46722aec19
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Problem: 15-minute tokens with no refresh mechanism kicked users to login even when actively using the app. Fixes: 1. config.py: raise ACCESS_TOKEN_EXPIRE_MINUTES from 15 → 480 (8h). Reasonable for an enterprise internal tool; still configurable via env. 2. POST /auth/refresh: new endpoint that reads the current aegis_token cookie and issues a fresh token if the session is still valid. Returns the new token in the cookie + body (same shape as /auth/login). 3. frontend/api/client.ts: response interceptor now attempts a silent refresh on 401 before redirecting to login: - Calls POST /auth/refresh once per failed request - If refresh succeeds: retries the original request transparently - If refresh fails: redirects to /login as before - Deduplicates concurrent refresh attempts (refresh once, resolve all) - Never attempts refresh on /auth/refresh or /auth/login themselves Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
7.2 KiB
7.2 KiB