add password expiry enforcement

2026-01-28 22:00:51 +00:00 · 2025-10-24 17:11:39 -07:00
parent 39d6b93d42
commit 1e70e4289b
17 changed files with 1028 additions and 71 deletions
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -27,7 +27,8 @@ export const orgs = pgTable("orgs", {
    subnet: varchar("subnet"),
    createdAt: text("createdAt"),
    requireTwoFactor: boolean("requireTwoFactor"),
-    maxSessionLengthHours: integer("maxSessionLengthHours")
+    maxSessionLengthHours: integer("maxSessionLengthHours"),
+    passwordExpiryDays: integer("passwordExpiryDays")
 });

 export const orgDomains = pgTable("orgDomains", {
@@ -201,7 +202,8 @@ export const users = pgTable("user", {
    dateCreated: varchar("dateCreated").notNull(),
    termsAcceptedTimestamp: varchar("termsAcceptedTimestamp"),
    termsVersion: varchar("termsVersion"),
-    serverAdmin: boolean("serverAdmin").notNull().default(false)
+    serverAdmin: boolean("serverAdmin").notNull().default(false),
+    lastPasswordChange: bigint("lastPasswordChange", { mode: "number" })
 });

 export const newts = pgTable("newt", {
@@ -228,7 +230,7 @@ export const sessions = pgTable("session", {
        .notNull()
        .references(() => users.userId, { onDelete: "cascade" }),
    expiresAt: bigint("expiresAt", { mode: "number" }).notNull(),
-    issuedAt: bigint("expiresAt", { mode: "number" })
+    issuedAt: bigint("issuedAt", { mode: "number" })
 });

 export const newtSessions = pgTable("newtSession", {