added expiry times to jwt

decided against adding refresh tokens due to they not being that usefull in our architecture
This commit is contained in:
Alie 2023-12-27 18:44:09 +01:00
parent 95fd50a638
commit c428e956bc
1 changed files with 9 additions and 10 deletions

View File

@ -2,9 +2,9 @@ import jwt from "jsonwebtoken";
import AuthService from "../services/AuthService"; import AuthService from "../services/AuthService";
import { Request, Response, NextFunction } from "express"; import { Request, Response, NextFunction } from "express";
const authTokenSecret = process.env.JWTSECRET || "badsecret";
class AuthControler { class AuthControler {
authTokenSecret = process.env.JWTSECRET || "badsecret";
async login(req: Request, res: Response) { async login(req: Request, res: Response) {
// Read app and secret from request body // Read app and secret from request body
const { app, secret } = req.body; const { app, secret } = req.body;
@ -15,7 +15,11 @@ class AuthControler {
if (authenticated) { if (authenticated) {
console.log("Authenticated app ", authenticated.app); console.log("Authenticated app ", authenticated.app);
// Generate an access token // Generate an access token
const accessToken = jwt.sign({ app: authenticated.app }, authTokenSecret); const accessToken = jwt.sign(
{ app: authenticated.app },
this.authTokenSecret,
{ expiresIn: "1h" }
);
res.json({ res.json({
accessToken, accessToken,
@ -30,17 +34,12 @@ class AuthControler {
if (authHeader) { if (authHeader) {
const token = authHeader.split(" ")[1]; const token = authHeader.split(" ")[1];
jwt.verify(token, authTokenSecret, (err, user) => { jwt.verify(token, this.authTokenSecret, (err, app) => {
if (err) { if (err) {
return res.status(403).json("Invalid token provided"); return res.status(403).json("Invalid token provided");
} }
console.log( console.log("Authorization provided for ", next.name, " to app ", app);
"Authorization provided for ",
next.name,
" to user ",
user
);
next(); next();
}); });
} else { } else {