feat: allow session timeout to be configurable. closes #101

2025-04-03 20:47:35 +03:00 · 2020-03-18 20:16:18 -04:00 · 2020-03-18 20:16:18 -04:00 · faac303eff
commit faac303eff
parent ced87be57b
3 changed files with 29 additions and 13 deletions
--- a/conf/configuration.go
+++ b/conf/configuration.go
@ -13,12 +13,13 @@ import (
 )

 type nd struct {
-	Port         string `default:"4533"`
-	MusicFolder  string `default:"./music"`
-	DataFolder   string `default:"./"`
-	ScanInterval string `default:"1m"`
-	DbPath       string
-	LogLevel     string `default:"info"`
+	Port           string `default:"4533"`
+	MusicFolder    string `default:"./music"`
+	DataFolder     string `default:"./"`
+	ScanInterval   string `default:"1m"`
+	DbPath         string ``
+	LogLevel       string `default:"info"`
+	SessionTimeout string `default:"30s"`

 	IgnoredArticles string `default:"The El La Los Las Le Les Os As O A"`
 	IndexGroups     string `default:"A B C D E F G H I J K L M N O P Q R S T U V W X-Z(XYZ) [Unknown]([)"`
--- a/consts/consts.go
+++ b/consts/consts.go
@ -9,9 +9,9 @@ const (
 	DefaultDbPath       = "navidrome.db?cache=shared&_busy_timeout=15000&_journal_mode=WAL"
 	InitialSetupFlagKey = "InitialSetup"

-	JWTSecretKey       = "JWTSecret"
-	JWTIssuer          = "ND"
-	JWTTokenExpiration = 30 * time.Minute
+	JWTSecretKey          = "JWTSecret"
+	JWTIssuer             = "ND"
+	DefaultSessionTimeout = 30 * time.Minute

 	UIAssetsLocalPath = "ui/build"

--- a/engine/auth/auth.go
+++ b/engine/auth/auth.go
@ -5,6 +5,7 @@ import (
 	"sync"
 	"time"

+	"github.com/deluan/navidrome/conf"
 	"github.com/deluan/navidrome/consts"
 	"github.com/deluan/navidrome/log"
 	"github.com/deluan/navidrome/model"
@ -13,9 +14,10 @@ import (
 )

 var (
-	once      sync.Once
-	JwtSecret []byte
-	TokenAuth *jwtauth.JWTAuth
+	once           sync.Once
+	JwtSecret      []byte
+	TokenAuth      *jwtauth.JWTAuth
+	sessionTimeOut time.Duration
 )

 func InitTokenAuth(ds model.DataStore) {
@ -39,8 +41,21 @@ func CreateToken(u *model.User) (string, error) {
 	return TouchToken(token)
 }

+func getSessionTimeOut() time.Duration {
+	if sessionTimeOut == 0 {
+		if to, err := time.ParseDuration(conf.Server.SessionTimeout); err != nil {
+			sessionTimeOut = consts.DefaultSessionTimeout
+		} else {
+			sessionTimeOut = to
+		}
+		log.Info("Setting Session Timeout", "value", sessionTimeOut)
+	}
+	return sessionTimeOut
+}
+
 func TouchToken(token *jwt.Token) (string, error) {
-	expireIn := time.Now().Add(consts.JWTTokenExpiration).Unix()
+	timeout := getSessionTimeOut()
+	expireIn := time.Now().Add(timeout).Unix()
 	claims := token.Claims.(jwt.MapClaims)
 	claims["exp"] = expireIn