gmakstutis/cognee
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

```

Browse source 
fix(auth): add error handling for JWT lifetime configuration

- Add try-catch block to handle invalid JWT_LIFETIME_SECONDS environment variable
- Default to 360 seconds when environment variable is not a valid integer
- Apply same fix to both API and client authentication backendsdocs(docker): add security warning for CORS configuration

- Add comment warning about default CORS_ALLOWED_ORIGINS setting
- Emphasize need to override wildcard with specific domains in production
```
This commit is contained in:
maozhen 2025-12-29 14:39:13 +08:00
parent 5a77c36a95
commit e47fda4872
3 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
cognee/modules/users/authentication/get_api_auth_backend.py
View file

@ -16,7 +16,10 @@ def get_api_auth_backend():
def get_jwt_strategy() -> JWTStrategy[models.UP, models.ID]: def get_jwt_strategy() -> JWTStrategy[models.UP, models.ID]:
secret = os.getenv("FASTAPI_USERS_JWT_SECRET", "super_secret") secret = os.getenv("FASTAPI_USERS_JWT_SECRET", "super_secret")
lifetime_seconds = int(os.getenv("JWT_LIFETIME_SECONDS", "3600")) try:
lifetime_seconds = int(os.getenv("JWT_LIFETIME_SECONDS", "3600"))
except ValueError:
lifetime_seconds = 3600
return APIJWTStrategy(secret, lifetime_seconds=lifetime_seconds) return APIJWTStrategy(secret, lifetime_seconds=lifetime_seconds)

5
cognee/modules/users/authentication/get_client_auth_backend.py
View file

@ -18,7 +18,10 @@ def get_client_auth_backend():
from .default.default_jwt_strategy import DefaultJWTStrategy from .default.default_jwt_strategy import DefaultJWTStrategy
secret = os.getenv("FASTAPI_USERS_JWT_SECRET", "super_secret") secret = os.getenv("FASTAPI_USERS_JWT_SECRET", "super_secret")
lifetime_seconds = int(os.getenv("JWT_LIFETIME_SECONDS", "3600")) try:
lifetime_seconds = int(os.getenv("JWT_LIFETIME_SECONDS", "3600"))
except ValueError:
lifetime_seconds = 3600
return DefaultJWTStrategy(secret, lifetime_seconds=lifetime_seconds) return DefaultJWTStrategy(secret, lifetime_seconds=lifetime_seconds)

1
docker-compose.yml
View file

@ -15,6 +15,7 @@ services:
- HOST=0.0.0.0 - HOST=0.0.0.0
- ENVIRONMENT=local - ENVIRONMENT=local
- LOG_LEVEL=INFO - LOG_LEVEL=INFO
# CAUTION: Default '*' allows all origins. Override with specific domains in production.
- CORS_ALLOWED_ORIGINS=${CORS_ALLOWED_ORIGINS:-*} - CORS_ALLOWED_ORIGINS=${CORS_ALLOWED_ORIGINS:-*}
extra_hosts: extra_hosts:
# Allows the container to reach your local machine using "host.docker.internal" instead of "localhost" # Allows the container to reach your local machine using "host.docker.internal" instead of "localhost"