mirror of
https://github.com/multica-ai/multica.git
synced 2026-07-15 22:29:04 +02:00
Replace hardcoded 72-hour auth timeout with configurable JWT_EXPIRATION env var (default: 30 days). This prevents users from being logged out every 3 days. CloudFront cookie expiration is now synced with JWT expiration automatically. Closes MUL-151
46 lines
1.2 KiB
Go
46 lines
1.2 KiB
Go
package auth
|
|
|
|
import (
|
|
"fmt"
|
|
"log/slog"
|
|
"os"
|
|
"strings"
|
|
"sync"
|
|
"time"
|
|
)
|
|
|
|
const (
|
|
// DefaultJWTExpiration is the default JWT token lifetime.
|
|
// 30 days is reasonable for a productivity tool — users shouldn't need to
|
|
// re-authenticate every few days.
|
|
DefaultJWTExpiration = 30 * 24 * time.Hour // 720h
|
|
)
|
|
|
|
var (
|
|
jwtExpiration time.Duration
|
|
jwtExpirationOnce sync.Once
|
|
)
|
|
|
|
// JWTExpiration returns the configured JWT token lifetime.
|
|
// Reads from JWT_EXPIRATION env var (Go duration string, e.g. "720h", "168h").
|
|
// Falls back to DefaultJWTExpiration (30 days).
|
|
func JWTExpiration() time.Duration {
|
|
jwtExpirationOnce.Do(func() {
|
|
jwtExpiration = DefaultJWTExpiration
|
|
if v := strings.TrimSpace(os.Getenv("JWT_EXPIRATION")); v != "" {
|
|
d, err := time.ParseDuration(v)
|
|
if err != nil {
|
|
slog.Error("invalid JWT_EXPIRATION, using default", "value", v, "error", err, "default", DefaultJWTExpiration)
|
|
return
|
|
}
|
|
if d <= 0 {
|
|
slog.Error("JWT_EXPIRATION must be positive, using default", "value", v, "default", DefaultJWTExpiration)
|
|
return
|
|
}
|
|
jwtExpiration = d
|
|
slog.Info(fmt.Sprintf("JWT expiration set to %s", d))
|
|
}
|
|
})
|
|
return jwtExpiration
|
|
}
|