From c44a952d0e72b079e03161a15e6bb2124803ee12 Mon Sep 17 00:00:00 2001
From: xeruf <27jf@pm.me>
Date: Sat, 9 Oct 2021 19:34:54 +0200
Subject: [PATCH 1/2] deploy: draft Caddyfile template

---
 deploy/Caddyfile.template | 57 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 deploy/Caddyfile.template

diff --git a/deploy/Caddyfile.template b/deploy/Caddyfile.template
new file mode 100644
index 00000000..55c67562
--- /dev/null
+++ b/deploy/Caddyfile.template
@@ -0,0 +1,57 @@
+# This template makes the funkwhale web-interface accessible
+# Music-streaming is still broken
+yourdomain.funkwhale {
+  log {
+    output file /var/log/caddy/funkwhale.json
+  }
+
+  encode gzip
+
+  # Not quite sure on this
+  rewrite /rest/* /api/subsonic/{path}
+
+  route /front/* {
+    uri strip_prefix /front
+    root * {$FUNKWHALE_FRONTEND_PATH:/srv/funkwhale/front/dist}
+    file_server
+  }
+
+  route /staticfiles/* {
+    # django static files
+    uri strip_prefix /staticfiles
+    root * {$STATIC_ROOT:/srv/funkwhale/data/static}
+    file_server
+  }
+
+  ## location /media/ {
+  ##   alias ${MEDIA_ROOT}/;
+  ## }
+
+  ## location /_protected/media {
+  ##   # this is an internal location that is used to serve
+  ##   # audio files once correct permission / authentication
+  ##   # has been checked on API side
+  ##   internal;
+  ##   alias   ${MEDIA_ROOT};
+  ## }
+
+  ## # Comment the previous location and uncomment this one if you're storing
+  ## # media files in a S3 bucket
+  ## # location ~ /_protected/media/(.+) {
+  ## #   internal;
+  ## #   # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932
+  ## #   proxy_set_header Authorization "";
+  ## #   proxy_pass $1;
+  ## # }
+
+  ## location /_protected/music {
+  ##   # this is an internal location that is used to serve
+  ##   # audio files once correct permission / authentication
+  ##   # has been checked on API side
+  ##   # Set this to the same value as your MUSIC_DIRECTORY_PATH setting
+  ##   internal;
+  ##   alias   ${MUSIC_DIRECTORY_SERVE_PATH};
+  ## }
+
+  reverse_proxy 127.0.0.1:5000
+}

From 60347ccd8cbcc083b44aed4359dea2c53bc4f68e Mon Sep 17 00:00:00 2001
From: Georg Krause <mail@georg-krause.net>
Date: Fri, 19 Nov 2021 11:55:10 +0100
Subject: [PATCH 2/2] Allow oauth token expiration time to be configured

---
 api/config/settings/common.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/api/config/settings/common.py b/api/config/settings/common.py
index b86b5521..d9b2df10 100644
--- a/api/config/settings/common.py
+++ b/api/config/settings/common.py
@@ -621,7 +621,9 @@ OAUTH2_PROVIDER = {
     # we keep expired tokens for 15 days, for tracability
     "REFRESH_TOKEN_EXPIRE_SECONDS": 3600 * 24 * 15,
     "AUTHORIZATION_CODE_EXPIRE_SECONDS": 5 * 60,
-    "ACCESS_TOKEN_EXPIRE_SECONDS": 60 * 60 * 10,
+    "ACCESS_TOKEN_EXPIRE_SECONDS": env.int(
+        "ACCESS_TOKEN_EXPIRE_SECONDS", default=60 * 60 * 10
+    ),
     "OAUTH2_SERVER_CLASS": "funkwhale_api.users.oauth.server.OAuth2Server",
 }
 OAUTH2_PROVIDER_APPLICATION_MODEL = "users.Application"