feat: Add expiration to access tokens

cf. #275
3 years ago · 220cb1427b
parent 266a762641
commit 220cb1427b
6 changed files with 23 additions and 5 deletions
--- a/client/package-lock.json
+++ b/client/package-lock.json
@ -15,6 +15,7 @@
        "i18next-browser-languagedetector": "^6.1.4",
        "initials": "^3.1.2",
        "js-cookie": "^3.0.1",
+        "jwt-decode": "^3.1.2",
        "lodash": "^4.17.21",
        "node-sass": "^7.0.1",
        "photoswipe": "^5.3.0",
@ -14333,6 +14334,11 @@
        "node": ">=4.0"
      }
    },
+    "node_modules/jwt-decode": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/jwt-decode/-/jwt-decode-3.1.2.tgz",
+      "integrity": "sha512-UfpWE/VZn0iP50d8cz9NrZLM9lSWhcJ+0Gt/nm4by88UL+J1SiKN8/5dkjMmbEzwL2CAe+67GsegCbIKtbp75A=="
+    },
    "node_modules/keyboard-key": {
      "version": "1.1.0",
      "resolved": "https://registry.npmjs.org/keyboard-key/-/keyboard-key-1.1.0.tgz",
@ -35776,6 +35782,11 @@
        "object.assign": "^4.1.2"
      }
    },
+    "jwt-decode": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/jwt-decode/-/jwt-decode-3.1.2.tgz",
+      "integrity": "sha512-UfpWE/VZn0iP50d8cz9NrZLM9lSWhcJ+0Gt/nm4by88UL+J1SiKN8/5dkjMmbEzwL2CAe+67GsegCbIKtbp75A=="
+    },
    "keyboard-key": {
      "version": "1.1.0",
      "resolved": "https://registry.npmjs.org/keyboard-key/-/keyboard-key-1.1.0.tgz",
--- a/client/package.json
+++ b/client/package.json
@ -72,6 +72,7 @@
    "i18next-browser-languagedetector": "^6.1.4",
    "initials": "^3.1.2",
    "js-cookie": "^3.0.1",
+    "jwt-decode": "^3.1.2",
    "lodash": "^4.17.21",
    "node-sass": "^7.0.1",
    "photoswipe": "^5.3.0",
--- a/client/src/constants/Config.js
+++ b/client/src/constants/Config.js
@ -10,7 +10,6 @@ const FETCH_OPTIONS =
      };

 const ACCESS_TOKEN_KEY = 'accessToken';
-const ACCESS_TOKEN_EXPIRES = 365;
 const ACCESS_TOKEN_VERSION_KEY = 'accessTokenVersion';
 const ACCESS_TOKEN_VERSION = '1';

@ -21,7 +20,6 @@ export default {
  SERVER_BASE_URL,
  FETCH_OPTIONS,
  ACCESS_TOKEN_KEY,
-  ACCESS_TOKEN_EXPIRES,
  ACCESS_TOKEN_VERSION_KEY,
  ACCESS_TOKEN_VERSION,
  POSITION_GAP,
--- a/client/src/utils/access-token-storage.js
+++ b/client/src/utils/access-token-storage.js
@ -1,16 +1,20 @@
 import Cookies from 'js-cookie';
+import jwtDecode from 'jwt-decode';

 import Config from '../constants/Config';
 import socket from '../api/socket';

 export const setAccessToken = (accessToken) => {
+  const { exp } = jwtDecode(accessToken);
+  const expires = exp !== undefined ? new Date(exp * 1000) : 365;
+
  Cookies.set(Config.ACCESS_TOKEN_KEY, accessToken, {
-    expires: Config.ACCESS_TOKEN_EXPIRES,
+    expires,
    secure: window.location.protocol === 'https:',
    sameSite: 'strict',
  });
  Cookies.set(Config.ACCESS_TOKEN_VERSION_KEY, Config.ACCESS_TOKEN_VERSION, {
-    expires: Config.ACCESS_TOKEN_EXPIRES,
+    expires,
  });

  socket.headers = { Cookie: document.cookie };
--- a/server/.env.sample
+++ b/server/.env.sample
@ -2,3 +2,5 @@ TZ=UTC
 BASE_URL=http://localhost:1337
 DATABASE_URL=postgresql://postgres@localhost/planka
 SECRET_KEY=notsecretkey
+# In days
+ACCESS_TOKEN_EXPIRES=365
--- a/server/api/helpers/utils/sign-token.js
+++ b/server/api/helpers/utils/sign-token.js
@ -11,6 +11,8 @@ module.exports = {
  },

  fn(inputs) {
-    return jwt.sign({ sub: inputs.payload }, sails.config.session.secret);
+    return jwt.sign({ sub: inputs.payload }, sails.config.session.secret, {
+      expiresIn: `${process.env.ACCESS_TOKEN_EXPIRES}d`,
+    });
  },
 };