Use session_secret for signed auth session tokens

backend/app/utils/constants.py

@@ -30,9 +30,12 @@ DEFAULT_DATABASE_PATH: Final[str] = "bangui.db"
 DEFAULT_SESSION_DURATION_MINUTES: Final[int] = 60
 """Default session lifetime in minutes."""
 
-SESSION_TOKEN_BYTES: Final[int] = 64
+SESSION_TOKEN_BYTES: Final[int] = 32
 """Number of random bytes used when generating a session token."""
 
+SESSION_TOKEN_SIGNATURE_SEPARATOR: Final[str] = "."
+"""Separator used to append a signature to a signed session token."""
+
 # ---------------------------------------------------------------------------
 # Time-range presets (used by dashboard and history endpoints)
 # ---------------------------------------------------------------------------