Fix admin session timeout

main
Thomas Sileo 2022-11-21 20:43:51 +01:00
parent a435cd33c9
commit 8475f5bccd
3 changed files with 8 additions and 3 deletions

View File

@ -30,6 +30,7 @@ from app.boxes import send_block
from app.boxes import send_follow from app.boxes import send_follow
from app.boxes import send_unblock from app.boxes import send_unblock
from app.config import EMOJIS from app.config import EMOJIS
from app.config import SESSION_TIMEOUT
from app.config import generate_csrf_token from app.config import generate_csrf_token
from app.config import session_serializer from app.config import session_serializer
from app.config import verify_csrf_token from app.config import verify_csrf_token
@ -66,7 +67,7 @@ async def user_session_or_redirect(
raise _RedirectToLoginPage raise _RedirectToLoginPage
try: try:
loaded_session = session_serializer.loads(session, max_age=3600 * 24 * 3) loaded_session = session_serializer.loads(session, max_age=SESSION_TIMEOUT)
except Exception: except Exception:
logger.exception("Failed to validate admin session") logger.exception("Failed to validate admin session")
raise _RedirectToLoginPage raise _RedirectToLoginPage

View File

@ -116,6 +116,8 @@ class Config(pydantic.BaseModel):
sqlalchemy_database: str | None = None sqlalchemy_database: str | None = None
key_path: str | None = None key_path: str | None = None
session_timeout: int = 3600 * 24 * 3 # in seconds, 3 days by default
# Only set when the app is served on a non-root path # Only set when the app is served on a non-root path
id: str | None = None id: str | None = None
@ -171,6 +173,7 @@ ALSO_KNOWN_AS = CONFIG.also_known_as
CUSTOM_CONTENT_SECURITY_POLICY = CONFIG.custom_content_security_policy CUSTOM_CONTENT_SECURITY_POLICY = CONFIG.custom_content_security_policy
INBOX_RETENTION_DAYS = CONFIG.inbox_retention_days INBOX_RETENTION_DAYS = CONFIG.inbox_retention_days
SESSION_TIMEOUT = CONFIG.session_timeout
CUSTOM_FOOTER = ( CUSTOM_FOOTER = (
markdown(CONFIG.custom_footer.replace("{version}", VERSION)) markdown(CONFIG.custom_footer.replace("{version}", VERSION))
if CONFIG.custom_footer if CONFIG.custom_footer

View File

@ -27,6 +27,7 @@ from app.ap_object import Object
from app.config import BASE_URL from app.config import BASE_URL
from app.config import CUSTOM_FOOTER from app.config import CUSTOM_FOOTER
from app.config import DEBUG from app.config import DEBUG
from app.config import SESSION_TIMEOUT
from app.config import VERSION from app.config import VERSION
from app.config import generate_csrf_token from app.config import generate_csrf_token
from app.config import session_serializer from app.config import session_serializer
@ -69,10 +70,10 @@ def is_current_user_admin(request: Request) -> bool:
try: try:
loaded_session = session_serializer.loads( loaded_session = session_serializer.loads(
session_cookie, session_cookie,
max_age=3600 * 12, max_age=SESSION_TIMEOUT,
) )
except Exception: except Exception:
pass logger.exception("Failed to validate session timeout")
else: else:
is_admin = loaded_session.get("is_logged_in") is_admin = loaded_session.get("is_logged_in")