fix: jwt expiry not taken from configuration

2026-02-17 01:45:29 +00:00 · 2026-02-17 01:45:29 +00:00 · 7d3595fdcd
commit 7d3595fdcd
parent f012766ec7
2 changed files with 4 additions and 5 deletions
--- a/internal/handler/auth.go
+++ b/internal/handler/auth.go
@ -5,7 +5,6 @@ import (
 	"log/slog"
 	"net/http"
 	"strings"
 	"time"
 	"git.juancwu.dev/juancwu/budgit/internal/ctxkeys"
 	"git.juancwu.dev/juancwu/budgit/internal/service"
@ -64,7 +63,7 @@ func (h *authHandler) LoginWithPassword(w http.ResponseWriter, r *http.Request)
 		return
 	}
-	h.authService.SetJWTCookie(w, jwtToken, time.Now().Add(7*24*time.Hour))
+	h.authService.SetJWTCookie(w, jwtToken)
 	// Check for pending invite
 	inviteCookie, err := r.Cookie("pending_invite")
@ -153,7 +152,7 @@ func (h *authHandler) VerifyMagicLink(w http.ResponseWriter, r *http.Request) {
 		return
 	}
-	h.authService.SetJWTCookie(w, jwtToken, time.Now().Add(7*24*time.Hour))
+	h.authService.SetJWTCookie(w, jwtToken)
 	// Check for pending invite
 	inviteCookie, err := r.Cookie("pending_invite")
--- a/internal/service/auth.go
+++ b/internal/service/auth.go
@ -190,11 +190,11 @@ func (s *AuthService) VerifyJWT(tokenString string) (jwt.MapClaims, error) {
 	return nil, fmt.Errorf("invalid token")
 }
-func (s *AuthService) SetJWTCookie(w http.ResponseWriter, token string, expiry time.Time) {
+func (s *AuthService) SetJWTCookie(w http.ResponseWriter, token string) {
 	http.SetCookie(w, &http.Cookie{
 		Name:     "auth_token",
 		Value:    token,
-		Expires:  expiry,
+		Expires:  time.Now().Add(s.jwtExpiry),
 		Path:     "/",
 		HttpOnly: true,
 		Secure:   s.isProduction,