app/config.py

@@ -124,7 +124,6 @@ class Config(pydantic.BaseModel):
     key_path: str | None = None
 
     session_timeout: int = 3600 * 24 * 3  # in seconds, 3 days by default
-    csrf_token_exp: int = 3600
 
     disabled_notifications: list[str] = []
 
@@ -264,7 +263,7 @@ def verify_csrf_token(
     if redirect_url:
         please_try_again = f'<a href="{redirect_url}">please try again</a>'
     try:
-        csrf_serializer.loads(csrf_token, max_age=CONFIG.csrf_token_exp)
+        csrf_serializer.loads(csrf_token, max_age=1800)
     except (itsdangerous.BadData, itsdangerous.SignatureExpired):
         logger.exception("Failed to verify CSRF token")
         raise HTTPException(

app/models.py

@@ -1,5 +1,4 @@
 import enum
-from datetime import datetime
 from typing import Any
 from typing import Optional
 from typing import Union
@@ -437,7 +436,7 @@ class OutboxObjectAttachment(Base):
     outbox_object_id = Column(Integer, ForeignKey("outbox.id"), nullable=False)
 
     upload_id = Column(Integer, ForeignKey("upload.id"), nullable=False)
-    upload: Mapped["Upload"] = relationship(Upload, uselist=False)
+    upload = relationship(Upload, uselist=False)
 
 
 class IndieAuthAuthorizationRequest(Base):
@@ -460,9 +459,7 @@ class IndieAuthAccessToken(Base):
     __tablename__ = "indieauth_access_token"
 
     id = Column(Integer, primary_key=True, index=True)
-    created_at: Mapped[datetime] = Column(
-        DateTime(timezone=True), nullable=False, default=now
-    )
+    created_at = Column(DateTime(timezone=True), nullable=False, default=now)
 
     # Will be null for personal access tokens
     indieauth_authorization_request_id = Column(
@@ -473,9 +470,9 @@ class IndieAuthAccessToken(Base):
         uselist=False,
     )
 
-    access_token: Mapped[str] = Column(String, nullable=False, unique=True, index=True)
+    access_token = Column(String, nullable=False, unique=True, index=True)
     refresh_token = Column(String, nullable=True, unique=True, index=True)
-    expires_in: Mapped[int] = Column(Integer, nullable=False)
+    expires_in = Column(Integer, nullable=False)
     scope = Column(String, nullable=False)
     is_revoked = Column(Boolean, nullable=False, default=False)
     was_refreshed = Column(Boolean, nullable=False, default=False, server_default="0")

app/uploads.py

@@ -60,7 +60,7 @@ async def save_upload(db_session: AsyncSession, f: UploadFile) -> models.Upload:
             destination_image.putdata(original_image.getdata())
             destination_image.save(
                 dest_filename,
-                format=_original_image.format,  # type: ignore
+                format=_original_image.format,
             )
 
             with open(dest_filename, "rb") as dest_f: