From a7b114725a8783c583f5c91f6266f27ae6d25e41 Mon Sep 17 00:00:00 2001 From: maozhen Date: Mon, 29 Dec 2025 14:02:57 +0800 Subject: [PATCH] ``` feat(auth): make JWT token expiration configurable via environment variable- Add JWT_LIFETIME_SECONDS environment variable to configure token expiration - Set default expiration to3600 seconds (1 hour) for both API and client auth backends - Remove hardcoded expiration values in favor of environment-based configuration - Add documentation comments explaining the JWT strategy configuration feat(auth): make cookie domain configurable via environment variable - Add AUTH_TOKEN_COOKIE_DOMAIN environment variable to configure cookie domain - When not set or empty, cookie domain defaults to None allowing cross-domain usage - Add documentation explaining cookie expiration is handled by JWT strategy - Update default_transport to use environment-based cookie domainfeat(docker): add CORS_ALLOWED_ORIGINS environment variable - Add CORS_ALLOWED_ORIGINS environment variable with default value of '*' - Configure frontend to use NEXT_PUBLIC_BACKEND_API_URL environment variable - Set default backend API URL to http://localhost:8000 feat(docker): add restart policy to all services - Add restart: always policy to cognee, frontend, neo4j, chromadb, and postgres services - This ensures services automatically restart on failure or system reboot - Improves container reliability and uptime``` --- .../authentication/default/default_transport.py | 12 +++++++++++- .../users/authentication/get_api_auth_backend.py | 6 ++++-- .../users/authentication/get_client_auth_backend.py | 4 +++- docker-compose.yml | 8 ++++++++ 4 files changed, 26 insertions(+), 4 deletions(-) diff --git a/cognee/modules/users/authentication/default/default_transport.py b/cognee/modules/users/authentication/default/default_transport.py index aed795de2..f9ec33e8d 100644 --- a/cognee/modules/users/authentication/default/default_transport.py +++ b/cognee/modules/users/authentication/default/default_transport.py @@ -1,12 +1,22 @@ import os from fastapi_users.authentication import CookieTransport +# Get cookie domain from environment variable +# If not set or empty, use None to allow cookie to work on any domain +cookie_domain = os.getenv("AUTH_TOKEN_COOKIE_DOMAIN") +if cookie_domain == "": + cookie_domain = None + +# Note: Cookie expiration is automatically set by FastAPI Users based on JWT Strategy's lifetime_seconds +# The JWT Strategy lifetime_seconds is configured in get_client_auth_backend.py +# and reads from JWT_LIFETIME_SECONDS environment variable + default_transport = CookieTransport( cookie_name=os.getenv("AUTH_TOKEN_COOKIE_NAME", "auth_token"), cookie_secure=False, cookie_httponly=True, cookie_samesite="Lax", - cookie_domain="localhost", + cookie_domain=cookie_domain, # None allows cookie to work on any domain ) default_transport.name = "cookie" diff --git a/cognee/modules/users/authentication/get_api_auth_backend.py b/cognee/modules/users/authentication/get_api_auth_backend.py index f36efafd9..8a408250c 100644 --- a/cognee/modules/users/authentication/get_api_auth_backend.py +++ b/cognee/modules/users/authentication/get_api_auth_backend.py @@ -16,8 +16,10 @@ def get_api_auth_backend(): def get_jwt_strategy() -> JWTStrategy[models.UP, models.ID]: secret = os.getenv("FASTAPI_USERS_JWT_SECRET", "super_secret") - - return APIJWTStrategy(secret, lifetime_seconds=36000) + # 使用环境变量配置过期时间,默认与 client_auth_backend 保持一致(3600秒) + lifetime_seconds = int(os.getenv("JWT_LIFETIME_SECONDS", "3600")) + + return APIJWTStrategy(secret, lifetime_seconds=lifetime_seconds) auth_backend = AuthenticationBackend( name=transport.name, diff --git a/cognee/modules/users/authentication/get_client_auth_backend.py b/cognee/modules/users/authentication/get_client_auth_backend.py index ccf59dafd..3ffe668a8 100644 --- a/cognee/modules/users/authentication/get_client_auth_backend.py +++ b/cognee/modules/users/authentication/get_client_auth_backend.py @@ -18,8 +18,10 @@ def get_client_auth_backend(): from .default.default_jwt_strategy import DefaultJWTStrategy secret = os.getenv("FASTAPI_USERS_JWT_SECRET", "super_secret") + # 使用环境变量配置过期时间,默认 3600 秒(1小时) + lifetime_seconds = int(os.getenv("JWT_LIFETIME_SECONDS", "3600")) - return DefaultJWTStrategy(secret, lifetime_seconds=3600) + return DefaultJWTStrategy(secret, lifetime_seconds=lifetime_seconds) auth_backend = AuthenticationBackend( name=transport.name, diff --git a/docker-compose.yml b/docker-compose.yml index 472f24c21..7df3c5695 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,6 +1,7 @@ services: cognee: container_name: cognee + restart: always networks: - cognee-network build: @@ -14,6 +15,7 @@ services: - HOST=0.0.0.0 - ENVIRONMENT=local - LOG_LEVEL=INFO + - CORS_ALLOWED_ORIGINS=${CORS_ALLOWED_ORIGINS:-*} extra_hosts: # Allows the container to reach your local machine using "host.docker.internal" instead of "localhost" - "host.docker.internal:host-gateway" @@ -68,6 +70,9 @@ services: # If you want to use Cognee with a UI environment you can integrate the Cognee MCP Server into Cursor / Claude Desktop / Visual Studio Code (through Cline/Roo) frontend: container_name: frontend + restart: always + environment: + - NEXT_PUBLIC_BACKEND_API_URL=${NEXT_PUBLIC_BACKEND_API_URL:-http://localhost:8000} profiles: - ui build: @@ -85,6 +90,7 @@ services: neo4j: image: neo4j:latest container_name: neo4j + restart: always profiles: - neo4j ports: @@ -99,6 +105,7 @@ services: chromadb: image: chromadb/chroma:0.6.3 container_name: chromadb + restart: always profiles: - chromadb environment: @@ -117,6 +124,7 @@ services: postgres: image: pgvector/pgvector:pg17 container_name: postgres + restart: always profiles: - postgres environment: