fix(auth): do not allow without-expiration tokens

internxt · Jun 12, 2024 · 68f00d0 · 68f00d0
1 parent cff5733
commit 68f00d0
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/src/config/initializers/middleware.js b/src/config/initializers/middleware.js
@@ -157,6 +157,12 @@ module.exports = (App, Config) => {
    */
   Passport.use(
     new JwtStrategy(passportOpts, (payload, done) => {
+      const tokenWithoutExpiration = !payload.exp;
+
+      if (tokenWithoutExpiration) {
+        return done(new Error('Invalid token, sign in again'));
+      }
+
       /* Temporal compatibility with old JWT
        * BEGIN
        */