From f933898c56fb1a1c8d06654a7f1ff479d0547642 Mon Sep 17 00:00:00 2001
From: virtus <fevirtus@gmail.com>
Date: Fri, 24 Apr 2026 01:53:25 +0700
Subject: [PATCH] Add access token expiration configuration and new auth
 session endpoint

---
 app/auth.py |  5 ++++-
 app/main.py | 18 ++++++++++++++++--
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/app/auth.py b/app/auth.py
index 44dd87e..00b0ace 100644
--- a/app/auth.py
+++ b/app/auth.py
@@ -17,8 +17,11 @@ SESSION_COOKIE_KEYS = [
     "__Secure-next-auth.session-token",
     "authjs.session-token",
     "__Secure-authjs.session-token",
+    "reader_access_token",
 ]
 
+ACCESS_TOKEN_TTL_SECONDS = 7 * 24 * 60 * 60
+
 
 def _jwt_secret() -> str:
     return settings.mobile_jwt_secret or settings.nextauth_secret
@@ -29,7 +32,7 @@ def create_access_token(user_id: str) -> str:
     payload = {
         "sub": user_id,
         "iat": int(now.timestamp()),
-        "exp": int((now + dt.timedelta(days=7)).timestamp()),
+        "exp": int((now + dt.timedelta(seconds=ACCESS_TOKEN_TTL_SECONDS)).timestamp()),
     }
     secret = _jwt_secret()
     if not secret:
diff --git a/app/main.py b/app/main.py
index ff8e614..6493930 100644
--- a/app/main.py
+++ b/app/main.py
@@ -16,7 +16,7 @@ from pydantic import BaseModel, Field
 from sqlalchemy import text
 from sqlalchemy.ext.asyncio import AsyncSession
 
-from app.auth import create_access_token, require_current_user
+from app.auth import ACCESS_TOKEN_TTL_SECONDS, create_access_token, require_current_user
 from app.routers import mod
 from app.config import settings
 from app.database import get_db_session, mongo_client, mongo_db
@@ -1651,7 +1651,7 @@ async def mobile_login(payload: MobileLoginPayload, db: AsyncSession = Depends(g
     return {
         "accessToken": access_token,
         "refreshToken": refresh_token,
-        "expiresIn": 3600,
+        "expiresIn": ACCESS_TOKEN_TTL_SECONDS,
         "user": {
             "id": user["id"],
             "email": user.get("email"),
@@ -1660,3 +1660,17 @@ async def mobile_login(payload: MobileLoginPayload, db: AsyncSession = Depends(g
             "role": user.get("role", "USER"),
         },
     }
+
+
+@app.get("/api/auth/session")
+async def auth_session(request: Request, db: AsyncSession = Depends(get_db_session)):
+    user = await require_current_user(db, request)
+    return {
+        "user": {
+            "id": user["id"],
+            "email": user.get("email"),
+            "name": user.get("name"),
+            "image": user.get("image"),
+            "role": user.get("role", "USER"),
+        }
+    }