From cff5733f8eb5cba1f915694421f384ed28e950cf Mon Sep 17 00:00:00 2001 From: Sergio Gutierrez Villalba Date: Wed, 12 Jun 2024 14:43:44 +0200 Subject: [PATCH] fix(auth): make the JWT expire always --- src/app/routes/auth.ts | 11 ++--------- src/app/routes/routes.ts | 7 +------ src/app/routes/user.js | 2 +- src/app/services/stripe.js | 2 +- src/app/services/user.js | 2 +- 5 files changed, 6 insertions(+), 18 deletions(-) diff --git a/src/app/routes/auth.ts b/src/app/routes/auth.ts index 51776c7f..34c0e94f 100644 --- a/src/app/routes/auth.ts +++ b/src/app/routes/auth.ts @@ -156,7 +156,7 @@ export class AuthController { this.service.User.UpdateAccountActivity(req.body.email); const userBucket = await this.service.User.GetUserBucket(userData); - const newToken = SignNewToken(userData, this.config.get('secrets').JWT); + const newToken = SignNewToken(userData, this.config.get('secrets').JWT, true); const keyExists = await this.service.KeyServer.keysExists(userData); if (!keyExists && req.body.publicKey) { @@ -205,20 +205,13 @@ export class AuthController { }; const userTeam = null; - // TODO: Not working. Team members can not use team workspace due to this - // if (userTeam) { - // const tokenTeam = Sign(userTeam.bridge_user, App.config.get('secrets').JWT, internxtClient === 'drive-web'); - // return res.status(200).json({ - // user, token, userTeam, tokenTeam - // }); - // } return res.status(200).json({ user, token, userTeam, newToken }); } async getNewToken(req: Request, res: Response) { const authRequest = req as Request & { user: UserAttributes }; - const newToken = SignNewToken(authRequest.user, this.config.get('secrets').JWT); + const newToken = SignNewToken(authRequest.user, this.config.get('secrets').JWT, true); return res.status(200).json({ newToken }); } diff --git a/src/app/routes/routes.ts b/src/app/routes/routes.ts index 2cee24e3..f940b459 100644 --- a/src/app/routes/routes.ts +++ b/src/app/routes/routes.ts @@ -69,12 +69,7 @@ export default (router: Router, service: any, App: any): Router => { service.User.GetUserBucket(userData), ]); - const internxtClient = req.headers['internxt-client']; - const token = Sign( - userData.email, - App.config.get('secrets').JWT, - internxtClient === 'drive-web', - ); + const token = Sign(userData.email, App.config.get('secrets').JWT, true); const user = { email: userData.email, diff --git a/src/app/routes/user.js b/src/app/routes/user.js index cd44c81a..acb8779e 100644 --- a/src/app/routes/user.js +++ b/src/app/routes/user.js @@ -17,7 +17,7 @@ module.exports = (Router, Service, App) => { Service.User.UpdatePasswordMnemonic(req.user, currentPassword, newPassword, newSalt, mnemonic, privateKey) .then(() => { const token = SignWithFutureIAT(req.user.email, App.config.get('secrets').JWT); - const newToken = SignNewTokenWithFutureIAT(req.user, App.config.get('secrets').JWT); + const newToken = SignNewTokenWithFutureIAT(req.user, App.config.get('secrets').JWT, true); res.status(200).send({ token, newToken }); }) .catch((err) => { diff --git a/src/app/services/stripe.js b/src/app/services/stripe.js index 57abf5ea..b59eb541 100644 --- a/src/app/services/stripe.js +++ b/src/app/services/stripe.js @@ -48,7 +48,7 @@ module.exports = () => { const userExistsInPayments = async (user) => { const paymentsUrl = process.env.PAYMENTS_SERVER_URL; - const token = SignNewToken(user, process.env.JWT_SECRET); + const token = SignNewToken(user, process.env.JWT_SECRET, true); try { await axios.get(`${paymentsUrl}/users/exists`, { diff --git a/src/app/services/user.js b/src/app/services/user.js index d8209de6..aeb4b499 100644 --- a/src/app/services/user.js +++ b/src/app/services/user.js @@ -447,7 +447,7 @@ module.exports = (Model, App) => { } // Successfull register - const token = passport.Sign(userData.email, App.config.get('secrets').JWT); + const token = passport.Sign(userData.email, App.config.get('secrets').JWT, true); // Creates user referrals await App.services.UsersReferrals.createUserReferrals(userData.id);