feat: be explicit when specifying time & replace moment with date-fns

[theneva]

This uses date-fns for all (I hope) fiddling with time and durations.

I think this makes it way easier to understand which units are used (for example, milliseconds or seconds). It also removes the need for things like hard coded millisecond representations of 24 hours.

I took the liberty of replacing all usage of moment with date-fns, and removing the dependency. (I did not, however, update the docs page that uses moment in an example (website/docs/advanced/custom-activation-strategy.md)).

I'll write some inline PR comments in the places where I think the changes are less than obvious – but feel free to ask questions 😄

A small note: I've not been super strict about using just one of Date.now() and new Date(), since it doesn't matter. date-fns happily consumes both.

Do you think this makes sense?

[theneva]

Wrote some comments to help the poor reader of this all-over-the-place diff.

[theneva]

$ node
> require('date-fns').hoursToSeconds(24 * 365 * 2)
63072000

(There is no way to safely translate hours to days, due to daylight savings time. The same goes for days to years, due to leap years. Therefore (I believe), date-fns offers no utilities to make those conversions, and I just kept the original value. I think this is the only inline code comment I wrote.)

[theneva]

$ node
> require('moment')().format('YYYY-MM-DD_HH-mm-ss')
'2021-10-27_15-06-43'
> require('date-fns').format(Date.now(), 'yyyy-MM-dd_HH-mm-ss')
'2021-10-27_15-07-01'

(The minute and seconds are different because I ran the commands 18 seconds apart.)

[theneva]

I don't think the named constant adds any value, and I haven't seen this "pattern" anywhere else in the code, so I just inlined it since there's no need for the // 60s comment anymore.

[ivarconr]

I would prefer minutesToMilliseconds(1)

[theneva]

I agree! I'll switch to that everywhere so it's consistent.

[theneva]

$ node
> new Date(1516026938494)
2018-01-15T14:35:38.494Z
> require('date-fns').parseISO('2018-01-15T14:35:38.494Z');
2018-01-15T14:35:38.494Z

I think it's nice to not have gigantic numbers just hanging out in the code, so I prefer it like this.

[ivarconr]

agreed.

[theneva]

$ node
> require('date-fns').hoursToMilliseconds(24)
86400000

[theneva]

$ node
> require('date-fns').hoursToMilliseconds(24)
86400000

[theneva]

$ node
> require('date-fns').minutesToMilliseconds(48)
2880000

I have no idea why this is 48 minutes, but it is, so I kept it. Let me know if I missed some kind of significance about this number 🤷

[ivarconr]

I can't see any good reason other than a small mistake when the test was written. I would assume 48 hours make more sense, as this is our default session length.

Maybe @chriswk remembers this part?

[theneva]

I guess the code could just be confused about seconds and milliseconds. Even though the Max-Age and Expiry parts of a set-cookie header use seconds, express-session uses milliseconds (for compatibility with the JS Date, I guess). Multiplying the number by 1000 doesn't get us to 48 hours though 😅 I'm happy to change it to 48 hours if you prefer that – it is just a test, after all.

[ivarconr]

I do not think that's needed.

[theneva]

I think the spirit of d2 is to be d1 + 1 hour, so I changed it a bit. The values are the same, though

[theneva]

I believe nodejs/node#9561 was fixed in 2016 and was patched into both Node 4 and 6, so this code should be safe to run 😄

[ivarconr]

ttl-list will be removed in Unleash v4.3.

[theneva]

alright, should I just remove this particular change? I still need some diff in the file to avoid depending on moment.

[ivarconr]

no, good to remove the moment dependency. Feel free to fix the destroy to, its good to not leave timers hanging around if we do not have too.

[theneva]

okay, I'll leave my original change in, then 😄

[theneva]

I went a little bit wild explaining this, because it took me a while to figure out what was happening. Let me know if you don't want this long explanation, or if this utility belongs somewhere else in the project!

[ivarconr]

Thanks for explaining this, I learned something new, so good to keep it here!

We might reuse it later, but let's keep it here for now.

[theneva]

I found a small issue with this: it doesn't support milliseconds. It shouldn't affect the production code (which only uses hours and minutes), but it does affect the tests. I have no idea why they pass… Pushing a fix in a sec

[theneva]

fixed in 442c0b9. maybe it would be better to have the list not support milliseconds? I wanted to keep the the functional changes to a minimum

[ivarconr]

Looks really good. just a few minor comments

[ivarconr]

I would prefer minutesToMilliseconds(1)

[ivarconr]

Thanks for explaining this, I learned something new, so good to keep it here!

We might reuse it later, but let's keep it here for now.

[ivarconr]

no, good to remove the moment dependency. Feel free to fix the destroy to, its good to not leave timers hanging around if we do not have too.

[ivarconr]

agreed.

[ivarconr]

I can't see any good reason other than a small mistake when the test was written. I would assume 48 hours make more sense, as this is our default session length.

Maybe @chriswk remembers this part?

[theneva]

yep, having played with it a bit, I think anything below 1 minute is better written as a constant with underscores than either 10 * 1000 or secondsToMilliseconds(10) in the case of jest.advanceTimersByTime. When reading the test, you already know that this function takes milliseconds, so it's better to avoid the noise of helper functions or maths

[theneva]

… but when we're dealing with minutes, the numbers are less easy to grok, so I prefer the helper functions over either a constant number of milliseconds or inline arithmetic

[theneva]

I added this to ensure it both works with milliseconds and to catch a bug that I almost introduced and the other tests didn't catch

[theneva]

Okay, I think this is ready for a final look 😄

[ivarconr]

LGTM!