curo/Business-Management
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Harden JWT: 8-hour expiry, add JWT vulnerability checks

Browse Source 
- Reduce ACCESS_TOKEN_EXPIRE_MINUTES from 24h to 8h (no permanent sessions)
- Add JWT_PATTERNS to security_check.py: algorithm=none, verify_exp=False,
  multi-day timedelta, oversized EXPIRE_MINUTES, hardcoded secret
- Add JWT security checklist to security-auditor agent
- Document auth/session security items in TODO.md

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
curo1305
2026-04-13 22:54:53 +02:00
parent b9485ca492
commit 0af5e8cc24
5 changed files with 65 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/app/core/config.py
+1 -1
View File
@@ -8,7 +8,7 @@ class Settings(BaseSettings):
SECRET_KEY: str = "change-me-in-production"
ALGORITHM: str = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES: int = 60 * 24 # 1 day
ACCESS_TOKEN_EXPIRE_MINUTES: int = 60 * 8 # 8 hours — no permanent sessions
CORS_ORIGINS: list[str] = ["http://localhost:5173"]