feat: add AUTH_SESSION_TIMEOUT environment variable for configurable session duration (#5041)

Author: skynetigor

docs/deployment/configuration.mdx

@@ -95,6 +95,7 @@ Keep is highly configurable through environment variables. This allows you to cu
 |                Env var                |                              Purpose                              | Required | Default Value |                   Valid options                    |
 | :-----------------------------------: | :---------------------------------------------------------------: | :------: | :-----------: | :------------------------------------------------: |
 |             **AUTH_TYPE**             |                 Specifies the authentication type                 |    No    |   "NOAUTH"    | "AUTH0", "KEYCLOAK", "DB", "NOAUTH", "OAUTH2PROXY" |
+|       **AUTH_SESSION_TIMEOUT**        |     Specifies user session timeout. Default is 30 days(2592000)   |    No    |    2592000    | "AUTH0", "KEYCLOAK", "DB", "NOAUTH", "OAUTH2PROXY" |
 |          **KEEP_JWT_SECRET**          | Secret key for JWT token generation and validation (DB auth only) |   Yes    |     None      |              Any strong secret string              |
 |       **KEEP_DEFAULT_USERNAME**       |        Default username for the admin user (DB auth only)         |    No    |    "keep"     |             Any valid username string              |
 |       **KEEP_DEFAULT_PASSWORD**       |        Default password for the admin user (DB auth only)         |    No    |    "keep"     |             Any strong password string             |

keep-ui/auth.config.ts

@@ -21,16 +21,19 @@ export class BackendRefusedError extends AuthError {
   static type = "BackendRefusedError";
 }
 
+const authSessionTimeout = process.env.AUTH_SESSION_TIMEOUT
+  ? Number.parseInt(process.env.AUTH_SESSION_TIMEOUT)
+  : 30 * 24 * 60 * 60; // Default to 30 days if not set
 // Determine auth type with backward compatibility
 const authTypeEnv = process.env.AUTH_TYPE;
 export const authType =
   authTypeEnv === MULTI_TENANT
     ? AuthType.AUTH0
     : authTypeEnv === SINGLE_TENANT
-    ? AuthType.DB
-    : authTypeEnv === NO_AUTH
-    ? AuthType.NOAUTH
-    : (authTypeEnv as AuthType);
+      ? AuthType.DB
+      : authTypeEnv === NO_AUTH
+        ? AuthType.NOAUTH
+        : (authTypeEnv as AuthType);
 
 export const proxyUrl =
   process.env.HTTP_PROXY ||
@@ -238,7 +241,7 @@ export const config = {
   },
   session: {
     strategy: "jwt" as const,
-    maxAge: 30 * 24 * 60 * 60, // 30 days
+    maxAge: authSessionTimeout, // 30 days
   },
   callbacks: {
     authorized({ auth, request: { nextUrl } }) {

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "keep"
-version = "0.45.4"
+version = "0.45.5"
 description = "Alerting. for developers, by developers."
 authors = ["Keep Alerting LTD"]
 packages = [{include = "keep"}]