Ensure minimum token lifetime

author Georgios Kontaxis <redacted>

Thu, 6 Nov 2025 16:24:47 +0000 (16:24 +0000)

committer Georgios Kontaxis <redacted>

Thu, 6 Nov 2025 18:10:07 +0000 (18:10 +0000)
author Georgios Kontaxis <redacted>
Thu, 6 Nov 2025 16:24:47 +0000 (16:24 +0000)
committer Georgios Kontaxis <redacted>
Thu, 6 Nov 2025 18:10:07 +0000 (18:10 +0000)
diff --git a/server/auth/local/local.py b/server/auth/local/local.py

index f413806c515efe42f2b1dbc041babbd4e60c8f8b..99257b3a162fa4100a5c2459f8d2f57064b42f37 100644 (file)
--- a/server/auth/local/local.py
+++ b/server/auth/local/local.py
@@ -1,6 +1,6 @@
  import secrets\r
  from base64 import b32encode\r
-from datetime import datetime, timedelta\r
+from datetime import datetime, timedelta, timezone\r
  \r
  from fastapi import Depends, HTTPException, Request\r
  from fastapi.security import OAuth2PasswordBearer\r
@@ -29,6 +29,8 @@ class LocalAuth(BaseAuth):
          self.session_expiry_days = get_env(\r
              "FLATNOTES_SESSION_EXPIRY_DAYS", default=30, cast_int=True\r
          )\r
+        if self.session_expiry_days < 0:\r
+            self.session_expiry_days = 0\r
  \r
          # TOTP\r
          self.is_totp_enabled = False\r
@@ -101,8 +103,9 @@ class LocalAuth(BaseAuth):
  \r
      def _create_access_token(self, data: dict):\r
          to_encode = data.copy()\r
-        expiry_datetime = datetime.utcnow() + timedelta(\r
-            days=self.session_expiry_days\r
+        expiry_datetime = datetime.now(timezone.utc) + timedelta(\r
+            days=self.session_expiry_days,\r
+            seconds=30\r
          )\r
          to_encode.update({"exp": expiry_datetime})\r
          encoded_jwt = jwt.encode(\r
author	Georgios Kontaxis <redacted>
	Thu, 6 Nov 2025 16:24:47 +0000 (16:24 +0000)
committer	Georgios Kontaxis <redacted>
	Thu, 6 Nov 2025 18:10:07 +0000 (18:10 +0000)