feat: make refresh token duration configurable

api/public/swagger.yaml

@@ -62,6 +62,11 @@ components:
                     format: double
                     description: 'Number of days in which access token will expire'
                     example: 1
+                refreshTokenExpiryDays:
+                    type: number
+                    format: double
+                    description: 'Number of days in which access token will expire'
+                    example: 30
             required:
                 - clientId
                 - clientSecret
@@ -684,7 +689,7 @@ paths:
                                 $ref: '#/components/schemas/ClientPayload'
                             examples:
                                 'Example 1':
-                                    value: {clientId: someFormattedClientID1234, clientSecret: someRandomCryptoString, accessTokenExpiryDays: 1}
+                                    value: {clientId: someFormattedClientID1234, clientSecret: someRandomCryptoString, accessTokenExpiryDays: 1, refreshTokenExpiryDays: 30}
             summary: 'Create client with the following attributes: ClientId, ClientSecret, accessTokenExpires (optional) . Admin only task.'
             tags:
                 - Client

api/src/controllers/auth.ts

@@ -91,7 +91,10 @@ const token = async (data: any): Promise<TokenResponse> => {
     userInfo,
     client.accessTokenExpiryDays
   )
-  const refreshToken = generateRefreshToken(userInfo)
+  const refreshToken = generateRefreshToken(
+    userInfo,
+    client.refreshTokenExpiryDays
+  )
 
   await saveTokensInDB(userInfo.userId, clientId, accessToken, refreshToken)
 
@@ -106,7 +109,10 @@ const refresh = async (userInfo: InfoJWT): Promise<TokenResponse> => {
     userInfo,
     client.accessTokenExpiryDays
   )
-  const refreshToken = generateRefreshToken(userInfo)
+  const refreshToken = generateRefreshToken(
+    userInfo,
+    client.refreshTokenExpiryDays
+  )
 
   await saveTokensInDB(
     userInfo.userId,

api/src/controllers/client.ts

@@ -13,7 +13,8 @@ export class ClientController {
   @Example<ClientPayload>({
     clientId: 'someFormattedClientID1234',
     clientSecret: 'someRandomCryptoString',
-    accessTokenExpiryDays: 1
+    accessTokenExpiryDays: 1,
+    refreshTokenExpiryDays: 30
   })
   @Post('/')
   public async createClient(
@@ -24,7 +25,12 @@ export class ClientController {
 }
 
 const createClient = async (data: ClientPayload): Promise<ClientPayload> => {
-  const { clientId, clientSecret, accessTokenExpiryDays } = data
+  const {
+    clientId,
+    clientSecret,
+    accessTokenExpiryDays,
+    refreshTokenExpiryDays
+  } = data
 
   // Checking if client is already in the database
   const clientExist = await Client.findOne({ clientId })
@@ -42,6 +48,7 @@ const createClient = async (data: ClientPayload): Promise<ClientPayload> => {
   return {
     clientId: savedClient.clientId,
     clientSecret: savedClient.clientSecret,
-    accessTokenExpiryDays: savedClient.accessTokenExpiryDays
+    accessTokenExpiryDays: savedClient.accessTokenExpiryDays,
+    refreshTokenExpiryDays: savedClient.refreshTokenExpiryDays
   }
 }

api/src/model/Client.ts

@@ -16,6 +16,11 @@ export interface ClientPayload {
    * @example 1
    */
   accessTokenExpiryDays?: number
+  /**
+   * Number of days in which access token will expire
+   * @example 30
+   */
+  refreshTokenExpiryDays?: number
 }
 
 const ClientSchema = new Schema<ClientPayload>({
@@ -30,6 +35,10 @@ const ClientSchema = new Schema<ClientPayload>({
   accessTokenExpiryDays: {
     type: Number,
     default: 1
+  },
+  refreshTokenExpiryDays: {
+    type: Number,
+    default: 30
   }
 })
 

api/src/utils/generateRefreshToken.ts

@@ -1,7 +1,7 @@
 import jwt from 'jsonwebtoken'
 import { InfoJWT } from '../types'
 
-export const generateRefreshToken = (data: InfoJWT) =>
+export const generateRefreshToken = (data: InfoJWT, expiry?: number) =>
   jwt.sign(data, process.secrets.REFRESH_TOKEN_SECRET, {
-    expiresIn: '30 days'
+    expiresIn: expiry ? `${expiry}d` : '30d'
   })

api/src/utils/validation.ts

@@ -89,7 +89,8 @@ export const registerClientValidation = (data: any): Joi.ValidationResult =>
   Joi.object({
     clientId: Joi.string().required(),
     clientSecret: Joi.string().required(),
-    accessTokenExpiryDays: Joi.number()
+    accessTokenExpiryDays: Joi.number(),
+    refreshTokenExpiryDays: Joi.number()
   }).validate(data)
 
 export const registerPermissionValidation = (data: any): Joi.ValidationResult =>