From c428e956bc943f609273766b7ef1f8a0aed2c01c Mon Sep 17 00:00:00 2001 From: Alie Date: Wed, 27 Dec 2023 18:44:09 +0100 Subject: [PATCH] added expiry times to jwt decided against adding refresh tokens due to they not being that usefull in our architecture --- src/controllers/AuthControler.ts | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/src/controllers/AuthControler.ts b/src/controllers/AuthControler.ts index 0d0e95d..e983020 100644 --- a/src/controllers/AuthControler.ts +++ b/src/controllers/AuthControler.ts @@ -2,9 +2,9 @@ import jwt from "jsonwebtoken"; import AuthService from "../services/AuthService"; import { Request, Response, NextFunction } from "express"; -const authTokenSecret = process.env.JWTSECRET || "badsecret"; - class AuthControler { + authTokenSecret = process.env.JWTSECRET || "badsecret"; + async login(req: Request, res: Response) { // Read app and secret from request body const { app, secret } = req.body; @@ -15,7 +15,11 @@ class AuthControler { if (authenticated) { console.log("Authenticated app ", authenticated.app); // Generate an access token - const accessToken = jwt.sign({ app: authenticated.app }, authTokenSecret); + const accessToken = jwt.sign( + { app: authenticated.app }, + this.authTokenSecret, + { expiresIn: "1h" } + ); res.json({ accessToken, @@ -30,17 +34,12 @@ class AuthControler { if (authHeader) { const token = authHeader.split(" ")[1]; - jwt.verify(token, authTokenSecret, (err, user) => { + jwt.verify(token, this.authTokenSecret, (err, app) => { if (err) { return res.status(403).json("Invalid token provided"); } - console.log( - "Authorization provided for ", - next.name, - " to user ", - user - ); + console.log("Authorization provided for ", next.name, " to app ", app); next(); }); } else {