coolify/resources/views/emails/api-token-expiring.blade.php at e9a9a32e8756be003cb56959436b0580df1c86aa - rosslh/coolify - Forgejo: Beyond coding. We Forge.

rosslh/coolify

Andras Bacsai 90ddbb3572 feat(security): support expiration on API tokens with warning notifications

Add optional expiration to personal API tokens. Users pick a duration
(1/7/30/60/90 days or Never) at creation time. Expired tokens are
rejected by Sanctum, pruned hourly by sanctum:prune-expired, and a
team notification fires ~24h before expiry so owners can rotate
before API calls start failing.

- ApiTokens Livewire component stores expires_at from expiresInDays
- Rework issued-tokens UI from card grid to table (matches other views)
- New ApiTokenExpirationWarningJob scheduled hourly (idempotent via RateLimiter)
- New ApiTokenExpiringNotification (email/discord/telegram/slack/pushover)
- api_token_expiring added to alwaysSendEvents so users cannot silence
  expiry warnings from the per-event notification toggle UI
- sanctum:prune-expired cadence moved from daily to hourly

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-04-20 14:28:38 +02:00

7 lines

279 B

PHP

Raw Blame History

 <x-emails.layout>
 Your Coolify API token ({{ $tokenName }}) expires on {{ $expiresAt }}.
 Rotate this token before it expires. API calls using this token will start failing once the expiration time is reached.
 Manage your API tokens [here]({{ $manageUrl }}).
 </x-emails.layout>