diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 840f3c8..5f14801 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -14,7 +14,8 @@ jobs: build-and-push: runs-on: ubuntu-latest env: - IMAGE_NAME: ghcr.io/${{ github.repository }} + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} steps: - name: Checkout uses: actions/checkout@v4 @@ -22,7 +23,7 @@ jobs: - name: Set image name shell: bash run: | - echo "IMAGE_NAME=ghcr.io/${GITHUB_REPOSITORY,,}" >> "$GITHUB_ENV" + echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >> "$GITHUB_ENV" - name: Set up QEMU uses: docker/setup-qemu-action@v3 @@ -33,9 +34,18 @@ jobs: - name: Login to GHCR uses: docker/login-action@v3 with: - registry: ghcr.io + registry: ${{ env.REGISTRY }} username: ${{ github.actor }} - password: ${{ secrets.GHCR_PAT }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=raw,value=latest + type=sha,prefix= - name: Build and push uses: docker/build-push-action@v5 @@ -43,6 +53,7 @@ jobs: context: . push: true platforms: linux/amd64,linux/arm64 - tags: | - ${{ env.IMAGE_NAME }}:latest - ${{ env.IMAGE_NAME }}:${{ github.sha }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/app/core/config.py b/app/core/config.py index 3267862..011970f 100644 --- a/app/core/config.py +++ b/app/core/config.py @@ -31,6 +31,11 @@ class Settings(BaseSettings): POSTGRES_HOST: str = "localhost" POSTGRES_PORT: int = 5432 + # Mobile auth/session defaults + MOBILE_SESSION_LIMIT: int = 3 + MOBILE_SESSION_TTL_SECONDS: int = 180 + MOBILE_SESSION_DAYS: int = 7 + # Security jwt_secret: str jwt_algorithm: str = "HS256" diff --git a/app/service/face_embedding.py b/app/service/face_embedding.py index f71c906..7d4f6d4 100644 --- a/app/service/face_embedding.py +++ b/app/service/face_embedding.py @@ -3,9 +3,9 @@ import asyncio from typing import List, Literal, Optional, Sequence, Tuple, TypedDict -import cv2 +import cv2 # type: ignore import numpy as np -from insightface.app import FaceAnalysis # type: ignore +from insightface.app import FaceAnalysis # type: ignore[import-untyped] from app.core.exceptions import AppException diff --git a/app/service/users.py b/app/service/users.py index ecfaf91..a7b3434 100644 --- a/app/service/users.py +++ b/app/service/users.py @@ -12,6 +12,7 @@ decode_refresh_mobile_token, Get_expiry_time, ) +from app.core.config import settings from app.infra.redis import RedisClient from app.schema.request.mobile.auth import MobileAuthRequest @@ -28,8 +29,8 @@ class AuthService: user_querier: user_queries.AsyncQuerier device_querier: device_queries.AsyncQuerier session_querier: session_queries.AsyncQuerier - SESSION_LIMIT = 3 - REDIS_SESSION_TTL = 180 + SESSION_LIMIT = settings.MOBILE_SESSION_LIMIT + REDIS_SESSION_TTL = settings.MOBILE_SESSION_TTL_SECONDS def __init__( self, @@ -84,7 +85,9 @@ async def mobile_register_login( raise AppException.forbidden("Maximum session limit reached") device_id = req.device_id - expires_at = datetime.now(timezone.utc) + timedelta(days=7) + expires_at = datetime.now(timezone.utc) + timedelta( + days=settings.MOBILE_SESSION_DAYS + ) device = await self.device_querier.create_device( arg=device_queries.CreateDeviceParams(