feat(auth): add custom user timeout (#3871)

* feat(auth): introduce new timeout constant * feat(auth): pass timeout from handler * feat(auth): add timeout selector to auth settings view * feat(settings): add user session timeout property * feat(auth): load user session timeout from settings * fix(settings): use correct time format * feat(auth): remove no-auth flag * refactor(auth): move timeout mgmt to jwt service * refactor(client): remove no-auth checks from client * refactor(cli): remove defaultNoAuth * feat(settings): create settings with default user timeout value * refactor(db): save user session timeout always * refactor(jwt): return error * feat(auth): set session timeout in jwt service on update * feat(auth): add description and time settings * feat(auth): parse duration * feat(settings): validate user timeout format * refactor(settings): remove unneccesary import
2025-07-24 07:49:41 +02:00 · 2020-06-09 12:55:36 +03:00 · 2020-06-09 12:55:36 +03:00 · b02749f877
commit b02749f877
parent b58c2facfe
73 changed files with 214 additions and 236 deletions
--- a/api/jwt/jwt.go
+++ b/api/jwt/jwt.go
@ -12,7 +12,8 @@ import (

 // Service represents a service for managing JWT tokens.
 type Service struct {
-	secret []byte
+	secret             []byte
+	userSessionTimeout time.Duration
 }

 type claims struct {
@ -23,20 +24,27 @@ type claims struct {
 }

 // NewService initializes a new service. It will generate a random key that will be used to sign JWT tokens.
-func NewService() (*Service, error) {
+func NewService(userSessionDuration string) (*Service, error) {
+	userSessionTimeout, err := time.ParseDuration(userSessionDuration)
+	if err != nil {
+		return nil, err
+	}
+
 	secret := securecookie.GenerateRandomKey(32)
 	if secret == nil {
 		return nil, portainer.ErrSecretGeneration
 	}
+
 	service := &Service{
 		secret,
+		userSessionTimeout,
 	}
 	return service, nil
 }

 // GenerateToken generates a new JWT token.
 func (service *Service) GenerateToken(data *portainer.TokenData) (string, error) {
-	expireToken := time.Now().Add(time.Hour * 8).Unix()
+	expireToken := time.Now().Add(service.userSessionTimeout).Unix()
 	cl := claims{
 		UserID:   int(data.ID),
 		Username: data.Username,
@ -77,3 +85,8 @@ func (service *Service) ParseAndVerifyToken(token string) (*portainer.TokenData,

 	return nil, portainer.ErrInvalidJWTToken
 }
+
+// SetUserSessionDuration sets the user session duration
+func (service *Service) SetUserSessionDuration(userSessionDuration time.Duration) {
+	service.userSessionTimeout = userSessionDuration
+}