feat: make access token duration configurable when creating client/secret

2026-01-09 23:40:06 +00:00 · 2022-11-10 19:43:06 +05:00
parent 4c874c2c39
commit 2413c05fea
6 changed files with 44 additions and 13 deletions
--- a/api/src/controllers/auth.ts
+++ b/api/src/controllers/auth.ts
@@ -8,6 +8,7 @@ import {
  removeTokensInDB,
  saveTokensInDB
 } from '../utils'
+import Client from '../model/Client'

@Route('SASjsApi/auth')
@Tags('Auth')
@@ -83,7 +84,13 @@ const token = async (data: any): Promise<TokenResponse> => {
    }
  }

-  const accessToken = generateAccessToken(userInfo)
+  const client = await Client.findOne({ clientId })
+  if (!client) throw new Error('Invalid clientId.')
+
+  const accessToken = generateAccessToken(
+    userInfo,
+    client.accessTokenExpiryDays
+  )
  const refreshToken = generateRefreshToken(userInfo)

  await saveTokensInDB(userInfo.userId, clientId, accessToken, refreshToken)
@@ -92,7 +99,13 @@ const token = async (data: any): Promise<TokenResponse> => {
 }

 const refresh = async (userInfo: InfoJWT): Promise<TokenResponse> => {
-  const accessToken = generateAccessToken(userInfo)
+  const client = await Client.findOne({ clientId: userInfo.clientId })
+  if (!client) throw new Error('Invalid clientId.')
+
+  const accessToken = generateAccessToken(
+    userInfo,
+    client.accessTokenExpiryDays
+  )
  const refreshToken = generateRefreshToken(userInfo)

  await saveTokensInDB(
--- a/api/src/controllers/client.ts
+++ b/api/src/controllers/client.ts
@@ -7,12 +7,13 @@ import Client, { ClientPayload } from '../model/Client'
@Tags('Client')
 export class ClientController {
  /**
-   * @summary Create client with the following attributes: ClientId, ClientSecret. Admin only task.
+   * @summary Create client with the following attributes: ClientId, ClientSecret, accessTokenExpires (optional) . Admin only task.
   *
   */
  @Example<ClientPayload>({
    clientId: 'someFormattedClientID1234',
-    clientSecret: 'someRandomCryptoString'
+    clientSecret: 'someRandomCryptoString',
+    accessTokenExpiryDays: 1
  })
  @Post('/')
  public async createClient(
@@ -22,8 +23,8 @@ export class ClientController {
  }
 }

-const createClient = async (data: any): Promise<ClientPayload> => {
-  const { clientId, clientSecret } = data
+const createClient = async (data: ClientPayload): Promise<ClientPayload> => {
+  const { clientId, clientSecret, accessTokenExpiryDays } = data

  // Checking if client is already in the database
  const clientExist = await Client.findOne({ clientId })
@@ -32,13 +33,15 @@ const createClient = async (data: any): Promise<ClientPayload> => {
  // Create a new client
  const client = new Client({
    clientId,
-    clientSecret
+    clientSecret,
+    accessTokenExpiryDays
  })

  const savedClient = await client.save()

  return {
    clientId: savedClient.clientId,
-    clientSecret: savedClient.clientSecret
+    clientSecret: savedClient.clientSecret,
+    accessTokenExpiryDays: savedClient.accessTokenExpiryDays
  }
 }