Make JWT expiry configurable and require to set a JWT secret

2025-12-23 23:55:02 +01:00 · 2022-01-17 11:11:28 +01:00
parent bbd9a66302
commit 6478c6e0db
3 changed files with 13 additions and 10 deletions
--- a/controllers/auth.ctrl.go
+++ b/controllers/auth.ctrl.go
@@ -14,6 +14,7 @@ import (
 // AuthController : AuthController struct
 type AuthController struct {
 	JWTSecret []byte
+	JWTExpiry int
 }

 // Auth : Auth Controller
@@ -80,12 +81,12 @@ func (ctrl AuthController) Auth(c echo.Context) error {
 		})
 	}

-	accessToken, err := tokens.GenerateAccessToken(ctrl.JWTSecret, &user)
+	accessToken, err := tokens.GenerateAccessToken(ctrl.JWTSecret, ctrl.JWTExpiry, &user)
 	if err != nil {
 		return err
 	}

-	refreshToken, err := tokens.GenerateRefreshToken(ctrl.JWTSecret, &user)
+	refreshToken, err := tokens.GenerateRefreshToken(ctrl.JWTSecret, ctrl.JWTExpiry, &user)
 	if err != nil {
 		return err
 	}
--- a/lib/tokens/jwt.go
+++ b/lib/tokens/jwt.go
@@ -27,7 +27,8 @@ func Middleware(secret []byte) echo.MiddlewareFunc {
 	config.Claims = &jwtCustomClaims{}
 	config.ContextKey = "UserJwt"
 	config.SigningKey = secret
-	config.ErrorHandler = func(err error) error {
+	config.ErrorHandlerWithContext = func(err error, c echo.Context) error {
+		c.Logger().Error(err)
 		return echo.NewHTTPError(http.StatusBadRequest, echo.Map{
 			"error":   true,
 			"code":    1,
@@ -63,19 +64,19 @@ func UserMiddleware(db *bun.DB) echo.MiddlewareFunc {

 			ctx.User = &user

-			return next(c)
+			return next(ctx)
 		}
 	}
 }

 // GenerateAccessToken : Generate Access Token
-func GenerateAccessToken(secret []byte, u *models.User) (string, error) {
+func GenerateAccessToken(secret []byte, expiryInSeconds int, u *models.User) (string, error) {
 	claims := &jwtCustomClaims{
 		ID:        u.ID,
 		IsRefresh: false,
 		StandardClaims: jwt.StandardClaims{
 			// one week expiration
-			ExpiresAt: time.Now().Add(time.Hour * 24 * 7).Unix(),
+			ExpiresAt: time.Now().Add(time.Second * time.Duration(expiryInSeconds)).Unix(),
 		},
 	}

@@ -90,13 +91,13 @@ func GenerateAccessToken(secret []byte, u *models.User) (string, error) {
 }

 // GenerateRefreshToken : Generate Refresh Token
-func GenerateRefreshToken(secret []byte, u *models.User) (string, error) {
+func GenerateRefreshToken(secret []byte, expiryInSeconds int, u *models.User) (string, error) {
 	claims := &jwtCustomClaims{
 		ID:        u.ID,
 		IsRefresh: true,
 		StandardClaims: jwt.StandardClaims{
 			// one week expiration
-			ExpiresAt: time.Now().Add(time.Hour * 24 * 7).Unix(),
+			ExpiresAt: time.Now().Add(time.Second * time.Duration(expiryInSeconds)).Unix(),
 		},
 	}

--- a/main.go
+++ b/main.go
@@ -28,7 +28,8 @@ type Config struct {
 	DatabaseUri string `envconfig:"DATABASE_URI" required:"true"`
 	SentryDSN   string `envconfig:"SENTRY_DSN"`
 	LogFilePath string `envconfig:"LOG_FILE_PATH"`
-	JWTSecret   []byte `envconfig:"JWT_SECRET" default:"secret"`
+	JWTSecret   []byte `envconfig:"JWT_SECRET" required:"true"`
+	JWTExpiry   int    `envconfig:"JWT_Expiry" default:"604800"` // in seconds
 }

 func main() {
@@ -97,7 +98,7 @@ func main() {
 	e.Use(middleware.BodyLimit("250K"))
 	e.Use(middleware.RateLimiter(middleware.NewRateLimiterMemoryStore(20)))

-	e.POST("/auth", controllers.AuthController{JWTSecret: c.JWTSecret}.Auth)
+	e.POST("/auth", controllers.AuthController{JWTSecret: c.JWTSecret, JWTExpiry: c.JWTExpiry}.Auth)
 	e.POST("/create", controllers.CreateUserController{}.CreateUser)

 	secured := e.Group("", tokens.Middleware(c.JWTSecret), tokens.UserMiddleware(dbConn))