From a36902866aa392cccbc4718e34df7116a306c683 Mon Sep 17 00:00:00 2001
From: constanttime <rak1729e@gmail.com>
Date: Thu, 2 Oct 2025 17:31:21 +0530
Subject: [PATCH] feat: Configurable Verification Email Expiry Time

---
 api/server/services/AuthService.js   | 10 ++++++++--
 librechat.example.yaml               |  1 +
 packages/data-provider/src/config.ts |  3 ++-
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/api/server/services/AuthService.js b/api/server/services/AuthService.js
index 0098e54124..f487164246 100644
--- a/api/server/services/AuthService.js
+++ b/api/server/services/AuthService.js
@@ -81,6 +81,9 @@ const createTokenHash = () => {
  * @returns {Promise<void>}
  */
 const sendVerificationEmail = async (user) => {
+  const appConfig = await getAppConfig();
+  const emailVerificationExpiry = appConfig?.registration?.emailVerificationExpiry || 900;
+
   const [verifyToken, hash] = createTokenHash();
 
   const verificationLink = `${
@@ -103,7 +106,7 @@ const sendVerificationEmail = async (user) => {
     email: user.email,
     token: hash,
     createdAt: Date.now(),
-    expiresIn: 900,
+    expiresIn: emailVerificationExpiry,
   });
 
   logger.info(`[sendVerificationEmail] Verification link issued. [Email: ${user.email}]`);
@@ -472,6 +475,9 @@ const setOpenIDAuthTokens = (tokenset, res, userId) => {
 const resendVerificationEmail = async (req) => {
   try {
     const { email } = req.body;
+    const appConfig = await getAppConfig();
+    const emailVerificationExpiry = appConfig?.registration?.emailVerificationExpiry || 900;
+
     await deleteTokens({ email });
     const user = await findUser({ email }, 'email _id name');
 
@@ -503,7 +509,7 @@ const resendVerificationEmail = async (req) => {
       email: user.email,
       token: hash,
       createdAt: Date.now(),
-      expiresIn: 900,
+      expiresIn: emailVerificationExpiry,
     });
 
     logger.info(`[resendVerificationEmail] Verification link issued. [Email: ${user.email}]`);
diff --git a/librechat.example.yaml b/librechat.example.yaml
index 04e088aa38..04e2a1de0b 100644
--- a/librechat.example.yaml
+++ b/librechat.example.yaml
@@ -111,6 +111,7 @@ registration:
   socialLogins: ['github', 'google', 'discord', 'openid', 'facebook', 'apple', 'saml']
   # allowedDomains:
   # - "gmail.com"
+  # emailVerificationExpiry: 900  # Email verification link expiry time in seconds (default: 900 = 15 minutes)
 
 # Example Balance settings
 # balance:
diff --git a/packages/data-provider/src/config.ts b/packages/data-provider/src/config.ts
index c3f872eaec..3dc674c2d4 100644
--- a/packages/data-provider/src/config.ts
+++ b/packages/data-provider/src/config.ts
@@ -840,8 +840,9 @@ export const configSchema = z.object({
     .object({
       socialLogins: z.array(z.string()).optional(),
       allowedDomains: z.array(z.string()).optional(),
+      emailVerificationExpiry: z.number().default(900),
     })
-    .default({ socialLogins: defaultSocialLogins }),
+    .default({ socialLogins: defaultSocialLogins, emailVerificationExpiry: 900 }),
   balance: balanceSchema.optional(),
   transactions: transactionsSchema.optional(),
   speech: z