feat: make access token duration configurable when creating client/secret

2026-01-09 07:20:05 +00:00 · 2022-11-10 19:43:06 +05:00
parent 4c874c2c39
commit 2413c05fea
6 changed files with 44 additions and 13 deletions
--- a/api/src/controllers/auth.ts
+++ b/api/src/controllers/auth.ts
@@ -8,6 +8,7 @@ import {
  removeTokensInDB,
  saveTokensInDB
 } from '../utils'
+import Client from '../model/Client'

@Route('SASjsApi/auth')
@Tags('Auth')
@@ -83,7 +84,13 @@ const token = async (data: any): Promise<TokenResponse> => {
    }
  }

-  const accessToken = generateAccessToken(userInfo)
+  const client = await Client.findOne({ clientId })
+  if (!client) throw new Error('Invalid clientId.')
+
+  const accessToken = generateAccessToken(
+    userInfo,
+    client.accessTokenExpiryDays
+  )
  const refreshToken = generateRefreshToken(userInfo)

  await saveTokensInDB(userInfo.userId, clientId, accessToken, refreshToken)
@@ -92,7 +99,13 @@ const token = async (data: any): Promise<TokenResponse> => {
 }

 const refresh = async (userInfo: InfoJWT): Promise<TokenResponse> => {
-  const accessToken = generateAccessToken(userInfo)
+  const client = await Client.findOne({ clientId: userInfo.clientId })
+  if (!client) throw new Error('Invalid clientId.')
+
+  const accessToken = generateAccessToken(
+    userInfo,
+    client.accessTokenExpiryDays
+  )
  const refreshToken = generateRefreshToken(userInfo)

  await saveTokensInDB(