Add configurable session expiry via BACKEND_SESSION_EXPIRY_SECONDS

- Add backend_session_expiry_seconds field to Config with default 86400 seconds (24 hours)
- Update session layer to use config value instead of hardcoded Duration::days(1)
- Add BACKEND_SESSION_EXPIRY_SECONDS environment variable to deployment pipeline
- Update docker-compose.yaml and entrypoint.sh to pass session expiry parameter
- Update .env.local with default session expiry configuration

This allows flexible session timeout configuration for different environments
while maintaining backward compatibility with 24-hour default.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: calebbourg

.github/workflows/deploy_to_do.yml

@@ -99,6 +99,8 @@ jobs:
           BACKEND_SERVICE_API_PATH=${{ vars.BACKEND_SERVICE_API_PATH }}
           # API version to use between frontend and backend
           BACKEND_API_VERSION=${{ vars.BACKEND_API_VERSION }}
+          # Session expiry duration in seconds (default: 24 hours = 86400 seconds)
+          BACKEND_SESSION_EXPIRY_SECONDS=${{ vars.BACKEND_SESSION_EXPIRY_SECONDS }}
           # Deployment environment used (development, staging, production)
           RUST_ENV=${{ vars.RUST_ENV }}
 

docker-compose.yaml

@@ -78,6 +78,7 @@ services:
       BACKEND_API_VERSION: ${BACKEND_API_VERSION}
       BACKEND_ALLOWED_ORIGINS: ${BACKEND_ALLOWED_ORIGINS}
       BACKEND_LOG_FILTER_LEVEL: ${BACKEND_LOG_FILTER_LEVEL}
+      BACKEND_SESSION_EXPIRY_SECONDS: ${BACKEND_SESSION_EXPIRY_SECONDS}
       TIPTAP_APP_ID: ${TIPTAP_APP_ID}
       TIPTAP_URL: ${TIPTAP_URL}
       TIPTAP_AUTH_KEY: ${TIPTAP_AUTH_KEY}

entrypoint.sh

@@ -87,6 +87,7 @@ main() {
             local interface="${BACKEND_INTERFACE:-0.0.0.0}"
             local port="${BACKEND_PORT:-4000}"
             local origins="${BACKEND_ALLOWED_ORIGINS:-*}"
+            local session_expiry="${BACKEND_SESSION_EXPIRY_SECONDS:-86400}"
 
             log_info "Starting Refactor Platform API server..."
             log_debug "Log level: $log_level, Interface: $interface, Port: $port"
@@ -97,6 +98,7 @@ main() {
                 -i "$interface" \
                 -p "$port" \
                 --allowed-origins="$origins" \
+                --backend-session-expiry-seconds="$session_expiry" \
                 "$@"
             ;;
 

service/src/config.rs

@@ -142,6 +142,10 @@ pub struct Config {
         .map(|s| s.parse::<RustEnv>().unwrap()),
     )]
     pub runtime_env: RustEnv,
+
+    /// Session expiry duration in seconds (default: 24 hours = 86400 seconds)
+    #[arg(long, env, default_value_t = 86400)]
+    pub backend_session_expiry_seconds: u64,
 }
 
 impl Default for Config {

web/src/lib.rs

@@ -51,7 +51,9 @@ pub async fn init_server(app_state: AppState) -> Result<()> {
         // Get non-secure cookies for local testing, while production automatically gets secure cookies
         .with_secure(app_state.config.is_production())
         .with_same_site(tower_sessions::cookie::SameSite::Lax) // Assists in CSRF protection
-        .with_expiry(Expiry::OnInactivity(Duration::days(1)))
+        .with_expiry(Expiry::OnInactivity(Duration::seconds(
+            app_state.config.backend_session_expiry_seconds as i64,
+        )))
         // Save session on every request to reset the inactivity timer
         // This ensures active users stay logged in
         .with_always_save(true);