Commit 1871ba19 authored by Andrei Mihu's avatar Andrei Mihu
Browse files

Make console token expiry configurable.

parent b69fc5fa

server/config.go

+2 −0
Original line number Diff line number Diff line
@@ -667,6 +667,7 @@ type ConsoleConfig struct { 
	IdleTimeoutMs       int    `yaml:"idle_timeout_ms" json:"idle_timeout_ms" usage:"Maximum amount of time in milliseconds to wait for the next request when keep-alives are enabled."`

	Username            string `yaml:"username" json:"username" usage:"Username for the embedded console. Default username is 'admin'."`

	Password            string `yaml:"password" json:"password" usage:"Password for the embedded console. Default password is 'password'."`

	TokenExpirySec      int64  `yaml:"token_expiry_sec" json:"token_expiry_sec" usage:"Token expiry in seconds. Default 86400."`

	SigningKey          string `yaml:"signing_key" json:"signing_key" usage:"Key used to sign console session tokens."`

}
@@ -680,6 +681,7 @@ func NewConsoleConfig() *ConsoleConfig { 
		IdleTimeoutMs:       300 * 1000,

		Username:            "admin",

		Password:            "password",

		TokenExpirySec:      86400,

		SigningKey:          "defaultsigningkey",

	}

}

server/console_authenticate.go

+1 −1
Original line number Diff line number Diff line
@@ -28,7 +28,7 @@ func (s *ConsoleServer) Authenticate(ctx context.Context, in *console.Authentica 
	password := s.config.GetConsole().Password

	if in.Username == username && in.Password == password {

		token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{

			"exp": time.Now().UTC().Add(1 * time.Hour).Unix(),

			"exp": time.Now().UTC().Add(time.Duration(s.config.GetConsole().TokenExpirySec) * time.Second).Unix(),

		})

		signedToken, _ := token.SignedString([]byte(s.config.GetConsole().SigningKey))

		return &console.ConsoleSession{Token: signedToken}, nil