allow to configure JWT tokens and cookies duration

Fixes #1839

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>

internal/httpd/httpd.go

@@ -859,6 +859,12 @@ type Conf struct {
 	// By default all the available security checks are enabled. Set to 1 to disable the requirement
 	// that a token must be used by the same IP for which it was issued.
 	TokenValidation int `json:"token_validation" mapstructure:"token_validation"`
+	// CookieLifetime defines the duration of cookies for WebAdmin and WebClient
+	CookieLifetime int `json:"cookie_lifetime" mapstructure:"cookie_lifetime"`
+	// ShareCookieLifetime defines the duration of cookies for public shares
+	ShareCookieLifetime int `json:"share_cookie_lifetime" mapstructure:"share_cookie_lifetime"`
+	// JWTLifetime defines the duration of JWT tokens used in REST API
+	JWTLifetime int `json:"jwt_lifetime" mapstructure:"jwt_lifetime"`
 	// MaxUploadFileSize Defines the maximum request body size, in bytes, for Web Client/API HTTP upload requests.
 	// 0 means no limit
 	MaxUploadFileSize int64 `json:"max_upload_file_size" mapstructure:"max_upload_file_size"`
@@ -1095,7 +1101,8 @@ func (c *Conf) Initialize(configDir string, isShared int) error {
 	maxUploadFileSize = c.MaxUploadFileSize
 	installationCode = c.Setup.InstallationCode
 	installationCodeHint = c.Setup.InstallationCodeHint
-	startCleanupTicker(tokenDuration / 2)
+	updateTokensDuration(c.JWTLifetime, c.CookieLifetime, c.ShareCookieLifetime)
+	startCleanupTicker(10 * time.Minute)
 	c.setTokenValidationMode()
 	return <-exitChannel
 }