Add custom JWT TTL (#4234)

resolves #4224
2025-08-01 10:39:38 -07:00 · 2025-08-01 10:39:38 -07:00 · a9d9f9cdfd
commit a9d9f9cdfd
parent c218a0dfe3
5 changed files with 14 additions and 13 deletions
--- a/docker/.env.example
+++ b/docker/.env.example
@ -5,6 +5,7 @@ GID='1000'
 # SIG_KEY='passphrase' # Please generate random string at least 32 chars long.
 # SIG_SALT='salt' # Please generate random string at least 32 chars long.
 # JWT_SECRET="my-random-string-for-seeding" # Only needed if AUTH_TOKEN is set. Please generate random string at least 12 chars long.
 # JWT_EXPIRY="30d" # (optional) https://docs.anythingllm.com/configuration#custom-ttl-for-sessions
 ###########################################
 ######## LLM API SElECTION ################
--- a/server/.env.example
+++ b/server/.env.example
@ -1,5 +1,6 @@
 SERVER_PORT=3001
 JWT_SECRET="my-random-string-for-seeding" # Please generate random string at least 12 chars long.
 # JWT_EXPIRY="30d" # (optional) https://docs.anythingllm.com/configuration#custom-ttl-for-sessions
 SIG_KEY='passphrase' # Please generate random string at least 32 chars long.
 SIG_SALT='salt' # Please generate random string at least 32 chars long.
--- a/server/endpoints/system.js
+++ b/server/endpoints/system.js
@ -202,18 +202,18 @@ function systemEndpoints(app) {
          existingUser?.id
        );
-        // Check if the user has seen the recovery codes
+        // Generate a session token for the user then check if they have seen the recovery codes
        // and if not, generate recovery codes and return them to the frontend.
        const sessionToken = makeJWT(
          { id: existingUser.id, username: existingUser.username },
          process.env.JWT_EXPIRY
        );
        if (!existingUser.seen_recovery_codes) {
          const plainTextCodes = await generateRecoveryCodes(existingUser.id);
          // Return recovery codes to frontend
          response.status(200).json({
            valid: true,
            user: User.filterFields(existingUser),
-            token: makeJWT(
+            token: sessionToken,
              { id: existingUser.id, username: existingUser.username },
              "30d"
            ),
            message: null,
            recoveryCodes: plainTextCodes,
          });
@ -223,10 +223,7 @@ function systemEndpoints(app) {
        response.status(200).json({
          valid: true,
          user: User.filterFields(existingUser),
-          token: makeJWT(
+          token: sessionToken,
            { id: existingUser.id, username: existingUser.username },
            "30d"
          ),
          message: null,
        });
        return;
@ -259,7 +256,7 @@ function systemEndpoints(app) {
          valid: true,
          token: makeJWT(
            { p: new EncryptionManager().encrypt(password) },
-            "30d"
+            process.env.JWT_EXPIRY
          ),
          message: null,
        });
--- a/server/models/temporaryAuthToken.js
+++ b/server/models/temporaryAuthToken.js
@ -86,7 +86,7 @@ const TemporaryAuthToken = {
      // Create a new session token for the user valid for 30 days
      const sessionToken = makeJWT(
        { id: token.user.id, username: token.user.username },
-        "30d"
+        process.env.JWT_EXPIRY
      );
      return { sessionToken, token, error: null };
--- a/server/utils/helpers/updateENV.js
+++ b/server/utils/helpers/updateENV.js
@ -1094,6 +1094,8 @@ function dumpENV() {
    ...Object.values(KEY_MAPPING).map((values) => values.envKey),
    // Manually Add Keys here which are not already defined in KEY_MAPPING
    // and are either managed or manually set ENV key:values.
    "JWT_EXPIRY",
    "STORAGE_DIR",
    "SERVER_PORT",
    // For persistent data encryption