fix(auth): set session expires_at to non-nullable with 1 year max

This commit is contained in:
2026-07-05 23:21:54 +08:00
parent d7780ea6ad
commit 46670c72fa
2 changed files with 2 additions and 2 deletions

View File

@@ -25,7 +25,7 @@ def verify_password(password: str, password_hash: str) -> bool:
def create_session(user_id: int, db: DbSession, remember_me: bool = False) -> str:
token = uuid4().hex
expires_at = (datetime.now(timezone.utc) + timedelta(days=365)) if remember_me else None
expires_at = datetime.now(timezone.utc) + timedelta(days=365)
db.add(UserSession(token=token, user_id=user_id, expires_at=expires_at))
db.commit()
return token

View File

@@ -28,7 +28,7 @@ class UserSession(Base):
token = Column(String(64), primary_key=True)
user_id = Column(Integer, ForeignKey("users.id", ondelete="CASCADE"), nullable=False)
created_at = Column(DateTime, default=_utcnow)
expires_at = Column(DateTime, nullable=True)
expires_at = Column(DateTime, nullable=False)
user = relationship("User", back_populates="sessions")