github/endurain
1
1
Fork 0
mirror of https://github.com/joaovitoriasilva/endurain.git synced 2026-01-08 23:38:01 -05:00
Code Issues 45 Packages Projects Releases Wiki Activity

Add session idle and absolute timeout enforcement

Browse Source 
Implements optional session idle and absolute timeout logic, including new environment variables for configuration. Adds last_activity_at to sessions, enforces timeouts on token refresh, and introduces a scheduler job to clean up idle sessions. Also introduces progressive lockout for failed logins and updates documentation and examples accordingly.
This commit is contained in:
João Vitória Silva
2025-12-18 10:28:22 +00:00
parent 23cf954a47
commit f6e06fb3e6
13 changed files with 500 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
docs/getting-started/advanced-started.md
View File

@@ -41,6 +41,9 @@ Table below shows supported environment variables. Variables marked with optiona
| ALGORITHM | HS256 | Yes | Currently only HS256 is supported |
| ACCESS_TOKEN_EXPIRE_MINUTES | 15 | Yes | Time in minutes |
| REFRESH_TOKEN_EXPIRE_DAYS | 7 | Yes | Time in days |
| SESSION_IDLE_TIMEOUT_ENABLED | false | Yes | Enforce idle timeouts (supported values are `true` and `false`) |
| SESSION_IDLE_TIMEOUT_HOURS | 1 | Yes | Time in hours |
| SESSION_ABSOLUTE_TIMEOUT_HOURS | 24 | Yes | Time in hours |
| JAEGER_ENABLED | false | Yes | N/A |
| JAEGER_PROTOCOL | http | Yes | N/A |
| JAEGER_HOST | jaeger | Yes | N/A |
@@ -70,6 +73,26 @@ Frontend dependencies:
- To check npm dependencies used, use npm file (package.json)
- Logo created on Canva
## Session Timeout Configuration (Optional)
By default, Endurain sessions last 7 days without enforcing idle timeouts.
For enhanced security, you can enable automatic session expiration:
**Environment Variables:**
- `SESSION_IDLE_TIMEOUT_ENABLED`: Enable timeout enforcement (default: `false`)
- `SESSION_IDLE_TIMEOUT_HOURS`: Logout after inactivity (default: `1`)
- `SESSION_ABSOLUTE_TIMEOUT_HOURS`: Force re-login after duration (default: `24`)
**Example:**
```yaml
environment:
SESSION_IDLE_TIMEOUT_ENABLED: "true"
SESSION_IDLE_TIMEOUT_HOURS: "2"
SESSION_ABSOLUTE_TIMEOUT_HOURS: "48"
```
## Docker Secrets Support
Endurain supports [Docker secrets](https://docs.docker.com/compose/how-tos/use-secrets/) for securely managing sensitive environment variables. For the following environment variables, you can use `_FILE` variants that read the secret from a file instead of storing it directly in environment variables: