Session expiry: tokens expire after 1 day (auth consistency)
This commit is contained in:
+2
-2
@@ -395,7 +395,7 @@ async def auth_middleware(request: Request, call_next):
|
||||
conn = get_db()
|
||||
row = conn.execute(
|
||||
"SELECT u.id, u.username, u.role FROM users u "
|
||||
"JOIN sessions s ON u.id = s.user_id WHERE s.token = ?",
|
||||
"JOIN sessions s ON u.id = s.user_id WHERE s.token = ? AND s.expires_at > datetime('now')",
|
||||
(token,),
|
||||
).fetchone()
|
||||
conn.close()
|
||||
@@ -810,7 +810,7 @@ def login(body: dict):
|
||||
|
||||
token = _generate_token()
|
||||
conn.execute(
|
||||
"INSERT INTO sessions (user_id, token) VALUES (?, ?)",
|
||||
"INSERT INTO sessions (user_id, token, expires_at) VALUES (?, ?, datetime('now', '+1 day'))",
|
||||
(row["id"], token),
|
||||
)
|
||||
conn.commit()
|
||||
|
||||
Reference in New Issue
Block a user