1
0
Fork 0
forked from alemi/upub

feat: config session duration, token refreshes

allow refreshing sessions before they expire
This commit is contained in:
əlemi 2024-06-07 02:22:43 +02:00
parent e783ca2276
commit 28889eb338
Signed by: alemi
GPG key ID: A4895B84D311642C
2 changed files with 8 additions and 3 deletions

View file

@ -71,9 +71,12 @@ pub struct SecurityConfig {
#[serde_inline_default(true)] #[serde_inline_default(true)]
pub show_reply_ids: bool, pub show_reply_ids: bool,
#[serde(default)] #[serde_inline_default(true)]
pub allow_login_refresh: bool, pub allow_login_refresh: bool,
#[serde_inline_default(7 * 24)]
pub session_duration_hours: i64,
#[serde_inline_default(2)] #[serde_inline_default(2)]
pub max_id_redirects: u32, pub max_id_redirects: u32,

View file

@ -41,7 +41,7 @@ pub async fn login(
{ {
Some(x) => { Some(x) => {
let token = token(); let token = token();
let expires = chrono::Utc::now() + std::time::Duration::from_secs(3600 * 6); let expires = chrono::Utc::now() + chrono::Duration::hours(ctx.cfg().security.session_duration_hours);
upub::model::session::Entity::insert( upub::model::session::Entity::insert(
upub::model::session::ActiveModel { upub::model::session::ActiveModel {
internal: sea_orm::ActiveValue::NotSet, internal: sea_orm::ActiveValue::NotSet,
@ -80,7 +80,9 @@ pub async fn refresh(
.await? .await?
.ok_or_else(crate::ApiError::unauthorized)?; .ok_or_else(crate::ApiError::unauthorized)?;
if prev.expires > chrono::Utc::now() { // allow refreshing tokens a little bit before they expire, specifically 1/4 of their lifespan before
let quarter_session_lifespan = chrono::Duration::days(ctx.cfg().security.session_duration_hours) / 4;
if prev.expires - quarter_session_lifespan > chrono::Utc::now() {
return Ok(Json(AuthSuccess { token: prev.secret, user: prev.actor, expires: prev.expires })); return Ok(Json(AuthSuccess { token: prev.secret, user: prev.actor, expires: prev.expires }));
} }