mirror of
https://git.sr.ht/~tsileo/microblog.pub
synced 2025-01-22 04:44:27 +00:00
Fix admin session timeout
This commit is contained in:
parent
a435cd33c9
commit
8475f5bccd
3 changed files with 8 additions and 3 deletions
|
@ -30,6 +30,7 @@ from app.boxes import send_block
|
|||
from app.boxes import send_follow
|
||||
from app.boxes import send_unblock
|
||||
from app.config import EMOJIS
|
||||
from app.config import SESSION_TIMEOUT
|
||||
from app.config import generate_csrf_token
|
||||
from app.config import session_serializer
|
||||
from app.config import verify_csrf_token
|
||||
|
@ -66,7 +67,7 @@ async def user_session_or_redirect(
|
|||
raise _RedirectToLoginPage
|
||||
|
||||
try:
|
||||
loaded_session = session_serializer.loads(session, max_age=3600 * 24 * 3)
|
||||
loaded_session = session_serializer.loads(session, max_age=SESSION_TIMEOUT)
|
||||
except Exception:
|
||||
logger.exception("Failed to validate admin session")
|
||||
raise _RedirectToLoginPage
|
||||
|
|
|
@ -116,6 +116,8 @@ class Config(pydantic.BaseModel):
|
|||
sqlalchemy_database: str | None = None
|
||||
key_path: str | None = None
|
||||
|
||||
session_timeout: int = 3600 * 24 * 3 # in seconds, 3 days by default
|
||||
|
||||
# Only set when the app is served on a non-root path
|
||||
id: str | None = None
|
||||
|
||||
|
@ -171,6 +173,7 @@ ALSO_KNOWN_AS = CONFIG.also_known_as
|
|||
CUSTOM_CONTENT_SECURITY_POLICY = CONFIG.custom_content_security_policy
|
||||
|
||||
INBOX_RETENTION_DAYS = CONFIG.inbox_retention_days
|
||||
SESSION_TIMEOUT = CONFIG.session_timeout
|
||||
CUSTOM_FOOTER = (
|
||||
markdown(CONFIG.custom_footer.replace("{version}", VERSION))
|
||||
if CONFIG.custom_footer
|
||||
|
|
|
@ -27,6 +27,7 @@ from app.ap_object import Object
|
|||
from app.config import BASE_URL
|
||||
from app.config import CUSTOM_FOOTER
|
||||
from app.config import DEBUG
|
||||
from app.config import SESSION_TIMEOUT
|
||||
from app.config import VERSION
|
||||
from app.config import generate_csrf_token
|
||||
from app.config import session_serializer
|
||||
|
@ -69,10 +70,10 @@ def is_current_user_admin(request: Request) -> bool:
|
|||
try:
|
||||
loaded_session = session_serializer.loads(
|
||||
session_cookie,
|
||||
max_age=3600 * 12,
|
||||
max_age=SESSION_TIMEOUT,
|
||||
)
|
||||
except Exception:
|
||||
pass
|
||||
logger.exception("Failed to validate session timeout")
|
||||
else:
|
||||
is_admin = loaded_session.get("is_logged_in")
|
||||
|
||||
|
|
Loading…
Reference in a new issue