Session expiry: tokens expire after 1 day (auth consistency)
This commit is contained in:
+2
-2
@@ -395,7 +395,7 @@ async def auth_middleware(request: Request, call_next):
|
|||||||
conn = get_db()
|
conn = get_db()
|
||||||
row = conn.execute(
|
row = conn.execute(
|
||||||
"SELECT u.id, u.username, u.role FROM users u "
|
"SELECT u.id, u.username, u.role FROM users u "
|
||||||
"JOIN sessions s ON u.id = s.user_id WHERE s.token = ?",
|
"JOIN sessions s ON u.id = s.user_id WHERE s.token = ? AND s.expires_at > datetime('now')",
|
||||||
(token,),
|
(token,),
|
||||||
).fetchone()
|
).fetchone()
|
||||||
conn.close()
|
conn.close()
|
||||||
@@ -810,7 +810,7 @@ def login(body: dict):
|
|||||||
|
|
||||||
token = _generate_token()
|
token = _generate_token()
|
||||||
conn.execute(
|
conn.execute(
|
||||||
"INSERT INTO sessions (user_id, token) VALUES (?, ?)",
|
"INSERT INTO sessions (user_id, token, expires_at) VALUES (?, ?, datetime('now', '+1 day'))",
|
||||||
(row["id"], token),
|
(row["id"], token),
|
||||||
)
|
)
|
||||||
conn.commit()
|
conn.commit()
|
||||||
|
|||||||
Reference in New Issue
Block a user