feat: distinction between duration and lifetime

src/main.rs

@@ -31,8 +31,12 @@ struct ConfigArgs {
 	#[arg(short, long, default_value = "127.0.0.1:26656")]
 	bind_addr: String,
 
-	/// Access tokens lifetime, in seconds
+	/// How long an access token stays valid, in seconds
 	#[arg(long, default_value_t = 3600)]
+	token_duration: u32,
+
+	/// How long an access token is refreshable, in hours
+	#[arg(long, default_value_t = 168)]
 	token_lifetime: u32,
 
 	/// Valid time for join requests, in seconds
@@ -76,7 +80,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
 
 	let db = Database::connect(cfg.database.clone()).await?;
 
-	purge_expired_tokens(&db, Duration::seconds(cfg.token_lifetime.into())).await?;
+	purge_expired_tokens(&db, Duration::hours(cfg.token_lifetime.into())).await?;
 
 	let secret = load_secret(&db).await?;
 

src/routes/auth.rs

@@ -14,7 +14,7 @@ pub async fn validate(State(state): State<AppState>, Json(payload): Json<proto::
 	).one(&state.db).await.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
 
 	if let Some(t) = token {
-		if Utc::now() - t.created_at > Duration::seconds(state.cfg.token_lifetime as i64) {
+		if Utc::now() - t.created_at > Duration::seconds(state.cfg.token_duration as i64) {
 			warn!(target: "AUTH", "[VALIDATE] expired token!");
 			return Err(StatusCode::UNAUTHORIZED);
 		}

src/routes/session.rs

@@ -24,7 +24,7 @@ pub async fn join(State(state): State<AppState>, Json(payload): Json<proto::Join
 
 	if tokens.iter().any(|x| {
 		x.access_token == payload.accessToken
-		&& Utc::now() - x.created_at < Duration::seconds(state.cfg.token_lifetime as i64)
+		&& Utc::now() - x.created_at < Duration::seconds(state.cfg.token_duration as i64)
 	}) {
 		state.store.lock().await.insert(payload.selectedProfile, JoinAttempt::new(payload.serverId.clone()));
 		info!(target: "SESSION", "[JOIN] user {} has joined server {}", payload.selectedProfile, payload.serverId);