From 6afff1daaa06802071cfd5956e5e38ff374ff188 Mon Sep 17 00:00:00 2001
From: z30057876 <zhouweitong@huawei.com>
Date: Sun, 27 Apr 2025 15:56:44 +0800
Subject: [PATCH] =?UTF-8?q?=E5=9B=BA=E5=AE=9ASession=E8=BF=87=E6=9C=9F?=
 =?UTF-8?q?=E6=97=B6=E9=97=B4=E4=B8=BA30=E5=A4=A9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/constants.py           | 2 ++
 apps/dependency/csrf.py     | 5 +++--
 apps/dependency/session.py  | 3 ++-
 apps/dependency/user.py     | 3 ++-
 apps/entities/config.py     | 1 -
 apps/manager/session.py     | 3 ++-
 apps/routers/auth.py        | 7 ++++---
 assets/.config.example.toml | 1 -
 8 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/apps/constants.py b/apps/constants.py
index ca5421612..e0ea1af0f 100644
--- a/apps/constants.py
+++ b/apps/constants.py
@@ -18,6 +18,8 @@ SLIDE_WINDOW_QUESTION_COUNT = 10
 MAX_API_RESPONSE_LENGTH = 8192
 # Executor最大步骤历史数
 STEP_HISTORY_SIZE = 3
+# Session时间，单位为分钟
+SESSION_TTL = 30 * 24 * 60
 
 REASONING_BEGIN_TOKEN = [
     "<think>",
diff --git a/apps/dependency/csrf.py b/apps/dependency/csrf.py
index fb747b5ed..2c6fa6b41 100644
--- a/apps/dependency/csrf.py
+++ b/apps/dependency/csrf.py
@@ -7,6 +7,7 @@ Copyright (c) Huawei Technologies Co., Ltd. 2023-2025. All rights reserved.
 from fastapi import HTTPException, Request, Response, status
 
 from apps.common.config import Config
+from apps.constants import SESSION_TTL
 from apps.manager.session import SessionManager
 
 
@@ -26,10 +27,10 @@ async def verify_csrf_token(request: Request, response: Response) -> Response |
         raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail="Renew CSRF token failed.")
 
     if Config().get_config().deploy.cookie == "DEBUG":
-        response.set_cookie("_csrf_tk", new_csrf_token, max_age=Config().get_config().fastapi.session_ttl * 60,
+        response.set_cookie("_csrf_tk", new_csrf_token, max_age=SESSION_TTL * 60,
                             domain=Config().get_config().fastapi.domain)
     else:
-        response.set_cookie("_csrf_tk", new_csrf_token, max_age=Config().get_config().fastapi.session_ttl * 60,
+        response.set_cookie("_csrf_tk", new_csrf_token, max_age=SESSION_TTL * 60,
                             secure=True, domain=Config().get_config().fastapi.domain, samesite="strict")
     return response
 
diff --git a/apps/dependency/session.py b/apps/dependency/session.py
index e83a6a97e..051844c69 100644
--- a/apps/dependency/session.py
+++ b/apps/dependency/session.py
@@ -11,6 +11,7 @@ from starlette.middleware.base import BaseHTTPMiddleware, RequestResponseEndpoin
 from starlette.requests import Request
 
 from apps.common.config import Config
+from apps.constants import SESSION_TTL
 from apps.manager.session import SessionManager
 
 BYPASS_LIST = [
@@ -68,7 +69,7 @@ class VerifySessionMiddleware(BaseHTTPMiddleware):
                 "httponly": True,
                 "secure": True,
                 "samesite": "strict",
-                "max_age": Config().get_config().fastapi.session_ttl * 60,
+                "max_age": SESSION_TTL * 60,
             })
 
         response.set_cookie(**cookie_params)
diff --git a/apps/dependency/user.py b/apps/dependency/user.py
index 4699edb47..f33893572 100644
--- a/apps/dependency/user.py
+++ b/apps/dependency/user.py
@@ -14,6 +14,7 @@ from starlette.requests import HTTPConnection
 
 from apps.common.config import Config
 from apps.common.oidc import oidc_provider
+from apps.constants import SESSION_TTL
 from apps.manager.api_key import ApiKeyManager
 from apps.manager.session import SessionManager
 
@@ -69,7 +70,7 @@ async def _verify_oidc_auth(request: HTTPConnection, response: Response) -> str:
         response.set_cookie(
             "ECSESSION",
             current_session,
-            max_age=Config().get_config().fastapi.session_ttl * 60,
+            max_age=SESSION_TTL * 60,
             secure=True,
             domain=Config().get_config().fastapi.domain,
             httponly=True,
diff --git a/apps/entities/config.py b/apps/entities/config.py
index bec3718e6..971f249f4 100644
--- a/apps/entities/config.py
+++ b/apps/entities/config.py
@@ -55,7 +55,6 @@ class FastAPIConfig(BaseModel):
     """FastAPI配置"""
 
     domain: str = Field(description="当前实例的域名")
-    session_ttl: int = Field(description="用户需要刷新Token的间隔(min)", default=30)
     csrf: bool = Field(description="是否启用CSRF Token功能", default=False)
 
 
diff --git a/apps/manager/session.py b/apps/manager/session.py
index b143b478f..77f034bcb 100644
--- a/apps/manager/session.py
+++ b/apps/manager/session.py
@@ -12,6 +12,7 @@ import secrets
 from datetime import UTC, datetime, timedelta
 
 from apps.common.config import Config
+from apps.constants import SESSION_TTL
 from apps.entities.config import FixedUserConfig
 from apps.entities.session import Session
 from apps.exceptions import LoginSettingsError, SessionError
@@ -35,7 +36,7 @@ class SessionManager:
         data = Session(
             _id=session_id,
             ip=ip,
-            expired_at=datetime.now(UTC) + timedelta(minutes=Config().get_config().fastapi.session_ttl),
+            expired_at=datetime.now(UTC) + timedelta(minutes=SESSION_TTL),
         )
         if Config().get_config().login.provider == "disable":
             login_settings = Config().get_config().login.settings
diff --git a/apps/routers/auth.py b/apps/routers/auth.py
index d5a78ddf5..0665bd406 100644
--- a/apps/routers/auth.py
+++ b/apps/routers/auth.py
@@ -12,6 +12,7 @@ from fastapi.responses import JSONResponse, RedirectResponse
 
 from apps.common.config import Config
 from apps.common.oidc import oidc_provider
+from apps.constants import SESSION_TTL
 from apps.dependency import get_user, verify_csrf_token, verify_user
 from apps.entities.collection import Audit
 from apps.entities.response_data import (
@@ -98,7 +99,7 @@ async def oidc_login(request: Request, code: str, redirect_index: str | None = N
         response.set_cookie(
             "_csrf_tk",
             new_csrf_token,
-            max_age=Config().get_config().fastapi.session_ttl * 60,
+            max_age=SESSION_TTL * 60,
             secure=True,
             domain=Config().get_config().fastapi.domain,
             samesite="strict",
@@ -106,7 +107,7 @@ async def oidc_login(request: Request, code: str, redirect_index: str | None = N
         response.set_cookie(
             "ECSESSION",
             current_session,
-            max_age=Config().get_config().fastapi.session_ttl * 60,
+            max_age=SESSION_TTL * 60,
             secure=True,
             domain=Config().get_config().fastapi.domain,
             httponly=True,
@@ -145,7 +146,7 @@ async def logout(request: Request, response: Response, user_sub: Annotated[str,
     response.set_cookie(
         "ECSESSION",
         new_session,
-        max_age=Config().get_config().fastapi.session_ttl * 60,
+        max_age=SESSION_TTL * 60,
         httponly=True,
         secure=True,
         samesite="strict",
diff --git a/assets/.config.example.toml b/assets/.config.example.toml
index 5cf07e0bd..fc54fb5ea 100644
--- a/assets/.config.example.toml
+++ b/assets/.config.example.toml
@@ -14,7 +14,6 @@ app_secret = ''
 
 [fastapi]
 domain = 'www.eulercopilot.local'
-session_ttl = 30
 csrf = false
 
 [security]
-- 
Gitee