diff --git a/admin_server.py b/admin_server.py index 4c3aa63..b03043f 100644 --- a/admin_server.py +++ b/admin_server.py @@ -395,7 +395,7 @@ async def auth_middleware(request: Request, call_next): conn = get_db() row = conn.execute( "SELECT u.id, u.username, u.role FROM users u " - "JOIN sessions s ON u.id = s.user_id WHERE s.token = ?", + "JOIN sessions s ON u.id = s.user_id WHERE s.token = ? AND s.expires_at > datetime('now')", (token,), ).fetchone() conn.close() @@ -810,7 +810,7 @@ def login(body: dict): token = _generate_token() conn.execute( - "INSERT INTO sessions (user_id, token) VALUES (?, ?)", + "INSERT INTO sessions (user_id, token, expires_at) VALUES (?, ?, datetime('now', '+1 day'))", (row["id"], token), ) conn.commit()