Make the admin cookie lifetime adjustable

2025-10-31 10:18:19 +02:00 · 2023-02-20 16:10:30 +01:00
parent 20d8886bfa
commit 2bb41367bc
3 changed files with 7 additions and 1 deletions
--- a/src/api/admin.rs
+++ b/src/api/admin.rs
@@ -184,7 +184,7 @@ fn post_admin_login(data: Form<LoginForm>, cookies: &CookieJar<'_>, ip: ClientIp

        let cookie = Cookie::build(COOKIE_NAME, jwt)
            .path(admin_path())
-            .max_age(rocket::time::Duration::minutes(20))
+            .max_age(rocket::time::Duration::minutes(CONFIG.admin_cookie_lifetime()))
            .same_site(SameSite::Strict)
            .http_only(true)
            .finish();
--- a/src/config.rs
+++ b/src/config.rs
@@ -581,6 +581,9 @@ make_config! {
        /// Max burst size for admin login requests |> Allow a burst of requests of up to this size, while maintaining the average indicated by `admin_ratelimit_seconds`
        admin_ratelimit_max_burst:     u32, false, def, 3;

+        /// Admin cookie lifetime |> Set the lifetime of the cookie that is used to authorize admin requests to this value (in minutes).
+        admin_cookie_lifetime:  i64,    true,   def,    20;
+
        /// Enable groups (BETA!) (Know the risks!) |> Enables groups support for organizations (Currently contains known issues!).
        org_groups_enabled:     bool,   false,  def,    false;
    },