diff --git a/cognee/modules/users/authentication/default/default_transport.py b/cognee/modules/users/authentication/default/default_transport.py index aed795de2..f9ec33e8d 100644 --- a/cognee/modules/users/authentication/default/default_transport.py +++ b/cognee/modules/users/authentication/default/default_transport.py @@ -1,12 +1,22 @@ import os from fastapi_users.authentication import CookieTransport +# Get cookie domain from environment variable +# If not set or empty, use None to allow cookie to work on any domain +cookie_domain = os.getenv("AUTH_TOKEN_COOKIE_DOMAIN") +if cookie_domain == "": + cookie_domain = None + +# Note: Cookie expiration is automatically set by FastAPI Users based on JWT Strategy's lifetime_seconds +# The JWT Strategy lifetime_seconds is configured in get_client_auth_backend.py +# and reads from JWT_LIFETIME_SECONDS environment variable + default_transport = CookieTransport( cookie_name=os.getenv("AUTH_TOKEN_COOKIE_NAME", "auth_token"), cookie_secure=False, cookie_httponly=True, cookie_samesite="Lax", - cookie_domain="localhost", + cookie_domain=cookie_domain, # None allows cookie to work on any domain ) default_transport.name = "cookie" diff --git a/cognee/modules/users/authentication/get_api_auth_backend.py b/cognee/modules/users/authentication/get_api_auth_backend.py index f36efafd9..ffb591a9d 100644 --- a/cognee/modules/users/authentication/get_api_auth_backend.py +++ b/cognee/modules/users/authentication/get_api_auth_backend.py @@ -16,8 +16,12 @@ def get_api_auth_backend(): def get_jwt_strategy() -> JWTStrategy[models.UP, models.ID]: secret = os.getenv("FASTAPI_USERS_JWT_SECRET", "super_secret") - - return APIJWTStrategy(secret, lifetime_seconds=36000) + try: + lifetime_seconds = int(os.getenv("JWT_LIFETIME_SECONDS", "3600")) + except ValueError: + lifetime_seconds = 3600 + + return APIJWTStrategy(secret, lifetime_seconds=lifetime_seconds) auth_backend = AuthenticationBackend( name=transport.name, diff --git a/cognee/modules/users/authentication/get_client_auth_backend.py b/cognee/modules/users/authentication/get_client_auth_backend.py index ccf59dafd..bf794377d 100644 --- a/cognee/modules/users/authentication/get_client_auth_backend.py +++ b/cognee/modules/users/authentication/get_client_auth_backend.py @@ -18,8 +18,12 @@ def get_client_auth_backend(): from .default.default_jwt_strategy import DefaultJWTStrategy secret = os.getenv("FASTAPI_USERS_JWT_SECRET", "super_secret") + try: + lifetime_seconds = int(os.getenv("JWT_LIFETIME_SECONDS", "3600")) + except ValueError: + lifetime_seconds = 3600 - return DefaultJWTStrategy(secret, lifetime_seconds=3600) + return DefaultJWTStrategy(secret, lifetime_seconds=lifetime_seconds) auth_backend = AuthenticationBackend( name=transport.name, diff --git a/docker-compose.yml b/docker-compose.yml index 472f24c21..ac5aebb39 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,6 +1,7 @@ services: cognee: container_name: cognee + restart: always networks: - cognee-network build: @@ -14,6 +15,8 @@ services: - HOST=0.0.0.0 - ENVIRONMENT=local - LOG_LEVEL=INFO + # CAUTION: Default '*' allows all origins. Override with specific domains in production. + - CORS_ALLOWED_ORIGINS=${CORS_ALLOWED_ORIGINS:-*} extra_hosts: # Allows the container to reach your local machine using "host.docker.internal" instead of "localhost" - "host.docker.internal:host-gateway" @@ -68,6 +71,9 @@ services: # If you want to use Cognee with a UI environment you can integrate the Cognee MCP Server into Cursor / Claude Desktop / Visual Studio Code (through Cline/Roo) frontend: container_name: frontend + restart: always + environment: + - NEXT_PUBLIC_BACKEND_API_URL=${NEXT_PUBLIC_BACKEND_API_URL:-http://localhost:8000} profiles: - ui build: @@ -85,6 +91,7 @@ services: neo4j: image: neo4j:latest container_name: neo4j + restart: always profiles: - neo4j ports: @@ -99,6 +106,7 @@ services: chromadb: image: chromadb/chroma:0.6.3 container_name: chromadb + restart: always profiles: - chromadb environment: @@ -117,6 +125,7 @@ services: postgres: image: pgvector/pgvector:pg17 container_name: postgres + restart: always profiles: - postgres environment: