feat: Implement WebUI Token Auto-Renewal (Sliding Window Expiration)#2543
Merged
danielaskdd merged 4 commits intoHKUDS:mainfrom Dec 26, 2025
Merged
feat: Implement WebUI Token Auto-Renewal (Sliding Window Expiration)#2543danielaskdd merged 4 commits intoHKUDS:mainfrom
danielaskdd merged 4 commits intoHKUDS:mainfrom
Conversation
* Add backend token renewal logic * Handle X-New-Token in frontend * Add rate limiting and config options * Implement silent refresh for guests * Add unit tests for renewal logic
- Add /documents/pipeline_status to TOKEN_RENEWAL_SKIP_PATHS - Prevents continuous token renewal from 2-second polling - Allows authenticated users to be logged out after inactivity - Update env.example documentation with all polling intervals
- Change lastTokenRenewal type to string - Add local time formatting helper - Save readable time to localStorage - Fix login arguments in API refresh call
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
feat: Implement WebUI Token Auto-Renewal (Sliding Window Expiration)
Summary
This PR implements automatic token renewal (sliding window expiration) to prevent active users from being unexpectedly logged out when their JWT tokens expire. The feature works across both backend and frontend with built-in rate limiting and path-based exclusions.
Motivation
Previously, users were forcibly logged out when their JWT token expired, even if they were actively using the application. This created a poor user experience, especially for long sessions. This implementation ensures that active users' tokens are automatically renewed before expiration, while guest users can silently re-authenticate without disruption.
Implementation Details
Backend Changes
Configuration (
lightrag/api/config.py)TOKEN_AUTO_RENEW(default:true) - Enable/disable auto-renewalTOKEN_RENEW_THRESHOLD(default:0.5) - Renew when remaining time < 50%TOKEN_EXPIRE_HOURSandGUEST_TOKEN_EXPIRE_HOURSfrominttofloatfor finer controlToken Renewal Logic (
lightrag/api/utils_api.py)X-New-Tokenresponse header/healthand/documents/paginatedCORS Support (
lightrag/api/lightrag_server.py)X-New-Tokentoexpose_headersfor cross-origin accessFrontend Changes
Token Handling (
lightrag_webui/src/api/lightrag.ts)X-New-Tokenheader and updates stored token/auth-statusState Management (
lightrag_webui/src/stores/state.ts)isGuestModeflag to distinguish guest from authenticated usersTests
New Test Suite (
tests/test_token_auto_renewal.py)User Experience
X-New-Tokenheader when < 50% remainingConfiguration
Breaking Changes
None. Feature is enabled by default with backward-compatible behavior.