vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit 2bb41367bca49329c2ece74096e50fc9a422039d
parent 20d8886bfadf8c014d3a82be410e7a3a92088bbf
Author: Nils Mittler <nmittler@bcf-pc03.desktop>
Date:   Mon, 20 Feb 2023 16:10:30 +0100

Make the admin cookie lifetime adjustable

Diffstat:
M.env.template | 3+++
Msrc/api/admin.rs | 2+-
Msrc/config.rs | 3+++
3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/.env.template b/.env.template @@ -335,6 +335,9 @@ ## Allow a burst of requests of up to this size, while maintaining the average indicated by `ADMIN_RATELIMIT_SECONDS`. # ADMIN_RATELIMIT_MAX_BURST=3 +## Set the lifetime of the cookie that is used to authorize admin requests to this value (in minutes). +# ADMIN_COOKIE_LIFETIME=20 + ## Yubico (Yubikey) Settings ## Set your Client ID and Secret Key for Yubikey OTP ## You can generate it here: https://upgrade.yubico.com/getapikey/ diff --git a/src/api/admin.rs b/src/api/admin.rs @@ -184,7 +184,7 @@ fn post_admin_login(data: Form<LoginForm>, cookies: &CookieJar<'_>, ip: ClientIp let cookie = Cookie::build(COOKIE_NAME, jwt) .path(admin_path()) - .max_age(rocket::time::Duration::minutes(20)) + .max_age(rocket::time::Duration::minutes(CONFIG.admin_cookie_lifetime())) .same_site(SameSite::Strict) .http_only(true) .finish(); diff --git a/src/config.rs b/src/config.rs @@ -581,6 +581,9 @@ make_config! { /// Max burst size for admin login requests |> Allow a burst of requests of up to this size, while maintaining the average indicated by `admin_ratelimit_seconds` admin_ratelimit_max_burst: u32, false, def, 3; + /// Admin cookie lifetime |> Set the lifetime of the cookie that is used to authorize admin requests to this value (in minutes). + admin_cookie_lifetime: i64, true, def, 20; + /// Enable groups (BETA!) (Know the risks!) |> Enables groups support for organizations (Currently contains known issues!). org_groups_enabled: bool, false, def, false; },