User-friendly settings

crates/defguard_common/src/config.rs

@@ -37,11 +37,6 @@ pub struct DefGuardConfig {
     #[arg(long, env = "DEFGUARD_LOG_FILE")]
     pub log_file: Option<String>,
 
-    #[arg(long, env = "DEFGUARD_AUTH_COOKIE_TIMEOUT")]
-    #[serde(skip_serializing)]
-    #[deprecated(since = "2.0.0", note = "Use Settings.auth_cookie_timeout instead")]
-    pub auth_cookie_timeout: Option<Duration>,
-
     #[arg(long, env = "DEFGUARD_SECRET_KEY")]
     #[serde(skip_serializing)]
     #[deprecated(since = "2.0.0", note = "Use Settings.secret_key instead")]

crates/defguard_common/src/db/models/settings.rs

@@ -180,7 +180,6 @@ pub struct Settings {
     pub secret_key: Option<String>,
     pub webauthn_rp_id: Option<String>,
     pub disable_stats_purge: bool,
-    auth_cookie_timeout_days: i32,
     stats_purge_frequency_hours: i32,
     stats_purge_threshold_days: i32,
     enrollment_token_timeout_hours: i32,
@@ -332,7 +331,7 @@ impl Settings {
             ca_key_der, ca_cert_der, ca_expiry, defguard_url, \
             default_admin_group_name, authentication_period_days, mfa_code_timeout_seconds, \
             public_proxy_url, \
-            default_admin_id, auth_cookie_timeout_days, secret_key, webauthn_rp_id, disable_stats_purge, \
+            default_admin_id, secret_key, webauthn_rp_id, disable_stats_purge, \
             stats_purge_frequency_hours, stats_purge_threshold_days, \
             enrollment_token_timeout_hours, password_reset_token_timeout_hours, \
             enrollment_session_timeout_minutes, password_reset_session_timeout_minutes \
@@ -422,16 +421,15 @@ impl Settings {
             mfa_code_timeout_seconds = $55, \
             public_proxy_url = $56, \
             default_admin_id = $57, \
-            auth_cookie_timeout_days = $58, \
-            secret_key = $59, \
-            webauthn_rp_id = $60, \
-            disable_stats_purge = $61, \
-            stats_purge_frequency_hours = $62, \
-            stats_purge_threshold_days = $63, \
-            enrollment_token_timeout_hours = $64, \
-            password_reset_token_timeout_hours = $65, \
-            enrollment_session_timeout_minutes = $66, \
-            password_reset_session_timeout_minutes = $67 \
+            secret_key = $58, \
+            webauthn_rp_id = $59, \
+            disable_stats_purge = $60, \
+            stats_purge_frequency_hours = $61, \
+            stats_purge_threshold_days = $62, \
+            enrollment_token_timeout_hours = $63, \
+            password_reset_token_timeout_hours = $64, \
+            enrollment_session_timeout_minutes = $65, \
+            password_reset_session_timeout_minutes = $66 \
             WHERE id = 1",
             self.openid_enabled,
             self.wireguard_enabled,
@@ -490,7 +488,6 @@ impl Settings {
             self.mfa_code_timeout_seconds,
             self.public_proxy_url,
             self.default_admin_id,
-            self.auth_cookie_timeout_days,
             self.secret_key,
             self.webauthn_rp_id,
             self.disable_stats_purge,
@@ -605,11 +602,6 @@ impl Settings {
         Duration::from_secs(self.authentication_period_days as u64 * 24 * 3600)
     }
 
-    #[must_use]
-    pub fn auth_cookie_timeout(&self) -> Duration {
-        Duration::from_secs(self.auth_cookie_timeout_days as u64 * 24 * 3600)
-    }
-
     #[must_use]
     pub fn stats_purge_frequency(&self) -> Duration {
         Duration::from_secs(self.stats_purge_frequency_hours as u64 * 3600)
@@ -661,9 +653,6 @@ impl Settings {
         let hour = minute * 60;
         let day = hour * 24;
 
-        if let Some(auth_cookie_timeout) = config.auth_cookie_timeout {
-            self.auth_cookie_timeout_days = (auth_cookie_timeout.as_secs() / day) as i32;
-        }
         if let Some(secret_key) = &config.secret_key {
             let secret_key = secret_key.expose_secret();
             if let Err(err) = Settings::validate_secret_key(secret_key) {
@@ -890,9 +879,6 @@ mod test {
         };
         let mut config = DefGuardConfig::new_test_config();
 
-        config.auth_cookie_timeout = Some(Duration::from(std::time::Duration::from_secs(
-            3 * 24 * 3600,
-        )));
         config.secret_key = Some(SecretString::from("a".repeat(64)));
         config.webauthn_rp_id = Some("rp-from-config".into());
         config.enrollment_url = Some(Url::parse("https://proxy.example.com").unwrap());
@@ -917,7 +903,6 @@ mod test {
 
         settings.apply_from_config(&config);
 
-        assert_eq!(settings.auth_cookie_timeout_days, 3);
         assert_eq!(
             settings.secret_key.as_deref(),
             Some("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")

migrations/20260227091211_[2.0.0]_settings_in_db.down.sql

@@ -1,5 +1,4 @@
 ALTER TABLE settings
-    DROP COLUMN auth_cookie_timeout_days,
     DROP COLUMN secret_key,
     DROP COLUMN openid_signing_key,
     DROP COLUMN webauthn_rp_id,

migrations/20260227091211_[2.0.0]_settings_in_db.up.sql

@@ -1,5 +1,4 @@
 ALTER TABLE settings
-    ADD COLUMN auth_cookie_timeout_days int4 NOT NULL DEFAULT 7,
     ADD COLUMN secret_key text,
     ADD COLUMN openid_signing_key text,
     ADD COLUMN webauthn_rp_id text,

web/messages/en/settings.json

@@ -3,19 +3,37 @@
   "settings_page_title": "Settings",
   "settings_breadcrumb_general": "General",
   "settings_breadcrumb_instance": "Instance settings",
+  "settings_breadcrumb_vpn_stats": "VPN stats",
+  "settings_breadcrumb_enrollment": "Enrollment",
+  "settings_breadcrumb_client_behavior": "Client behavior",
   "settings_instance_title": "Instance settings",
   "settings_instance_subtitle": "Here you can configure general instance parameters.",
   "settings_instance_label_name": "Instance name",
   "settings_instance_label_public_proxy_url": "Public Edge Component URL",
   "settings_instance_label_session_duration": "Session duration",
-  "settings_instance_label_auth_cookie_timeout_days": "Auth cookie timeout (days)",
-  "settings_instance_session_duration_1": "1 day",
-  "settings_instance_session_duration_2": "2 days",
-  "settings_instance_session_duration_3": "3 days",
-  "settings_instance_session_duration_7": "7 days",
-  "settings_instance_session_duration_10": "10 days",
-  "settings_instance_session_duration_14": "14 days",
-  "settings_instance_session_duration_30": "30 days",
+  "settings_vpn_stats_title": "VPN stats",
+  "settings_vpn_stats_subtitle": "Configure statistics purge behavior for VPN data.",
+  "settings_vpn_stats_toggle_disable_title": "Disable stats purge",
+  "settings_vpn_stats_label_purge_frequency": "Stats purge frequency",
+  "settings_vpn_stats_label_purge_threshold": "Stats purge threshold",
+  "settings_enrollment_title": "Enrollment",
+  "settings_enrollment_subtitle": "Configure token and session timeouts for enrollment and password reset flows.",
+  "settings_enrollment_label_token_validity": "Enrollment token validity",
+  "settings_enrollment_label_password_reset_token_validity": "Password reset token validity",
+  "settings_enrollment_label_session_expires_in": "Enrollment session expires in",
+  "settings_enrollment_label_password_reset_session_expires_in": "Password reset session expires in",
+  "settings_general_section_instance_content": "Configure your instance name and branding settings. Add a logo to personalize the interface and make it easily recognizable to your users.",
+  "settings_general_section_client_behavior_content": "Manage how users interact with the Defguard client. Control device management permissions, configuration access, and traffic routing options.",
+  "settings_general_section_vpn_stats_content": "Configure VPN statistics cleanup behavior, including purge frequency and retention threshold.",
+  "settings_general_section_enrollment_content": "Set enrollment and password reset token and session timeout values.",
+  "settings_duration_one_day": "1 day",
+  "settings_duration_days": "{days} days",
+  "settings_duration_one_hour": "1 hour",
+  "settings_duration_hours": "{hours} hours",
+  "settings_duration_one_minute": "1 minute",
+  "settings_duration_minutes": "{minutes} minutes",
+  "settings_duration_one_week": "1 week",
+  "settings_duration_one_month": "1 month",
   "settings_activity_log_streaming_title": "Activity log streaming",
   "settings_activity_log_streaming_description": "Monitor and export real-time activity logs from your Defguard instance. Stream events to external systems for auditing, analytics, or security monitoring.",
   "settings_activity_log_streaming_no_upstreams": "You don't have any activity log upstreams.",

web/src/pages/settings/SettingsClientPage/SettingsClientPage.tsx

@@ -32,10 +32,10 @@ import { canUseBusinessFeature } from '../../../shared/utils/license';
 
 const breadcrumbs = [
   <Link to="/settings" search={{ tab: 'general' }} key={0}>
-    General
+    {m.settings_breadcrumb_general()}
   </Link>,
   <Link to="/settings/client" key={1}>
-    Client behavior
+    {m.settings_breadcrumb_client_behavior()}
   </Link>,
 ];