From 7d27e368f10d6f1df89f0059f13b932652da7b28 Mon Sep 17 00:00:00 2001 From: zurdi Date: Fri, 13 Jun 2025 12:54:31 +0000 Subject: [PATCH] feat: add SESSION_MAX_AGE_SECONDS configuration for session middleware --- backend/config/__init__.py | 3 +++ backend/handler/auth/middleware.py | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/backend/config/__init__.py b/backend/config/__init__.py index 567ada657..f98f51f2d 100644 --- a/backend/config/__init__.py +++ b/backend/config/__init__.py @@ -79,6 +79,9 @@ MOBYGAMES_API_KEY: Final = os.environ.get("MOBYGAMES_API_KEY", "").strip() ROMM_AUTH_SECRET_KEY: Final = os.environ.get( "ROMM_AUTH_SECRET_KEY", secrets.token_hex(32) ) +SESSION_MAX_AGE_SECONDS: Final = int( + os.environ.get("SESSION_MAX_AGE_SECONDS", 14 * 24 * 60 * 60) +) # 14 days, in seconds DISABLE_CSRF_PROTECTION = str_to_bool( os.environ.get("DISABLE_CSRF_PROTECTION", "false") ) diff --git a/backend/handler/auth/middleware.py b/backend/handler/auth/middleware.py index 62b70dcd3..33d9316c4 100644 --- a/backend/handler/auth/middleware.py +++ b/backend/handler/auth/middleware.py @@ -1,6 +1,7 @@ import time from collections import namedtuple +from config import SESSION_MAX_AGE_SECONDS from joserfc import jwt from joserfc.errors import BadSignatureError from joserfc.jwk import OctKey @@ -37,7 +38,7 @@ class SessionMiddleware: app: ASGIApp, secret_key: str | Secret | SecretKey, session_cookie: str = "session", - max_age: int = 14 * 24 * 60 * 60, # 14 days, in seconds + max_age: int = SESSION_MAX_AGE_SECONDS, same_site: str = "lax", https_only: bool = False, jwt_alg: str = "HS256",