🔒 security: Reduce token expiration from 15 days to 7 days

DevaOnBreaches · DevaOnBreaches · commit a99587353a01 · 2025-12-10T18:18:01.000+05:30
diff --git a/utils/security.py b/utils/security.py
@@ -24,8 +24,8 @@ def generate_confirmation_token(email: str) -> str:
     return serializer.dumps(email, salt=SECURITY_SALT)
 
 
-def confirm_token(token: str, expiration: int = 1296000) -> str:
-    """Returns status of confirmation used for validation."""
+def confirm_token(token: str, expiration: int = 604800) -> str:
+    """Returns status of confirmation used for validation (default: 7 days)."""
     try:
         serializer = URLSafeTimedSerializer(SECRET_APIKEY)
         return serializer.loads(token, salt=SECURITY_SALT, max_age=expiration)
diff --git a/utils/token.py b/utils/token.py
@@ -30,9 +30,13 @@ async def generate_confirmation_token(email: str) -> str:
         ) from e
 
 
-async def confirm_token(token: str, expiration: int = 1296000) -> Optional[str]:
+async def confirm_token(token: str, expiration: int = 604800) -> Optional[str]:
     """
     Verify and decode a confirmation token.
+
+    Args:
+        token: The token to verify
+        expiration: Token expiration in seconds (default: 7 days)
     """
     try:
         logger.debug("[TOKEN] Verifying token with expiration: %s", expiration)
