seatable · freeplant · Dec 9, 2024 · Dec 7, 2024
diff --git a/dtable_events/utils/dtable_web_api.py b/dtable_events/utils/dtable_web_api.py
@@ -160,7 +160,7 @@ def run_script(self, dtable_uuid, script_name, context_data, owner, org_id, scri
             'operator': operator
         }, headers=headers, timeout=10)
         return parse_response(response)
-    
+
     def get_users_common_info(self, user_id_list):
         url = self.dtable_web_service_url + '/api/v2.1/users-common-info/'
         json_data = {
@@ -179,15 +179,18 @@ def internal_add_notification(self, to_users, msg_type, detail):
         url = '%(server_url)s/api/v2.1/internal-notifications/?from=dtable_events' % {
             'server_url': self.dtable_web_service_url
         }
-        token = jwt.encode({}, DTABLE_PRIVATE_KEY, algorithm='HS256')
+        payload = {
+            'exp': int(time.time()) + 60
+        }
+        token = jwt.encode(payload, DTABLE_PRIVATE_KEY, algorithm='HS256')
         headers = {'Authorization': 'Token ' + token}
         resp = requests.post(url, json={
             'detail': detail,
             'to_users': to_users,
             'type': msg_type
         }, headers=headers)
         return parse_response(resp)
-    
+
     def internal_submit_row_workflow(self, workflow_token, row_id, rule_id=None):
         logger.debug('internal submit row workflow token: %s row_id: %s rule_id: %s', workflow_token, row_id, rule_id)
         url = '%(server_url)s/api/v2.1/workflows/%(workflow_token)s/internal-task-submit/' % {
@@ -201,6 +204,10 @@ def internal_submit_row_workflow(self, workflow_token, row_id, rule_id=None):
         }
         if rule_id:
             data['automation_rule_id'] = rule_id
-        header_token = 'Token ' + jwt.encode({'token': workflow_token}, DTABLE_PRIVATE_KEY, 'HS256')
+        payload = {
+            'exp': int(time.time()) + 60,
+            'token': workflow_token
+        }
+        header_token = 'Token ' + jwt.encode(payload, DTABLE_PRIVATE_KEY, 'HS256')
         resp = requests.post(url, data=data, headers={'Authorization': header_token}, timeout=30)
         return parse_response(resp)