From 46670c72faf360bc07f2267e6fd368a3ed0fd226 Mon Sep 17 00:00:00 2001 From: Zichao Lin Date: Sun, 5 Jul 2026 23:21:54 +0800 Subject: [PATCH] fix(auth): set session expires_at to non-nullable with 1 year max --- app/auth.py | 2 +- app/models.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/auth.py b/app/auth.py index 339a771..68c6ee9 100644 --- a/app/auth.py +++ b/app/auth.py @@ -25,7 +25,7 @@ def verify_password(password: str, password_hash: str) -> bool: def create_session(user_id: int, db: DbSession, remember_me: bool = False) -> str: token = uuid4().hex - expires_at = (datetime.now(timezone.utc) + timedelta(days=365)) if remember_me else None + expires_at = datetime.now(timezone.utc) + timedelta(days=365) db.add(UserSession(token=token, user_id=user_id, expires_at=expires_at)) db.commit() return token diff --git a/app/models.py b/app/models.py index d1d6469..55d37ad 100644 --- a/app/models.py +++ b/app/models.py @@ -28,7 +28,7 @@ class UserSession(Base): token = Column(String(64), primary_key=True) user_id = Column(Integer, ForeignKey("users.id", ondelete="CASCADE"), nullable=False) created_at = Column(DateTime, default=_utcnow) - expires_at = Column(DateTime, nullable=True) + expires_at = Column(DateTime, nullable=False) user = relationship("User", back_populates="sessions")