From 07c272c96af502bbf9d2c274605ec195bce20e1c Mon Sep 17 00:00:00 2001
From: Ryan Chen <ryan@torrtle.co>
Date: Sun, 5 Apr 2026 10:10:47 -0400
Subject: [PATCH] Extend JWT token expiration times

Access tokens now last 1 hour (up from default 15 min) and refresh
tokens last 30 days, reducing frequent re-authentication.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 app.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app.py b/app.py
index e4751da..6f1ac58 100644
--- a/app.py
+++ b/app.py
@@ -1,5 +1,6 @@
 import logging
 import os
+from datetime import timedelta
 
 from dotenv import load_dotenv
 from quart import Quart, jsonify, render_template, request, send_from_directory
@@ -38,6 +39,8 @@ app = Quart(
 )
 
 app.config["JWT_SECRET_KEY"] = os.getenv("JWT_SECRET_KEY", "SECRET_KEY")
+app.config["JWT_ACCESS_TOKEN_EXPIRES"] = timedelta(hours=1)
+app.config["JWT_REFRESH_TOKEN_EXPIRES"] = timedelta(days=30)
 app.config["MAX_CONTENT_LENGTH"] = 10 * 1024 * 1024  # 10 MB upload limit
 jwt = JWTManager(app)