From 197b7c1cbbf36957ff5a4393d8cb1fc0cfaab7f4 Mon Sep 17 00:00:00 2001 From: "Gan, Jimmy" Date: Thu, 19 Feb 2026 19:44:30 +0800 Subject: [PATCH] Fix session expiry: use config value, increase to 7 days - LOGIN was ignoring ACCESS_TOKEN_EXPIRE_MINUTES (hardcoded 15min default) - Pass expires_delta from config in login route - Increase token lifetime from 30min to 7 days --- dashboard/backend/config.py | 2 +- dashboard/backend/routers/auth.py | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/dashboard/backend/config.py b/dashboard/backend/config.py index abd57c7..5bfbf48 100644 --- a/dashboard/backend/config.py +++ b/dashboard/backend/config.py @@ -9,7 +9,7 @@ VOLUME_ROOT = os.environ.get("VOLUME_ROOT", "/volume1") # Auth SECRET_KEY = os.environ.get("SECRET_KEY", "c1a776b228421830e7c7df0887adc75f74bac65aaa1fc364be96861b1f8c8701") ALGORITHM = "HS256" -ACCESS_TOKEN_EXPIRE_MINUTES = 30 +ACCESS_TOKEN_EXPIRE_MINUTES = 60 * 24 * 7 # 7 days ADMIN_USER = os.environ.get("ADMIN_USER", "admin") # Default hash for "admin" using pbkdf2_sha256 scheme to avoid bcrypt compat issues ADMIN_PASSWORD_HASH = os.environ.get("ADMIN_PASSWORD_HASH", "$pbkdf2-sha256$29000$25tTKoUQIgQghLC2ds4ZYw$H/fCb3H5wmOkwj6l6KrVlmns0TWfzKPOrG3sgVDR.eg") diff --git a/dashboard/backend/routers/auth.py b/dashboard/backend/routers/auth.py index 0a1d536..6d448f0 100644 --- a/dashboard/backend/routers/auth.py +++ b/dashboard/backend/routers/auth.py @@ -1,3 +1,4 @@ +from datetime import timedelta from fastapi import APIRouter, Depends, HTTPException, status from pydantic import BaseModel import config @@ -51,7 +52,10 @@ async def login(creds: LoginRequest): headers={"WWW-Authenticate": "Bearer"}, ) - access_token = auth.create_access_token(data={"sub": creds.username}) + access_token = auth.create_access_token( + data={"sub": creds.username}, + expires_delta=timedelta(minutes=config.ACCESS_TOKEN_EXPIRE_MINUTES), + ) return { "access_token": access_token, "token_type": "bearer",