Merge pull request #4 from leobeckp/468-jwt-expiration

PR 468 (pantsel#468)
leobeckp · Jan 8, 2022 · f219359 · f219359
2 parents 0d4be7f + e219ff8
commit f219359
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/api/policies/authenticated.js b/api/policies/authenticated.js
@@ -39,7 +39,7 @@ module.exports = function authenticated(request, response, next) {
       return response.json(401, {message: 'Given authorization token is not valid', logout: true});
     } else {
       // Store user id to request object
-      request.token = token;
+      request.token = token.id.toString();
 
       // We delete the token from query and body to not mess with blueprints
       request.query && delete request.query.token;

diff --git a/api/services/Token.js b/api/services/Token.js
@@ -20,7 +20,8 @@ module.exports.issue = function issue(payload) {
 
     return jwt.sign(
         payload, // This is the payload we want to put inside the token
-        process.env.TOKEN_SECRET || "oursecret" // Secret string which will be used to sign the token
+        process.env.TOKEN_SECRET || "oursecret", // Secret string which will be used to sign the token
+        { expiresIn: parseInt(process.env.KONGA_JWT_TOKEN_EXPIRY || 60 * 60 )}
     );
 };