File token chores (#4664)

* Missing file token chores

* Make whole idea folder ignored

.gitignore

@@ -1,6 +1,6 @@
 **/**/.env
 .DS_Store
-.idea/workspace.xml
+/.idea
 **/**/node_modules/
 
 # yarn is the recommended package manager across the project

packages/twenty-docker/prod/docker-compose.yml

@@ -22,6 +22,7 @@ services:
       ACCESS_TOKEN_SECRET: ${ACCESS_TOKEN_SECRET}
       LOGIN_TOKEN_SECRET: ${LOGIN_TOKEN_SECRET}
       REFRESH_TOKEN_SECRET: ${REFRESH_TOKEN_SECRET}
+      FILE_TOKEN_SECRET: ${FILE_TOKEN_SECRET}
     depends_on:
       db:
         condition: service_healthy

packages/twenty-docs/docs/start/self-hosting/cloud-providers.mdx

@@ -261,6 +261,7 @@ resource "azapi_update_resource" "cors" {
 resource "random_uuid" "access_token_secret" {}
 resource "random_uuid" "login_token_secret" {}
 resource "random_uuid" "refresh_token_secret" {}
+resource "random_uuid" "file_token_secret" {}
 
 resource "azurerm_container_app" "twenty_server" {
   name                         = local.server_name
@@ -338,6 +339,10 @@ resource "azurerm_container_app" "twenty_server" {
         name  = "REFRESH_TOKEN_SECRET"
         value = random_uuid.refresh_token_secret.result
       }
+      env {
+        name  = "FILE_TOKEN_SECRET"
+        value = random_uuid.file_token_secret.result
+      }
     }
   }
 }

packages/twenty-docs/docs/start/self-hosting/docker-compose.mdx

@@ -14,6 +14,7 @@ sidebar_custom_props:
 ACCESS_TOKEN_SECRET=replace_me_with_a_random_string_access
 LOGIN_TOKEN_SECRET=replace_me_with_a_random_string_login
 REFRESH_TOKEN_SECRET=replace_me_with_a_random_string_refresh
+FILE_TOKEN_SECRET=replace_me_with_a_random_string_refresh
 ```
 
 4. Create a `docker-compose.yml` file from the example below.
@@ -76,6 +77,7 @@ services:
       - ACCESS_TOKEN_SECRET=${ACCESS_TOKEN_SECRET}
       - LOGIN_TOKEN_SECRET=${LOGIN_TOKEN_SECRET}
       - REFRESH_TOKEN_SECRET=${REFRESH_TOKEN_SECRET}
+      - FILE_TOKEN_SECRET=${FILE_TOKEN_SECRET}
       # Uncomment if behind a reverse proxy
       # - SERVER_URL=${SERVER_URL}
     depends_on:

packages/twenty-docs/docs/start/self-hosting/self-hosting.mdx

@@ -59,6 +59,8 @@ import TabItem from '@theme/TabItem';
     ['REFRESH_TOKEN_SECRET', '<random>', 'Secret used for the refresh tokens'],
     ['REFRESH_TOKEN_EXPIRES_IN', '90d', 'Refresh token expiration time'],
     ['REFRESH_TOKEN_COOL_DOWN', '1m', 'Refresh token cooldown'],
+    ['FILE_TOKEN_SECRET', '<random>', 'Secret used for the file tokens'],
+    ['FILE_TOKEN_EXPIRES_IN', '1d', 'File token expiration time'],
     ['API_TOKEN_EXPIRES_IN', '1000y', 'Api token expiration time'],
     ]}></OptionTable>
 

packages/twenty-server/.env.example

@@ -19,6 +19,7 @@ SIGN_IN_PREFILLED=true
 # LOGIN_TOKEN_EXPIRES_IN=15m
 # API_TOKEN_EXPIRES_IN=1000y
 # REFRESH_TOKEN_EXPIRES_IN=90d
+# FILE_TOKEN_EXPIRES_IN=1d
 # FRONT_AUTH_CALLBACK_URL=http://localhost:3001/verify
 # AUTH_GOOGLE_ENABLED=false
 # MESSAGING_PROVIDER_GMAIL_ENABLED=false

packages/twenty-server/.env.test

@@ -9,7 +9,7 @@ FRONT_BASE_URL=http://localhost:3001
 ACCESS_TOKEN_SECRET=secret_jwt
 LOGIN_TOKEN_SECRET=secret_login_tokens
 REFRESH_TOKEN_SECRET=secret_refresh_token
-FILE_TOKEN_SECRET=replace_me_with_a_random_string_refresh
+FILE_TOKEN_SECRET=secret_file_token
 
 # ———————— Optional ————————
 # DEBUG_MODE=false
@@ -17,6 +17,7 @@ FILE_TOKEN_SECRET=replace_me_with_a_random_string_refresh
 # ACCESS_TOKEN_EXPIRES_IN=30m
 # LOGIN_TOKEN_EXPIRES_IN=15m
 # REFRESH_TOKEN_EXPIRES_IN=90d
+# FILE_TOKEN_EXPIRES_IN=1d
 # FRONT_AUTH_CALLBACK_URL=http://localhost:3001/verify
 # AUTH_GOOGLE_ENABLED=false
 # MESSAGING_PROVIDER_GMAIL_ENABLED=false

render.yaml

@@ -32,6 +32,8 @@ services:
       generateValue: true
     - key: REFRESH_TOKEN_SECRET
       generateValue: true
+    - key: FILE_TOKEN_SECRET
+      generateValue: true
     - key: PG_DATABASE_HOST
       fromService:
         name: twenty_postgres