feat(auth): extend refresh TTL and keep session on transient errors

Bumps refresh token lifetime to 720h with env overrides, and stops
clearing the local session for non-401 refresh failures so users aren't
logged out by transient network blips. Adds a 60s retry timer when a
refresh fails for non-auth reasons.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-04-25 18:09:01 +08:00
parent 7e78b031d7
commit d1f2a14477
9 changed files with 115 additions and 12 deletions
+22
View File
@@ -376,6 +376,15 @@ func applyEnvOverrides(cfg *Config) {
return
}
if secret, ok := lookupNonEmptyEnv("JWT_SECRET"); ok {
cfg.JWT.Secret = secret
}
if ttl, ok := lookupDurationEnv("JWT_ACCESS_TTL"); ok {
cfg.JWT.AccessTTL = ttl
}
if ttl, ok := lookupDurationEnv("JWT_REFRESH_TTL"); ok {
cfg.JWT.RefreshTTL = ttl
}
if apiKey, ok := lookupNonEmptyEnv("LLM_API_KEY"); ok {
cfg.LLM.APIKey = apiKey
}
@@ -784,6 +793,19 @@ func lookupBoolEnv(key string) (bool, bool) {
}
}
func lookupDurationEnv(key string) (time.Duration, bool) {
value, ok := lookupNonEmptyEnv(key)
if !ok {
return 0, false
}
duration, err := time.ParseDuration(value)
if err != nil {
return 0, false
}
return duration, true
}
func maxInt(value, fallback int) int {
if value < fallback {
return fallback