"${TableName.IdentityAccessToken}"."accessTokenLastRenewedAt" + make_interval(secs => "${TableName.IdentityAccessToken}"."accessTokenTTL") < NOW()`
+                    `"${TableName.IdentityAccessToken}"."accessTokenLastRenewedAt" + make_interval(secs => LEAST("${TableName.IdentityAccessToken}"."accessTokenTTL", ?)) < NOW()`,
+                    [MAX_TTL]
                   );
               })
               .orWhere((qb3) => {
                 void qb3
                   .whereNull("accessTokenLastRenewedAt")
                   // created + convert_integer_to_seconds(accessTokenTTL) < present_date
                   .andWhereRaw(
-                    `"${TableName.IdentityAccessToken}"."createdAt" + make_interval(secs => "${TableName.IdentityAccessToken}"."accessTokenTTL") < NOW()`
+                    `"${TableName.IdentityAccessToken}"."createdAt" + make_interval(secs => LEAST("${TableName.IdentityAccessToken}"."accessTokenTTL", ?)) < NOW()`,
+                    [MAX_TTL]
                   );
               });
           });

diff --git a/backend/src/services/identity-ua/identity-ua-client-secret-dal.ts b/backend/src/services/identity-ua/identity-ua-client-secret-dal.ts
@@ -28,6 +28,7 @@ export const identityUaClientSecretDALFactory = (db: TDbClient) => {
   const removeExpiredClientSecrets = async (tx?: Knex) => {
     const BATCH_SIZE = 10000;
     const MAX_RETRY_ON_FAILURE = 3;
+    const MAX_TTL = 315_360_000; // Maximum TTL value in seconds (10 years)
 
     let deletedClientSecret: { id: string }[] = [];
     let numberOfRetryOnFailure = 0;
@@ -53,7 +54,8 @@ export const identityUaClientSecretDALFactory = (db: TDbClient) => {
             void qb
               .where("clientSecretTTL", ">", 0)
               .andWhereRaw(
-                `"${TableName.IdentityUaClientSecret}"."createdAt" + make_interval(secs => "${TableName.IdentityUaClientSecret}"."clientSecretTTL") < NOW()`
+                `"${TableName.IdentityUaClientSecret}"."createdAt" + make_interval(secs => LEAST("${TableName.IdentityUaClientSecret}"."clientSecretTTL", ?)) < NOW()`,
+                [MAX_TTL]
               );
           })
           .select("id")