Merge pull request #2643 from Infisical/daniel/fix-cleanup-job-fail

fix: `timestamp out of range` error during daily cleanup
2026-01-10 07:58:15 -05:00 · 2024-10-24 19:52:12 +04:00
parent 71081d8e9a 114966ded4
commit 45b9de63f0
2 changed files with 10 additions and 3 deletions
--- a/backend/src/services/identity-access-token/identity-access-token-dal.ts
+++ b/backend/src/services/identity-access-token/identity-access-token-dal.ts
@@ -98,6 +98,9 @@ export const identityAccessTokenDALFactory = (db: TDbClient) => {

  const removeExpiredTokens = async (tx?: Knex) => {
    logger.info(`${QueueName.DailyResourceCleanUp}: remove expired access token started`);
+
+    const MAX_TTL = 315_360_000; // Maximum TTL value in seconds (10 years)
+
    try {
      const docs = (tx || db)(TableName.IdentityAccessToken)
        .where({
@@ -120,7 +123,8 @@ export const identityAccessTokenDALFactory = (db: TDbClient) => {
                  .whereNotNull("accessTokenLastRenewedAt")
                  // accessTokenLastRenewedAt + convert_integer_to_seconds(accessTokenTTL) < present_date
                  .andWhereRaw(
-                    `"${TableName.IdentityAccessToken}"."accessTokenLastRenewedAt" + make_interval(secs => "${TableName.IdentityAccessToken}"."accessTokenTTL") < NOW()`
+                    `"${TableName.IdentityAccessToken}"."accessTokenLastRenewedAt" + make_interval(secs => LEAST("${TableName.IdentityAccessToken}"."accessTokenTTL", ?)) < NOW()`,
+                    [MAX_TTL]
                  );
              })
              .orWhere((qb3) => {
@@ -128,7 +132,8 @@ export const identityAccessTokenDALFactory = (db: TDbClient) => {
                  .whereNull("accessTokenLastRenewedAt")
                  // created + convert_integer_to_seconds(accessTokenTTL) < present_date
                  .andWhereRaw(
-                    `"${TableName.IdentityAccessToken}"."createdAt" + make_interval(secs => "${TableName.IdentityAccessToken}"."accessTokenTTL") < NOW()`
+                    `"${TableName.IdentityAccessToken}"."createdAt" + make_interval(secs => LEAST("${TableName.IdentityAccessToken}"."accessTokenTTL", ?)) < NOW()`,
+                    [MAX_TTL]
                  );
              });
          });
--- a/backend/src/services/identity-ua/identity-ua-client-secret-dal.ts
+++ b/backend/src/services/identity-ua/identity-ua-client-secret-dal.ts
@@ -28,6 +28,7 @@ export const identityUaClientSecretDALFactory = (db: TDbClient) => {
  const removeExpiredClientSecrets = async (tx?: Knex) => {
    const BATCH_SIZE = 10000;
    const MAX_RETRY_ON_FAILURE = 3;
+    const MAX_TTL = 315_360_000; // Maximum TTL value in seconds (10 years)

    let deletedClientSecret: { id: string }[] = [];
    let numberOfRetryOnFailure = 0;
@@ -53,7 +54,8 @@ export const identityUaClientSecretDALFactory = (db: TDbClient) => {
            void qb
              .where("clientSecretTTL", ">", 0)
              .andWhereRaw(
-                `"${TableName.IdentityUaClientSecret}"."createdAt" + make_interval(secs => "${TableName.IdentityUaClientSecret}"."clientSecretTTL") < NOW()`
+                `"${TableName.IdentityUaClientSecret}"."createdAt" + make_interval(secs => LEAST("${TableName.IdentityUaClientSecret}"."clientSecretTTL", ?)) < NOW()`,
+                [MAX_TTL]
              );
          })
          .select("id")