aykhans/slash-e
1
0
Fork 0
mirror of https://github.com/aykhans/slash-e.git synced 2025-04-21 22:28:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

chore: update auth duration

Browse Source
This commit is contained in:
Steven 2023-07-28 22:53:32 +08:00
parent 4e3ca8ceb4
commit d798b2c5fb
2 changed files with 5 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
api/v1/auth/auth.go
View File

@ -23,14 +23,11 @@ const (
apiTokenDuration = 2 * time.Hour
accessTokenDuration = 24 * time.Hour
refreshTokenDuration = 7 * 24 * time.Hour
// RefreshThresholdDuration is the threshold duration for refreshing token.
RefreshThresholdDuration = 1 * time.Hour
// CookieExpDuration expires slightly earlier than the jwt expiration. Client would be logged out if the user
// cookie expires, thus the client would always logout first before attempting to make a request with the expired jwt.
// Suppose we have a valid refresh token, we will refresh the token in 2 cases:
// 1. The access token is about to expire in <<refreshThresholdDuration>>
// 2. The access token has already expired, we refresh the token so that the ongoing request can pass through.
// Suppose we have a valid refresh token, we will refresh the token in the following cases:
// 1. The access token has already expired, we refresh the token so that the ongoing request can pass through.
CookieExpDuration = refreshTokenDuration - 1*time.Minute
// AccessTokenCookieName is the cookie name of access token.
AccessTokenCookieName = "slash.access-token"

7
api/v1/jwt.go
View File

@ -5,7 +5,6 @@ import (
"net/http"
"strconv"
"strings"
"time"
"github.com/boojack/slash/api/v1/auth"
"github.com/boojack/slash/internal/util"
@ -105,12 +104,12 @@ func JWTMiddleware(server *APIV1Service, next echo.HandlerFunc, secret string) e
return nil, errors.Errorf("unexpected access token kid=%v", t.Header["kid"])
})
generateToken := time.Until(claims.ExpiresAt.Time) < auth.RefreshThresholdDuration
generateToken := false
if err != nil {
var ve *jwt.ValidationError
if errors.As(err, &ve) {
// If expiration error is the only error, we will clear the err
// and generate new access token and refresh token
// If expiration error is the only error, we will ignore the err
// and generate new access token and refresh token.
if ve.Errors == jwt.ValidationErrorExpired {
generateToken = true
}