coolify

rosslh/coolify

Fork 0

Commit graph

Author	SHA1	Message	Date
Andras Bacsai	1522c510cf	fix(api-tokens): mark expiration warning after notification Ensure failed token expiration warning notifications do not persist the warning marker, allowing the job to retry later.	2026-05-13 10:28:32 +02:00
Andras Bacsai	3911a0305c	fix(api-tokens): persist expiration warning state Track when expiration warnings are sent on personal access tokens so repeated job runs or cache flushes do not send duplicate notifications.	2026-05-13 10:11:40 +02:00
Andras Bacsai	90ddbb3572	feat(security): support expiration on API tokens with warning notifications Add optional expiration to personal API tokens. Users pick a duration (1/7/30/60/90 days or Never) at creation time. Expired tokens are rejected by Sanctum, pruned hourly by sanctum:prune-expired, and a team notification fires ~24h before expiry so owners can rotate before API calls start failing. - ApiTokens Livewire component stores expires_at from expiresInDays - Rework issued-tokens UI from card grid to table (matches other views) - New ApiTokenExpirationWarningJob scheduled hourly (idempotent via RateLimiter) - New ApiTokenExpiringNotification (email/discord/telegram/slack/pushover) - api_token_expiring added to alwaysSendEvents so users cannot silence expiry warnings from the per-event notification toggle UI - sanctum:prune-expired cadence moved from daily to hourly Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-20 14:28:38 +02:00

Author

SHA1

Message

Date

Andras Bacsai

1522c510cf

fix(api-tokens): mark expiration warning after notification

Ensure failed token expiration warning notifications do not persist the warning marker, allowing the job to retry later.

2026-05-13 10:28:32 +02:00

Andras Bacsai

3911a0305c

fix(api-tokens): persist expiration warning state

Track when expiration warnings are sent on personal access tokens so repeated job runs or cache flushes do not send duplicate notifications.

2026-05-13 10:11:40 +02:00

Andras Bacsai

90ddbb3572

feat(security): support expiration on API tokens with warning notifications

Add optional expiration to personal API tokens. Users pick a duration
(1/7/30/60/90 days or Never) at creation time. Expired tokens are
rejected by Sanctum, pruned hourly by sanctum:prune-expired, and a
team notification fires ~24h before expiry so owners can rotate
before API calls start failing.

- ApiTokens Livewire component stores expires_at from expiresInDays
- Rework issued-tokens UI from card grid to table (matches other views)
- New ApiTokenExpirationWarningJob scheduled hourly (idempotent via RateLimiter)
- New ApiTokenExpiringNotification (email/discord/telegram/slack/pushover)
- api_token_expiring added to alwaysSendEvents so users cannot silence
  expiry warnings from the per-event notification toggle UI
- sanctum:prune-expired cadence moved from daily to hourly

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-04-20 14:28:38 +02:00

3 commits