From 04f1ccffcbf38a6e14f911bf1e4da16dc10d6c3e Mon Sep 17 00:00:00 2001
From: Andreas Dinauer <andreas.j.dinauer@gmail.com>
Date: Sat, 18 Apr 2026 16:10:46 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=A7=20Check=20expiry=20before=20using?=
 =?UTF-8?q?=20token=20from=20cache?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../oidcproxy/session/SessionCache.java       | 52 ++++++-------------
 1 file changed, 17 insertions(+), 35 deletions(-)

diff --git a/src/main/java/dev/dinauer/oidcproxy/session/SessionCache.java b/src/main/java/dev/dinauer/oidcproxy/session/SessionCache.java
index c8b9542..9aa7149 100644
--- a/src/main/java/dev/dinauer/oidcproxy/session/SessionCache.java
+++ b/src/main/java/dev/dinauer/oidcproxy/session/SessionCache.java
@@ -21,41 +21,9 @@ public class SessionCache
 {
     private final Map<String, AccessToken> tokens = new ConcurrentHashMap<>();
 
-    @Inject
-    Logger LOG;
-
     @Inject
     SessionService sessionService;
 
-    @Inject
-    EncryptUtils encryptUtils;
-    @Inject
-    AccessTokenRepository accessTokenRepository;
-
-    @Startup
-    @ActivateRequestContext
-    void housekeeping()
-    {
-        Executors.newScheduledThreadPool(1).scheduleAtFixedRate(() -> {
-            LOG.info("Running housekeeping...");
-            List<AccessTokenEntity> sessions = accessTokenRepository.findExpiresBefore(ZonedDateTime.now().plusMinutes(2));
-            for (AccessTokenEntity session : sessions)
-            {
-                QuarkusTransaction.begin();
-                tokens.remove(session.getId());
-                try
-                {
-                    accessTokenRepository.delete(session);
-                    QuarkusTransaction.commit();
-                }
-                catch (Exception e)
-                {
-                    QuarkusTransaction.rollback();
-                }
-            }
-        }, 0, 30, TimeUnit.SECONDS);
-    }
-
     public String add(String accessToken, String refreshToken)
     {
         String sessionId = UUID.randomUUID().toString();
@@ -66,10 +34,10 @@ public class SessionCache
     public String get(String sessionId) throws TokenNotFoundException
     {
         String sessionHash = toHash(sessionId);
-        AccessToken token = tokens.get(sessionHash);
-        if (token != null)
+        Optional<String> token = getFromCache(sessionHash);
+        if (token.isPresent())
         {
-            return token.getToken();
+            return token.get();
         }
         AccessToken fromDB = sessionService.provide(sessionHash);
         tokens.put(sessionHash, fromDB);
@@ -83,6 +51,20 @@ public class SessionCache
         sessionService.remove(sessionHash);
     }
 
+    public Optional<String> getFromCache(String sessionHash)
+    {
+        AccessToken token = tokens.get(sessionHash);
+        if (token != null && ZonedDateTime.now().isBefore(token.getExpiresAt()))
+        {
+            return Optional.of(token.getToken());
+        }
+        else
+        {
+            tokens.remove(sessionHash);
+            return Optional.empty();
+        }
+    }
+
     private String toHash(String sessionId)
     {
         try