TykTechnologies · kofoworola · Jan 17, 2025 · Jan 16, 2025 · Jan 16, 2025 · Jan 16, 2025
diff --git a/apidef/api_definitions.go b/apidef/api_definitions.go
@@ -738,6 +738,7 @@ type APIDefinition struct {
 	CacheOptions                         CacheOptions           `bson:"cache_options" json:"cache_options"`
 	SessionLifetimeRespectsKeyExpiration bool                   `bson:"session_lifetime_respects_key_expiration" json:"session_lifetime_respects_key_expiration,omitempty"`
 	SessionLifetime                      int64                  `bson:"session_lifetime" json:"session_lifetime"`
+	SessionLifetimeDisabled              bool                   `bson:"session_lifetime_disabled" json:"session_lifetime_disabled"`
 	Active                               bool                   `bson:"active" json:"active"`
 	Internal                             bool                   `bson:"internal" json:"internal"`
 	AuthProvider                         AuthProviderMeta       `bson:"auth_provider" json:"auth_provider"`

diff --git a/apidef/migration.go b/apidef/migration.go
@@ -439,6 +439,7 @@ func (a *APIDefinition) SetDisabledFlags() {
 	a.Proxy.ServiceDiscovery.CacheDisabled = true
 	a.UptimeTests.Config.ServiceDiscovery.CacheDisabled = true
 	a.DisableExpireAnalytics = true
+	a.SessionLifetimeDisabled = true
 
 	for i := 0; i < len(a.CustomMiddleware.Pre); i++ {
 		a.CustomMiddleware.Pre[i].Disabled = true

diff --git a/apidef/migration_test.go b/apidef/migration_test.go
@@ -677,6 +677,7 @@ func TestSetDisabledFlags(t *testing.T) {
 		DomainDisabled:                 true,
 		CustomMiddlewareBundleDisabled: true,
 		ConfigDataDisabled:             true,
+		SessionLifetimeDisabled:        true,
 		Proxy: ProxyConfig{
 			ServiceDiscovery: ServiceDiscoveryConfiguration{
 				CacheDisabled: true,

diff --git a/apidef/oas/authentication.go b/apidef/oas/authentication.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"reflect"
 	"sort"
+	"time"
 
 	"github.com/getkin/kin-openapi/openapi3"
 	"github.com/mitchellh/mapstructure"
@@ -57,6 +58,45 @@ type Authentication struct {
 
 	// SecuritySchemes contains security schemes definitions.
 	SecuritySchemes SecuritySchemes `bson:"securitySchemes,omitempty" json:"securitySchemes,omitempty"`
+
+	// KeyRetentionPeriod contains configuration for key retention.
+	KeyRetentionPeriod *KeyRetentionPeriod `bson:"keyRetentionPeriod,omitempty" json:"keyRetentionPeriod,omitempty"`
+}
+
+// KeyRetentionPeriod contains configuration for key retention.
+type KeyRetentionPeriod struct {
+	// Enabled enables Key retention for the API
+	//
+	// Tyk classic API definition: `!disable_expire_analytics`.
+	Enabled bool `bson:"enabled,omitempty" json:"enabled,omitempty"`
+	// Value is the interval to keep the Key for
+	// The value of Value is a string that specifies the interval in a compact form,
+	// where hours, minutes and seconds are denoted by 'h', 'm' and 's' respectively.
+	// Multiple units can be combined to represent the duration.
+	//
+	// Examples of valid shorthand notations:
+	// - "1h"   : one hour
+	// - "20m"  : twenty minutes
+	// - "30s"  : thirty seconds
+	// - "1m29s": one minute and twenty-nine seconds
+	// - "1h30m" : one hour and thirty minutes
+	//
+	// An empty value is interpreted as "0s"
+	//
+	// Tyk classic API definition: `expire_analytics_after`.
+	Value ReadableDuration `bson:"value" json:"value"`
+}
+
+// Fill fills *KeyRetentionPeriod from apidef.APIDefinition.
+func (k *KeyRetentionPeriod) Fill(api apidef.APIDefinition) {
+	k.Enabled = !api.SessionLifetimeDisabled
+	k.Value = ReadableDuration(time.Duration(api.ExpireAnalyticsAfter) * time.Second)
+}
+
+// ExtractTo extracts *Authentication into *apidef.APIDefinition.
+func (k *KeyRetentionPeriod) ExtractTo(api *apidef.APIDefinition) {
+	api.SessionLifetimeDisabled = !k.Enabled
+	api.SessionLifetime = int64(k.Value.Seconds())
 }
 
 // Fill fills *Authentication from apidef.APIDefinition.
@@ -75,6 +115,14 @@ func (a *Authentication) Fill(api apidef.APIDefinition) {
 		a.Custom = nil
 	}
 
+	if a.KeyRetentionPeriod == nil {
+		a.KeyRetentionPeriod = &KeyRetentionPeriod{}
+	}
+	a.KeyRetentionPeriod.Fill(api)
+	if ShouldOmit(a.KeyRetentionPeriod) {
+		a.KeyRetentionPeriod = nil
+	}
+
 	if api.AuthConfigs == nil || len(api.AuthConfigs) == 0 {
 		return
 	}
@@ -126,6 +174,14 @@ func (a *Authentication) ExtractTo(api *apidef.APIDefinition) {
 	}
 
 	a.Custom.ExtractTo(api)
+
+	if a.KeyRetentionPeriod == nil {
+		a.KeyRetentionPeriod = &KeyRetentionPeriod{}
+		defer func() {
+			a.KeyRetentionPeriod = nil
+		}()
+	}
+	a.KeyRetentionPeriod.ExtractTo(api)
 }
 
 // SecuritySchemes holds security scheme values, filled with Import().

diff --git a/apidef/oas/linter_test.go b/apidef/oas/linter_test.go
@@ -83,6 +83,7 @@ func TestXTykGateway_Lint(t *testing.T) {
 		}
 
 		settings.Upstream.RateLimit.Per = ReadableDuration(10 * time.Second)
+		settings.Server.Authentication.KeyRetentionPeriod.Value = settings.Upstream.RateLimit.Per
 
 		settings.Upstream.Authentication = &UpstreamAuth{
 			Enabled:   false,

diff --git a/apidef/oas/oas_test.go b/apidef/oas/oas_test.go
@@ -254,7 +254,7 @@ func TestOAS_ExtractTo_ResetAPIDefinition(t *testing.T) {
 		"APIDefinition.Proxy.Transport.ProxyURL",
 		"APIDefinition.DisableQuota",
 		"APIDefinition.SessionLifetimeRespectsKeyExpiration",
-		"APIDefinition.SessionLifetime",
+		"APIDefinition.SessionLifetimeDisabled",
 		"APIDefinition.AuthProvider.Name",
 		"APIDefinition.AuthProvider.StorageEngine",
 		"APIDefinition.AuthProvider.Meta[0]",
@@ -1055,6 +1055,10 @@ func TestMigrateAndFillOAS_CustomPluginAuth(t *testing.T) {
 					Path:         "/path/to/plugin",
 				},
 			},
+			KeyRetentionPeriod: &KeyRetentionPeriod{
+				Enabled: true,
+				Value:   0,
+			},
 		}
 
 		assert.Equal(t, expectedAuthentication, *migratedAPI.OAS.GetTykExtension().Server.Authentication)
@@ -1105,6 +1109,10 @@ func TestMigrateAndFillOAS_CustomPluginAuth(t *testing.T) {
 					},
 				},
 			},
+			KeyRetentionPeriod: &KeyRetentionPeriod{
+				Enabled: true,
+				Value:   0,
+			},
 		}
 
 		assert.Equal(t, expectedAuthentication, *migratedAPI.OAS.GetTykExtension().Server.Authentication)

diff --git a/apidef/oas/schema/x-tyk-api-gateway.json b/apidef/oas/schema/x-tyk-api-gateway.json
@@ -1203,6 +1203,21 @@
               ]
             }
           }
+        },
+        "keyRetentionPeriod": {
+          "type": "object",
+          "properties": {
+            "enabled": {
+              "type": "boolean"
+            },
+            "value": {
+              "type": "string",
+              "pattern": "^(\\d+h)?(\\d+m)?(\\d+s)?$"
+            }
+          },
+          "required": [
+            "enabled"
+          ]
         }
       },
       "required": [

diff --git a/apidef/schema.json b/apidef/schema.json
@@ -55,6 +55,9 @@
     "do_not_track": {
       "type": "boolean"
     },
+    "session_lifetime_disabled": {
+      "type": "boolean"
+    },
     "enable_jwt": {
       "type": "boolean"
     },