chore(env): JWT_EXPIRES_IN 15m + JWT_REFRESH_EXPIRES_IN dokumentieren
Folge-Aufräumen zur Refresh-Cookie-Migration: - .env.example: JWT_EXPIRES_IN von 7d auf 15m (Access-Token-Lifetime), neue JWT_REFRESH_EXPIRES_IN=7d. Kommentar erklärt das Access-/Refresh- Pattern (Memory vs. httpOnly-Cookie, transparenter Refresh). - docker-compose.yml: durchreichen + Default mit 15m statt 7d, plus JWT_REFRESH_EXPIRES_IN als neue Variable. Bestandsinstallationen mit altem JWT_EXPIRES_IN=7d in der .env funktionieren weiter (die Variable überschreibt den Default), aber bei neuen Setups ist sofort der Branchenstandard aktiv. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
+2
-1
@@ -59,7 +59,8 @@ services:
|
||||
DB_USER: ${DB_USER}
|
||||
DB_PASSWORD: ${DB_PASSWORD}
|
||||
JWT_SECRET: ${JWT_SECRET}
|
||||
JWT_EXPIRES_IN: ${JWT_EXPIRES_IN:-7d}
|
||||
JWT_EXPIRES_IN: ${JWT_EXPIRES_IN:-15m}
|
||||
JWT_REFRESH_EXPIRES_IN: ${JWT_REFRESH_EXPIRES_IN:-7d}
|
||||
ENCRYPTION_KEY: ${ENCRYPTION_KEY}
|
||||
NODE_ENV: production
|
||||
PORT: 3001
|
||||
|
||||
Reference in New Issue
Block a user