add tiered auto-expiry based on auth level

tests/test_paste_options.py

@@ -178,8 +178,8 @@ class TestCustomExpiry:
         data = response.get_json()
         assert "expires_at" in data
 
-    def test_invalid_expiry_ignored(self, client):
-        """Invalid X-Expiry values should be ignored."""
+    def test_invalid_expiry_uses_default(self, client):
+        """Invalid X-Expiry values should use default expiry."""
         for value in ["invalid", "-100", "0", ""]:
             response = client.post(
                 "/",
@@ -188,14 +188,16 @@ class TestCustomExpiry:
             )
             assert response.status_code == 201
             data = response.get_json()
-            assert "expires_at" not in data, f"Should not have expiry for: {value}"
+            # Default expiry is applied for anonymous users
+            assert "expires_at" in data, f"Should have default expiry for: {value}"
 
     def test_paste_without_custom_expiry(self, client):
-        """Paste without X-Expiry should not have expires_at."""
+        """Paste without X-Expiry should use default expiry based on auth level."""
         response = client.post("/", data=b"content")
         assert response.status_code == 201
         data = response.get_json()
-        assert "expires_at" not in data
+        # Default expiry is now applied for all users
+        assert "expires_at" in data
 
 
 class TestExpiryCleanup:
@@ -205,7 +207,11 @@ class TestExpiryCleanup:
     def app(self):
         """Create app with very short expiry for testing."""
         app = create_app("testing")
-        app.config["PASTE_EXPIRY_SECONDS"] = 1  # 1 second default
+        # Set tiered expiry to 1 second for all levels
+        app.config["EXPIRY_ANON"] = 1
+        app.config["EXPIRY_UNTRUSTED"] = 1
+        app.config["EXPIRY_TRUSTED"] = 1
+        app.config["PASTE_EXPIRY_SECONDS"] = 1  # Legacy
         app.config["MAX_EXPIRY_SECONDS"] = 10
         return app