perf: 统一 connect token 配置名称

apps/authentication/models/connection_token.py

@@ -21,7 +21,7 @@ from terminal.models import Applet
 
 
 def date_expired_default():
-    return timezone.now() + timedelta(seconds=settings.CONNECTION_TOKEN_EXPIRATION)
+    return timezone.now() + timedelta(seconds=settings.CONNECTION_TOKEN_ONETIME_EXPIRATION)
 
 
 class ConnectionToken(JMSOrgBaseModel):

apps/authentication/serializers/connection_token.py

@@ -70,7 +70,7 @@ class ConnectionTokenUpdateSerializer(ConnectionTokenSerializer):
         if delta.total_seconds() > 3600 * 24:
             return self.instance.date_expired
 
-        seconds = settings.CONNECTION_TOKEN_EXPIRATION_MAX
+        seconds = settings.CONNECTION_TOKEN_REUSABLE_EXPIRATION
         return timezone.now() + timezone.timedelta(seconds=seconds)
 
     @staticmethod

apps/jumpserver/conf.py

@@ -231,8 +231,8 @@ class Config(dict):
         'SESSION_COOKIE_AGE': 3600 * 24,
         'SESSION_EXPIRE_AT_BROWSER_CLOSE': False,
         'LOGIN_URL': reverse_lazy('authentication:login'),
-        'CONNECTION_TOKEN_EXPIRATION': 5 * 60,  # 默认
-        'CONNECTION_TOKEN_EXPIRATION_MAX': 60 * 60 * 24 * 30,  # 最大
+        'CONNECTION_TOKEN_ONETIME_EXPIRATION': 5 * 60,  # 默认
+        'CONNECTION_TOKEN_REUSABLE_EXPIRATION': 60 * 60 * 24 * 30,  # 最大
         'CONNECTION_TOKEN_REUSABLE': False,
 
         # Custom Config
@@ -558,6 +558,11 @@ class Config(dict):
         'FTP_FILE_MAX_STORE': 100,
     }
 
+    old_config_map = {
+        'CONNECTION_TOKEN_ONETIME_EXPIRATION': 'CONNECTION_TOKEN_EXPIRATION',
+        'CONNECTION_TOKEN_REUSABLE_EXPIRATION': 'CONNECTION_TOKEN_EXPIRATION_MAX',
+    }
+
     def __init__(self, *args):
         super().__init__(*args)
         self.secret_encryptor = ConfigCrypto.get_secret_encryptor()
@@ -698,13 +703,19 @@ class Config(dict):
             value = self.convert_type(item, value)
         return value
 
-    def get(self, item):
+    def get(self, item, default=None):
         # 再从配置文件中获取
         value = self.get_from_config(item)
         if value is None:
             value = self.get_from_env(item)
+
+        # 因为要递归，所以优先从上次返回的递归中获取
+        if default is None:
+            default = self.defaults.get(item)
+        if value is None and item in self.old_config_map:
+            return self.get(self.old_config_map[item], default)
         if value is None:
-            value = self.defaults.get(item)
+            value = default
         if self.secret_encryptor:
             value = self.secret_encryptor.decrypt_if_need(value, item)
         return value

apps/jumpserver/settings/auth.py

@@ -175,13 +175,9 @@ AUTH_OAUTH2_LOGOUT_URL_NAME = "authentication:oauth2:logout"
 AUTH_TEMP_TOKEN = CONFIG.AUTH_TEMP_TOKEN
 
 # Other setting
+# 这个是 User Login Private Token
 TOKEN_EXPIRATION = CONFIG.TOKEN_EXPIRATION
 OTP_IN_RADIUS = CONFIG.OTP_IN_RADIUS
-# Connection token
-CONNECTION_TOKEN_EXPIRATION = CONFIG.CONNECTION_TOKEN_EXPIRATION
-if CONNECTION_TOKEN_EXPIRATION < 5 * 60:
-    # 最少5分钟
-    CONNECTION_TOKEN_EXPIRATION = 5 * 60
 
 RBAC_BACKEND = 'rbac.backends.RBACBackend'
 AUTH_BACKEND_MODEL = 'authentication.backends.base.JMSModelBackend'

apps/jumpserver/settings/custom.py

@@ -133,8 +133,13 @@ TICKETS_ENABLED = CONFIG.TICKETS_ENABLED
 REFERER_CHECK_ENABLED = CONFIG.REFERER_CHECK_ENABLED
 
 CONNECTION_TOKEN_ENABLED = CONFIG.CONNECTION_TOKEN_ENABLED
+# Connection token
+CONNECTION_TOKEN_ONETIME_EXPIRATION = CONFIG.CONNECTION_TOKEN_ONETIME_EXPIRATION
+if CONNECTION_TOKEN_ONETIME_EXPIRATION < 5 * 60:
+    # 最少5分钟
+    CONNECTION_TOKEN_ONETIME_EXPIRATION = 5 * 60
 CONNECTION_TOKEN_REUSABLE = CONFIG.CONNECTION_TOKEN_REUSABLE
-CONNECTION_TOKEN_EXPIRATION_MAX = CONFIG.CONNECTION_TOKEN_EXPIRATION_MAX
+CONNECTION_TOKEN_REUSABLE_EXPIRATION = CONFIG.CONNECTION_TOKEN_REUSABLE_EXPIRATION
 
 FORGOT_PASSWORD_URL = CONFIG.FORGOT_PASSWORD_URL