```

fix(auth): add error handling for JWT lifetime configuration

- Add try-catch block to handle invalid JWT_LIFETIME_SECONDS environment variable
- Default to 360 seconds when environment variable is not a valid integer
- Apply same fix to both API and client authentication backendsdocs(docker): add security warning for CORS configuration

- Add comment warning about default CORS_ALLOWED_ORIGINS setting
- Emphasize need to override wildcard with specific domains in production
```

cognee/modules/users/authentication/get_api_auth_backend.py

@@ -16,7 +16,10 @@ def get_api_auth_backend():
 
     def get_jwt_strategy() -> JWTStrategy[models.UP, models.ID]:
         secret = os.getenv("FASTAPI_USERS_JWT_SECRET", "super_secret")
-        lifetime_seconds = int(os.getenv("JWT_LIFETIME_SECONDS", "3600"))
+        try:
+            lifetime_seconds = int(os.getenv("JWT_LIFETIME_SECONDS", "3600"))
+        except ValueError:
+            lifetime_seconds = 3600
         
         return APIJWTStrategy(secret, lifetime_seconds=lifetime_seconds)
 

cognee/modules/users/authentication/get_client_auth_backend.py

@@ -18,7 +18,10 @@ def get_client_auth_backend():
         from .default.default_jwt_strategy import DefaultJWTStrategy
 
         secret = os.getenv("FASTAPI_USERS_JWT_SECRET", "super_secret")
-        lifetime_seconds = int(os.getenv("JWT_LIFETIME_SECONDS", "3600"))
+        try:
+            lifetime_seconds = int(os.getenv("JWT_LIFETIME_SECONDS", "3600"))
+        except ValueError:
+            lifetime_seconds = 3600
 
         return DefaultJWTStrategy(secret, lifetime_seconds=lifetime_seconds)
 

docker-compose.yml

@@ -15,6 +15,7 @@ services:
       - HOST=0.0.0.0
       - ENVIRONMENT=local
       - LOG_LEVEL=INFO
+      # CAUTION: Default '*' allows all origins. Override with specific domains in production.
       - CORS_ALLOWED_ORIGINS=${CORS_ALLOWED_ORIGINS:-*}
     extra_hosts:
       # Allows the container to reach your local machine using "host.docker.internal" instead of "localhost"