feat: add session max lifetime and fix refresh logic (#559)

* feat: allow any HTTP method for /api/auth/envoy and restrict methods for non-envoy proxies

* feat: add Allow header for invalid methods in proxyHandler

* feat: add session max lifetime and fix refresh logic

* fix: set default value for created_at column and improve session expiration logic

---------

Co-authored-by: Stavros <steveiliop56@gmail.com>

internal/bootstrap/service_bootstrap.go

@@ -58,14 +58,15 @@ func (app *BootstrapApp) initServices(queries *repository.Queries) (Services, er
 	services.accessControlService = accessControlsService
 
 	authService := service.NewAuthService(service.AuthServiceConfig{
-		Users:             app.context.users,
-		OauthWhitelist:    app.config.OAuth.Whitelist,
-		SessionExpiry:     app.config.Auth.SessionExpiry,
-		SecureCookie:      app.config.Auth.SecureCookie,
-		CookieDomain:      app.context.cookieDomain,
-		LoginTimeout:      app.config.Auth.LoginTimeout,
-		LoginMaxRetries:   app.config.Auth.LoginMaxRetries,
-		SessionCookieName: app.context.sessionCookieName,
+		Users:              app.context.users,
+		OauthWhitelist:     app.config.OAuth.Whitelist,
+		SessionExpiry:      app.config.Auth.SessionExpiry,
+		SessionMaxLifetime: app.config.Auth.SessionMaxLifetime,
+		SecureCookie:       app.config.Auth.SecureCookie,
+		CookieDomain:       app.context.cookieDomain,
+		LoginTimeout:       app.config.Auth.LoginTimeout,
+		LoginMaxRetries:    app.config.Auth.LoginMaxRetries,
+		SessionCookieName:  app.context.sessionCookieName,
 	}, dockerService, ldapService, queries)
 
 	err = authService.Init()