feat: add session max lifetime and fix refresh logic (#559)

* feat: allow any HTTP method for /api/auth/envoy and restrict methods for non-envoy proxies * feat: add Allow header for invalid methods in proxyHandler * feat: add session max lifetime and fix refresh logic * fix: set default value for created_at column and improve session expiration logic --------- Co-authored-by: Stavros <steveiliop56@gmail.com>
2026-01-13 02:42:28 +00:00 · 2026-01-07 06:37:23 -05:00
parent 721f302c0b
commit e7bd64d7a3
16 changed files with 96 additions and 47 deletions
--- a/cmd/tinyauth/tinyauth.go
+++ b/cmd/tinyauth/tinyauth.go
@@ -25,9 +25,10 @@ func NewTinyauthCmdConfiguration() *config.Config {
 			Address: "0.0.0.0",
 		},
 		Auth: config.AuthConfig{
-			SessionExpiry:   3600,
-			LoginTimeout:    300,
-			LoginMaxRetries: 3,
+			SessionExpiry:      3600,
+			SessionMaxLifetime: 0,
+			LoginTimeout:       300,
+			LoginMaxRetries:    3,
 		},
 		UI: config.UIConfig{
 			Title:                 "Tinyauth",