Add custom JWT TTL (#4234)

resolves #4224

docker/.env.example

@@ -5,6 +5,7 @@ GID='1000'
 # SIG_KEY='passphrase' # Please generate random string at least 32 chars long.
 # SIG_SALT='salt' # Please generate random string at least 32 chars long.
 # JWT_SECRET="my-random-string-for-seeding" # Only needed if AUTH_TOKEN is set. Please generate random string at least 12 chars long.
+# JWT_EXPIRY="30d" # (optional) https://docs.anythingllm.com/configuration#custom-ttl-for-sessions
 
 ###########################################
 ######## LLM API SElECTION ################

server/.env.example

@@ -1,5 +1,6 @@
 SERVER_PORT=3001
 JWT_SECRET="my-random-string-for-seeding" # Please generate random string at least 12 chars long.
+# JWT_EXPIRY="30d" # (optional) https://docs.anythingllm.com/configuration#custom-ttl-for-sessions
 SIG_KEY='passphrase' # Please generate random string at least 32 chars long.
 SIG_SALT='salt' # Please generate random string at least 32 chars long.
 

server/endpoints/system.js

@@ -202,18 +202,18 @@ function systemEndpoints(app) {
           existingUser?.id
         );
 
-        // Check if the user has seen the recovery codes
+        // Generate a session token for the user then check if they have seen the recovery codes
+        // and if not, generate recovery codes and return them to the frontend.
+        const sessionToken = makeJWT(
+          { id: existingUser.id, username: existingUser.username },
+          process.env.JWT_EXPIRY
+        );
         if (!existingUser.seen_recovery_codes) {
           const plainTextCodes = await generateRecoveryCodes(existingUser.id);
-
-          // Return recovery codes to frontend
           response.status(200).json({
             valid: true,
             user: User.filterFields(existingUser),
-            token: makeJWT(
+            token: sessionToken,
-              { id: existingUser.id, username: existingUser.username },
-              "30d"
-            ),
             message: null,
             recoveryCodes: plainTextCodes,
           });
@@ -223,10 +223,7 @@ function systemEndpoints(app) {
         response.status(200).json({
           valid: true,
           user: User.filterFields(existingUser),
-          token: makeJWT(
+          token: sessionToken,
-            { id: existingUser.id, username: existingUser.username },
-            "30d"
-          ),
           message: null,
         });
         return;
@@ -259,7 +256,7 @@ function systemEndpoints(app) {
           valid: true,
           token: makeJWT(
             { p: new EncryptionManager().encrypt(password) },
-            "30d"
+            process.env.JWT_EXPIRY
           ),
           message: null,
         });

server/models/temporaryAuthToken.js

@@ -86,7 +86,7 @@ const TemporaryAuthToken = {
       // Create a new session token for the user valid for 30 days
       const sessionToken = makeJWT(
         { id: token.user.id, username: token.user.username },
-        "30d"
+        process.env.JWT_EXPIRY
       );
 
       return { sessionToken, token, error: null };

server/utils/helpers/updateENV.js

@@ -1094,6 +1094,8 @@ function dumpENV() {
     ...Object.values(KEY_MAPPING).map((values) => values.envKey),
     // Manually Add Keys here which are not already defined in KEY_MAPPING
     // and are either managed or manually set ENV key:values.
+    "JWT_EXPIRY",
+
     "STORAGE_DIR",
     "SERVER_PORT",
     // For persistent data encryption