fix: TOKEN_EXPIRY_MINUTES (#9557)

2025-08-12 07:49:01 +08:00 · 2024-10-21 18:14:26 +08:00 · 2024-10-21 18:14:26 +08:00 · 90dd91c6cd
commit 90dd91c6cd
parent 8d8a8fe295
5 changed files with 16 additions and 13 deletions
--- a/api/.env.example
+++ b/api/.env.example
@ -329,4 +329,7 @@ POSITION_TOOL_EXCLUDES=

 POSITION_PROVIDER_PINS=
 POSITION_PROVIDER_INCLUDES=
-POSITION_PROVIDER_EXCLUDES=
+POSITION_PROVIDER_EXCLUDES=
+
+# Reset password token expiry minutes
+RESET_PASSWORD_TOKEN_EXPIRY_MINUTES=5
--- a/api/configs/feature/init.py
+++ b/api/configs/feature/init.py
@ -27,9 +27,9 @@ class SecurityConfig(BaseSettings):
        default="",
    )

-    RESET_PASSWORD_TOKEN_EXPIRY_HOURS: PositiveInt = Field(
-        description="Duration in hours for which a password reset token remains valid",
-        default=24,
+    RESET_PASSWORD_TOKEN_EXPIRY_MINUTES: PositiveInt = Field(
+        description="Duration in minutes for which a password reset token remains valid",
+        default=5,
    )


@ -652,9 +652,9 @@ class LoginConfig(BaseSettings):
        description="whether to enable github/google oauth login",
        default=False,
    )
-    EMAIL_CODE_LOGIN_TOKEN_EXPIRY_HOURS: PositiveFloat = Field(
-        description="expiry time in hours for email code login token",
-        default=1 / 12,
+    EMAIL_CODE_LOGIN_TOKEN_EXPIRY_MINUTES: PositiveInt = Field(
+        description="expiry time in minutes for email code login token",
+        default=5,
    )
    ALLOW_REGISTER: bool = Field(
        description="whether to enable register",
--- a/api/libs/helper.py
+++ b/api/libs/helper.py
@ -214,13 +214,13 @@ class TokenManager:
        if additional_data:
            token_data.update(additional_data)

-        expiry_hours = current_app.config[f"{token_type.upper()}_TOKEN_EXPIRY_HOURS"]
+        expiry_minutes = current_app.config[f"{token_type.upper()}_TOKEN_EXPIRY_MINUTES"]
        token_key = cls._get_token_key(token, token_type)
-        expiry_time = int(expiry_hours * 60 * 60)
+        expiry_time = int(expiry_minutes * 60)
        redis_client.setex(token_key, expiry_time, json.dumps(token_data))

        if account_id:
-            cls._set_current_token_for_account(account.id, token, token_type, expiry_hours)
+            cls._set_current_token_for_account(account.id, token, token_type, expiry_minutes)

        return token

--- a/docker/.env.example
+++ b/docker/.env.example
@ -605,8 +605,8 @@ INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH=1000
 # Default: 72.
 INVITE_EXPIRY_HOURS=72

-# Reset password token valid time (hours),
-RESET_PASSWORD_TOKEN_EXPIRY_HOURS=0.0833
+# Reset password token valid time (minutes),
+RESET_PASSWORD_TOKEN_EXPIRY_MINUTES=5

 # The sandbox service endpoint.
 CODE_EXECUTION_ENDPOINT=http://sandbox:8194
--- a/docker/docker-compose.yaml
+++ b/docker/docker-compose.yaml
@ -207,7 +207,7 @@ x-shared-env: &shared-api-worker-env
  RESEND_API_URL: https://api.resend.com
  INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-1000}
  INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72}
-  RESET_PASSWORD_TOKEN_EXPIRY_HOURS: ${RESET_PASSWORD_TOKEN_EXPIRY_HOURS:-24}
+  RESET_PASSWORD_TOKEN_EXPIRY_MINUTES: ${RESET_PASSWORD_TOKEN_EXPIRY_MINUTES:-5}
  CODE_EXECUTION_ENDPOINT: ${CODE_EXECUTION_ENDPOINT:-http://sandbox:8194}
  CODE_EXECUTION_API_KEY: ${SANDBOX_API_KEY:-dify-sandbox}
  CODE_MAX_NUMBER: ${CODE_MAX_NUMBER:-9223372036854775807}