Merge pull request #10328 from appwrite/fix-dynamic-key-expiration

Feat: Increase dynamic API key expiration
2026-05-06 06:48:22 +00:00 · 2025-08-15 13:02:16 +02:00 · 2025-08-15 13:02:16 +02:00 · 2ffdfd10d4
commit 2ffdfd10d4
parent bb407a6493 23bc39254c
4 changed files with 18 additions and 15 deletions
--- a/app/controllers/general.php
+++ b/app/controllers/general.php
@ -361,7 +361,7 @@ function router(App $utopia, Database $dbForPlatform, callable $getProjectDB, Sw
        $headers['x-appwrite-continent-code'] = '';
        $headers['x-appwrite-continent-eu'] = 'false';

-        $jwtExpiry = $resource->getAttribute('timeout', 900);
+        $jwtExpiry = $resource->getAttribute('timeout', 900) + 60; // 1min extra to account for possible cold-starts
        $jwtObj = new JWT(System::getEnv('_APP_OPENSSL_KEY_V1'), 'HS256', $jwtExpiry, 0);
        $jwtKey = $jwtObj->encode([
            'projectId' => $project->getId(),
--- a/composer.lock
+++ b/composer.lock
@ -758,23 +758,26 @@
        },
        {
            "name": "google/protobuf",
-            "version": "v4.31.1",
+            "version": "v4.32.0",
            "source": {
                "type": "git",
                "url": "https://github.com/protocolbuffers/protobuf-php.git",
-                "reference": "2b028ce8876254e2acbeceea7d9b573faad41864"
+                "reference": "9a9a92ecbe9c671dc1863f6d4a91ea3ea12c8646"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/protocolbuffers/protobuf-php/zipball/2b028ce8876254e2acbeceea7d9b573faad41864",
-                "reference": "2b028ce8876254e2acbeceea7d9b573faad41864",
+                "url": "https://api.github.com/repos/protocolbuffers/protobuf-php/zipball/9a9a92ecbe9c671dc1863f6d4a91ea3ea12c8646",
+                "reference": "9a9a92ecbe9c671dc1863f6d4a91ea3ea12c8646",
                "shasum": ""
            },
            "require": {
-                "php": ">=7.0.0"
+                "php": ">=8.1.0"
+            },
+            "provide": {
+                "ext-protobuf": "*"
            },
            "require-dev": {
-                "phpunit/phpunit": ">=5.0.0"
+                "phpunit/phpunit": ">=5.0.0 <8.5.27"
            },
            "suggest": {
                "ext-bcmath": "Need to support JSON deserialization"
@ -796,9 +799,9 @@
                "proto"
            ],
            "support": {
-                "source": "https://github.com/protocolbuffers/protobuf-php/tree/v4.31.1"
+                "source": "https://github.com/protocolbuffers/protobuf-php/tree/v4.32.0"
            },
-            "time": "2025-05-28T18:52:35+00:00"
+            "time": "2025-08-14T20:00:33+00:00"
        },
        {
            "name": "league/csv",
@ -8399,7 +8402,7 @@
    ],
    "aliases": [],
    "minimum-stability": "stable",
-    "stability-flags": {},
+    "stability-flags": [],
    "prefer-stable": false,
    "prefer-lowest": false,
    "platform": {
@ -8423,5 +8426,5 @@
    "platform-overrides": {
        "php": "8.3"
    },
-    "plugin-api-version": "2.6.0"
+    "plugin-api-version": "2.3.0"
 }
--- a/src/Appwrite/Platform/Modules/Functions/Http/Executions/Create.php
+++ b/src/Appwrite/Platform/Modules/Functions/Http/Executions/Create.php
@ -205,7 +205,7 @@ class Create extends Base
            }

            if (!$current->isEmpty()) {
-                $jwtExpiry = $function->getAttribute('timeout', 900);
+                $jwtExpiry = $function->getAttribute('timeout', 900) + 60; // 1min extra to account for possible cold-starts
                $jwtObj = new JWT(System::getEnv('_APP_OPENSSL_KEY_V1'), 'HS256', $jwtExpiry, 0);
                $jwt = $jwtObj->encode([
                    'userId' => $user->getId(),
@ -214,7 +214,7 @@ class Create extends Base
            }
        }

-        $jwtExpiry = $function->getAttribute('timeout', 900);
+        $jwtExpiry = $function->getAttribute('timeout', 900) + 60; // 1min extra to account for possible cold-starts
        $jwtObj = new JWT(System::getEnv('_APP_OPENSSL_KEY_V1'), 'HS256', $jwtExpiry, 0);
        $apiKey = $jwtObj->encode([
            'projectId' => $project->getId(),
--- a/src/Appwrite/Platform/Workers/Functions.php
+++ b/src/Appwrite/Platform/Workers/Functions.php
@ -101,7 +101,7 @@ class Functions extends Action
        }

        if (empty($jwt) && !$user->isEmpty()) {
-            $jwtExpiry = $function->getAttribute('timeout', 900);
+            $jwtExpiry = $function->getAttribute('timeout', 900) + 60; // 1min extra to account for possible cold-starts
            $jwtObj = new JWT(System::getEnv('_APP_OPENSSL_KEY_V1'), 'HS256', $jwtExpiry, 0);
            $jwt = $jwtObj->encode([
                'userId' => $user->getId(),
@ -390,7 +390,7 @@ class Functions extends Action

        $runtime = $runtimes[$function->getAttribute('runtime')];

-        $jwtExpiry = $function->getAttribute('timeout', 900);
+        $jwtExpiry = $function->getAttribute('timeout', 900) + 60; // 1min extra to account for possible cold-starts
        $jwtObj = new JWT(System::getEnv('_APP_OPENSSL_KEY_V1'), 'HS256', $jwtExpiry, 0);
        $apiKey = $jwtObj->encode([
            'projectId' => $project->getId(),