feat: make refresh token duration configurable

2025-12-10 11:24:35 +00:00 · 2022-11-10 21:02:20 +05:00
parent 2413c05fea
commit abd5c64b4a
6 changed files with 37 additions and 9 deletions
--- a/api/public/swagger.yaml
+++ b/api/public/swagger.yaml
@@ -62,6 +62,11 @@ components:
                    format: double
                    description: 'Number of days in which access token will expire'
                    example: 1
+                refreshTokenExpiryDays:
+                    type: number
+                    format: double
+                    description: 'Number of days in which access token will expire'
+                    example: 30
            required:
                - clientId
                - clientSecret
@@ -684,7 +689,7 @@ paths:
                                $ref: '#/components/schemas/ClientPayload'
                            examples:
                                'Example 1':
-                                    value: {clientId: someFormattedClientID1234, clientSecret: someRandomCryptoString, accessTokenExpiryDays: 1}
+                                    value: {clientId: someFormattedClientID1234, clientSecret: someRandomCryptoString, accessTokenExpiryDays: 1, refreshTokenExpiryDays: 30}
            summary: 'Create client with the following attributes: ClientId, ClientSecret, accessTokenExpires (optional) . Admin only task.'
            tags:
                - Client
--- a/api/src/controllers/auth.ts
+++ b/api/src/controllers/auth.ts
@@ -91,7 +91,10 @@ const token = async (data: any): Promise<TokenResponse> => {
    userInfo,
    client.accessTokenExpiryDays
  )
-  const refreshToken = generateRefreshToken(userInfo)
+  const refreshToken = generateRefreshToken(
+    userInfo,
+    client.refreshTokenExpiryDays
+  )

  await saveTokensInDB(userInfo.userId, clientId, accessToken, refreshToken)

@@ -106,7 +109,10 @@ const refresh = async (userInfo: InfoJWT): Promise<TokenResponse> => {
    userInfo,
    client.accessTokenExpiryDays
  )
-  const refreshToken = generateRefreshToken(userInfo)
+  const refreshToken = generateRefreshToken(
+    userInfo,
+    client.refreshTokenExpiryDays
+  )

  await saveTokensInDB(
    userInfo.userId,
--- a/api/src/controllers/client.ts
+++ b/api/src/controllers/client.ts
@@ -13,7 +13,8 @@ export class ClientController {
  @Example<ClientPayload>({
    clientId: 'someFormattedClientID1234',
    clientSecret: 'someRandomCryptoString',
-    accessTokenExpiryDays: 1
+    accessTokenExpiryDays: 1,
+    refreshTokenExpiryDays: 30
  })
  @Post('/')
  public async createClient(
@@ -24,7 +25,12 @@ export class ClientController {
 }

 const createClient = async (data: ClientPayload): Promise<ClientPayload> => {
-  const { clientId, clientSecret, accessTokenExpiryDays } = data
+  const {
+    clientId,
+    clientSecret,
+    accessTokenExpiryDays,
+    refreshTokenExpiryDays
+  } = data

  // Checking if client is already in the database
  const clientExist = await Client.findOne({ clientId })
@@ -42,6 +48,7 @@ const createClient = async (data: ClientPayload): Promise<ClientPayload> => {
  return {
    clientId: savedClient.clientId,
    clientSecret: savedClient.clientSecret,
-    accessTokenExpiryDays: savedClient.accessTokenExpiryDays
+    accessTokenExpiryDays: savedClient.accessTokenExpiryDays,
+    refreshTokenExpiryDays: savedClient.refreshTokenExpiryDays
  }
 }
--- a/api/src/model/Client.ts
+++ b/api/src/model/Client.ts
@@ -16,6 +16,11 @@ export interface ClientPayload {
   * @example 1
   */
  accessTokenExpiryDays?: number
+  /**
+   * Number of days in which access token will expire
+   * @example 30
+   */
+  refreshTokenExpiryDays?: number
 }

 const ClientSchema = new Schema<ClientPayload>({
@@ -30,6 +35,10 @@ const ClientSchema = new Schema<ClientPayload>({
  accessTokenExpiryDays: {
    type: Number,
    default: 1
+  },
+  refreshTokenExpiryDays: {
+    type: Number,
+    default: 30
  }
 })

--- a/api/src/utils/generateRefreshToken.ts
+++ b/api/src/utils/generateRefreshToken.ts
@@ -1,7 +1,7 @@
 import jwt from 'jsonwebtoken'
 import { InfoJWT } from '../types'

-export const generateRefreshToken = (data: InfoJWT) =>
+export const generateRefreshToken = (data: InfoJWT, expiry?: number) =>
  jwt.sign(data, process.secrets.REFRESH_TOKEN_SECRET, {
-    expiresIn: '30 days'
+    expiresIn: expiry ? `${expiry}d` : '30d'
  })
--- a/api/src/utils/validation.ts
+++ b/api/src/utils/validation.ts
@@ -89,7 +89,8 @@ export const registerClientValidation = (data: any): Joi.ValidationResult =>
  Joi.object({
    clientId: Joi.string().required(),
    clientSecret: Joi.string().required(),
-    accessTokenExpiryDays: Joi.number()
+    accessTokenExpiryDays: Joi.number(),
+    refreshTokenExpiryDays: Joi.number()
  }).validate(data)

 export const registerPermissionValidation = (data: any): Joi.ValidationResult =>