Browse Source
Merge branch 'mittler-works-adjustable_admin_cookie_lifetime'
Daniel García
2 years ago
GPG Key ID:
4 changed files with
8 additions and
2 deletions
.env.template
src/api/admin.rs
src/auth.rs
src/config.rs
@ -335,6 +335,9 @@
## Allow a burst of requests of up to this size, while maintaining the average indicated by `ADMIN_RATELIMIT_SECONDS`.
# ADMIN_RATELIMIT_MAX_BURST=3
## Set the lifetime of admin sessions to this value (in minutes).
# ADMIN_SESSION_LIFETIME=20
## Yubico (Yubikey) Settings
## Set your Client ID and Secret Key for Yubikey OTP
## You can generate it here: https://upgrade.yubico.com/getapikey/
@ -183,7 +183,7 @@ fn post_admin_login(data: Form<LoginForm>, cookies: &CookieJar<'_>, ip: ClientIp
let cookie = Cookie ::build ( COOKIE_NAME , jwt )
. path ( admin_path ( ) )
. max_age ( rocket ::time ::Duration ::minutes ( 20 ) )
. max_age ( rocket ::time ::Duration ::minutes ( CONFIG . admin_session_lifetime ( ) ) )
. same_site ( SameSite ::Strict )
. http_only ( true )
. finish ( ) ;
@ -241,7 +241,7 @@ pub fn generate_admin_claims() -> BasicJwtClaims {
let time_now = Utc ::now ( ) . naive_utc ( ) ;
BasicJwtClaims {
nbf : time_now . timestamp ( ) ,
exp : ( time_now + Duration ::minutes ( 20 ) ) . timestamp ( ) ,
exp : ( time_now + Duration ::minutes ( CONFIG . admin_session_lifetime ( ) ) ) . timestamp ( ) ,
iss : JWT_ADMIN_ISSUER . to_string ( ) ,
sub : "admin_panel" . to_string ( ) ,
}
@ -581,6 +581,9 @@ make_config! {
/// Max burst size for admin login requests |> Allow a burst of requests of up to this size, while maintaining the average indicated by `admin_ratelimit_seconds`
admin_ratelimit_max_burst : u32 , false , def , 3 ;
/// Admin session lifetime |> Set the lifetime of admin sessions to this value (in minutes).
admin_session_lifetime : i64 , true , def , 20 ;
/// Enable groups (BETA!) (Know the risks!) |> Enables groups support for organizations (Currently contains known issues!).
org_groups_enabled : bool , false , def , false ;
} ,
Daniel García
2 years ago