dkhalife · dkhalife · Mar 9, 2025 · Mar 9, 2025
diff --git a/README.md b/README.md
@@ -97,6 +97,7 @@ The configuration files are yaml mappings with the following values:
 | `scheduler_jobs.due_frequency`           | `5m`                                                | The interval for sending regular notifications.                             |
 | `scheduler_jobs.overdue_frequency`       | `24h`                                               | The interval for sending overdue notifications.                             |
 | `scheduler_jobs.password_reset_validity` | `24h`                                               | How long password reset tokens are valid for.                               |
+| `token_expiration_reminder`              | `72h`                                               | How long before an app token expiration to send a reminder for it.          |
 | `email.host`                             | (empty)                                             | The email server host.                                                      |
 | `email.port`                             | (empty)                                             | The email server port.                                                      |
 | `email.email`                            | (empty)                                             | The email address used for sending emails.                                  |

diff --git a/config/config.go b/config/config.go
@@ -40,9 +40,10 @@ type ServerConfig struct {
 }
 
 type SchedulerConfig struct {
-	DueFrequency          time.Duration `mapstructure:"due_frequency" yaml:"due_frequency" default:"5m"`
-	OverdueFrequency      time.Duration `mapstructure:"overdue_frequency" yaml:"overdue_frequency" default:"1d"`
-	PasswordResetValidity time.Duration `mapstructure:"password_reset_validity" yaml:"password_reset_validity" default:"24h"`
+	DueFrequency            time.Duration `mapstructure:"due_frequency" yaml:"due_frequency" default:"5m"`
+	OverdueFrequency        time.Duration `mapstructure:"overdue_frequency" yaml:"overdue_frequency" default:"1d"`
+	PasswordResetValidity   time.Duration `mapstructure:"password_reset_validity" yaml:"password_reset_validity" default:"24h"`
+	TokenExpirationReminder time.Duration `mapstructure:"token_expiration_reminder" yaml:"token_expiration_reminder" default:"72h"`
 }
 
 type EmailConfig struct {

diff --git a/config/debug.yaml b/config/debug.yaml
@@ -17,9 +17,10 @@ server:
   registration: true
   debug: true
 scheduler_jobs:
-  due_frequency: 5s
-  overdue_frequency: 10s
+  due_frequency: 1m
+  overdue_frequency: 1m
   password_reset_validity: 1m
+  token_expiration_reminder: 1m
 email:
   host: 
   port: 

diff --git a/config/prod.yaml b/config/prod.yaml
@@ -20,6 +20,7 @@ scheduler_jobs:
   due_frequency: 5m
   overdue_frequency: 24h
   password_reset_validity: 24h
+  token_expiration_reminder: 72h
 email:
   host: 
   port: 

diff --git a/internal/models/user.go b/internal/models/user.go
@@ -55,11 +55,12 @@ const (
 )
 
 type AppToken struct {
-	ID        int            `json:"id" gorm:"primary_key;not null"`
+	ID        int            `json:"id" gorm:"primary_key"`
 	UserID    int            `json:"user_id" gorm:"column:user_id;not null"`
 	Name      string         `json:"name" gorm:"column:name;not null"`
 	Token     string         `json:"token" gorm:"column:token;index;not null"`
 	Scopes    pq.StringArray `json:"scopes" gorm:"column:scopes;type:text[]"`
 	CreatedAt time.Time      `json:"-" gorm:"column:created_at;default:CURRENT_TIMESTAMP"`
 	ExpiresAt time.Time      `json:"expires_at" gorm:"column:expires_at;default:CURRENT_TIMESTAMP"`
+	User      User           `json:"-" gorm:"foreignKey:UserID"`
 }
diff --git a/internal/repos/user/user.go b/internal/repos/user/user.go
@@ -214,6 +214,25 @@ func (r *UserRepository) UpdatePasswordByUserId(c context.Context, userID int, p
 }
 
 func (r *UserRepository) DeleteStalePasswordResets(c context.Context) error {
-	now := time.Now()
+	now := time.Now().UTC()
 	return r.db.WithContext(c).Where("expiration_date <= ?", now).Delete(&models.UserPasswordReset{}).Error
 }
+
+func (r *UserRepository) GetAppTokensNearingExpiration(c context.Context, before time.Duration) ([]*models.AppToken, error) {
+	lowerBound := time.Now().UTC().Add(-before)
+	var tokens []*models.AppToken
+	if err := r.db.WithContext(c).
+		Where("expires_at > ?", lowerBound).
+		Where("expires_at <= ?", lowerBound.Add(before)).
+		Preload("User").
+		Find(&tokens).Error; err != nil {
+		return nil, err
+	}
+
+	return tokens, nil
+}
+
+func (r *UserRepository) DeleteStaleAppTokens(c context.Context) error {
+	now := time.Now().UTC()
+	return r.db.WithContext(c).Where("expires_at <= ?", now).Delete(&models.AppToken{}).Error
+}
diff --git a/internal/services/housekeeper/app_tokens.go b/internal/services/housekeeper/app_tokens.go
@@ -0,0 +1,55 @@
+package housekeeper
+
+import (
+	"context"
+
+	"dkhalife.com/tasks/core/config"
+	uRepo "dkhalife.com/tasks/core/internal/repos/user"
+	"dkhalife.com/tasks/core/internal/services/logging"
+	"dkhalife.com/tasks/core/internal/utils/email"
+)
+
+type AppTokenCleaner struct {
+	cfg   *config.Config
+	uRepo *uRepo.UserRepository
+	es    *email.EmailSender
+}
+
+func NewAppTokenCleaner(cfg *config.Config, ur *uRepo.UserRepository, es *email.EmailSender) *AppTokenCleaner {
+	return &AppTokenCleaner{
+		cfg:   cfg,
+		uRepo: ur,
+		es:    es,
+	}
+}
+
+func (prc *AppTokenCleaner) SendTokenExpirationReminder(c context.Context) error {
+	log := logging.FromContext(c)
+
+	tokens, err := prc.uRepo.GetAppTokensNearingExpiration(c, prc.cfg.SchedulerJobs.TokenExpirationReminder)
+	log.Debug("Tokens nearing expiration", " count ", len(tokens))
+
+	if err != nil {
+		return err
+	}
+
+	for _, token := range tokens {
+		log.Debug("Sending token expiration reminder", "email", token.User.Email, "token", token.Name)
+
+		err = prc.es.SendTokenExpirationReminder(c, token.Name, token.User.Email)
+		if err != nil {
+			log.Error("Failed to send token expiration reminder email", "email", token.User.Email, "error", err)
+		}
+	}
+
+	return nil
+}
+
+func (prc *AppTokenCleaner) CleanupExpiredTokens(c context.Context) error {
+	err := prc.uRepo.DeleteStaleAppTokens(c)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/internal/services/scheduler/scheduler.go b/internal/services/scheduler/scheduler.go
@@ -20,14 +20,16 @@ type Scheduler struct {
 	stopChan             chan bool
 	notifier             *notifications.Notifier
 	passwordResetCleaner *housekeeper.PasswordResetCleaner
+	appTokenCleaner      *housekeeper.AppTokenCleaner
 	config               config.SchedulerConfig
 }
 
-func NewScheduler(cfg *config.Config, n *notifications.Notifier, prc *housekeeper.PasswordResetCleaner) *Scheduler {
+func NewScheduler(cfg *config.Config, n *notifications.Notifier, prc *housekeeper.PasswordResetCleaner, atk *housekeeper.AppTokenCleaner) *Scheduler {
 	return &Scheduler{
 		stopChan:             make(chan bool),
 		notifier:             n,
 		passwordResetCleaner: prc,
+		appTokenCleaner:      atk,
 		config:               cfg.SchedulerJobs,
 	}
 }
@@ -40,6 +42,8 @@ func (s *Scheduler) Start(c context.Context) {
 	go s.runScheduler(c, "NOTIFICATION_SENDER", s.notifier.LoadAndSendNotificationJob, s.config.DueFrequency)
 	go s.runScheduler(c, "NOTIFICATION_CLEANUP", s.notifier.CleanupSentNotifications, 2*s.config.DueFrequency)
 	go s.runScheduler(c, "PASSWORD_RESET_CLEANUP", s.passwordResetCleaner.CleanupStalePasswordResets, s.config.PasswordResetValidity)
+	go s.runScheduler(c, "TOKEN_EXPIRATION_REMINDER", s.appTokenCleaner.SendTokenExpirationReminder, s.config.TokenExpirationReminder)
+	go s.runScheduler(c, "TOKEN_EXPIRATION_CLEANUP", s.appTokenCleaner.CleanupExpiredTokens, time.Duration(24)*time.Hour)
 }
 
 func (s *Scheduler) runScheduler(c context.Context, jobName string, job func(c context.Context) error, interval time.Duration) {

diff --git a/internal/utils/email/email.go b/internal/utils/email/email.go
@@ -137,3 +137,29 @@ func (es *EmailSender) SendWelcomeEmail(c context.Context, name string, to strin
 
 	return nil
 }
+
+func (es *EmailSender) SendTokenExpirationReminder(c context.Context, tokenName string, to string) error {
+	err := es.validateConfig()
+	if err != nil {
+		return err
+	}
+
+	htmlBody := `
+		<html>
+		<body>
+			<p>Dear user,</p>
+			<p>Your Task Wizard access token '` + tokenName + `' is about to expire. Please log in to the application to generate a new token.</p>
+			<p>If you did not request a new token, please ignore this email.</p>
+			<p>Thank you,</p>
+			<p><strong>Task Wizard</strong></p>
+		</body>
+		</html>
+	`
+
+	err = es.sendEmail(c, to, "Task Wizard - Token Expiration Reminder", htmlBody)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/main.go b/main.go
@@ -64,6 +64,7 @@ func main() {
 		// add services
 		fx.Provide(notifier.NewNotifier),
 		fx.Provide(housekeeper.NewPasswordResetCleaner),
+		fx.Provide(housekeeper.NewAppTokenCleaner),
 
 		// Rate limiter
 		fx.Provide(utils.NewRateLimiter),