feat: add JWT expiry

introduced the jwt expiry for forced logout of users; defaulting to 1 hour, overridable by env. variable KONGA_JWT_TOKEN_EXPIRY Originally opened at pantsel#468
onematchfox · May 29, 2022 · e6d1d81 · e6d1d81
1 parent 623025f
commit e6d1d81
Show file tree

Hide file tree

Showing 6 changed files with 10 additions and 5 deletions.
diff --git a/.env_example b/.env_example
@@ -3,6 +3,7 @@ KONGA_BASE_URL=http://localhost:1337
 KONGA_LOG_LEVEL=debug
 KONGA_SEED_KONG_NODE_DATA_SOURCE_FILE=./examples/kong_node.data
 KONGA_SEED_USER_DATA_SOURCE_FILE=./examples/konga_user.data
+KONGA_JWT_TOKEN_EXPIRY=3600
 DB_ADAPTER=postgres
 DB_HOST=localhost
 DB_USER=kong

diff --git a/README.md b/README.md
@@ -105,6 +105,7 @@ These are the general environment variables Konga uses.
 | SSL_KEY_PATH                          | If you want to use SSL, this will be the absolute path to the .key file. Both `SSL_KEY_PATH` & `SSL_CRT_PATH` must be set. | -                                     | null                                         |
 | SSL_CRT_PATH                          | If you want to use SSL, this will be the absolute path to the .crt file. Both `SSL_KEY_PATH` & `SSL_CRT_PATH` must be set. | -                                     | null                                         |
 | KONGA_HOOK_TIMEOUT                    | The time in ms that Konga will wait for startup tasks to finish before exiting the process.                                | -                                     | 60000                                        |
+| KONGA_JWT_TOKEN_EXPIRY                | The time in seconds that a user's  session is active for.                                                                  | -                                     | 3600                                         |
 | DB_ADAPTER                            | The database that Konga will use. If not set, the localDisk db will be used.                                               | `postgres`                            | -                                            |
 | DB_HOST                               | If `DB_URI` is not specified, this is the database host. Depends on `DB_ADAPTER`.                                          | -                                     | localhost                                    |
 | DB_PORT                               | If `DB_URI` is not specified, this is the database port.  Depends on `DB_ADAPTER`.                                         | -                                     | DB default.                                  |

diff --git a/api/policies/authenticated.js b/api/policies/authenticated.js
@@ -36,10 +36,10 @@ module.exports = function authenticated(request, response, next) {
    */
   var verify = function verify(error, token) {
     if (!(_.isEmpty(error) && token !== -1)) {
-      return response.json(401, {message: 'Given authorization token is not valid', logout: true});
+      return response.json(401, {message: 'Authorization token is invalid. Error: ' + error.message, logout: true});
     } else {
       // Store user id to request object
-      request.token = token;
+      request.token = token.id.toString();
 
       // We delete the token from query and body to not mess with blueprints
       request.query && delete request.query.token;

diff --git a/api/services/Token.js b/api/services/Token.js
@@ -19,8 +19,9 @@ module.exports.issue = function issue(payload) {
     sails.log.verbose(__filename + ':' + __line + ' [Service.Token.issue() called]');
 
     return jwt.sign(
-        payload, // This is the payload we want to put inside the token
-        process.env.TOKEN_SECRET || "oursecret" // Secret string which will be used to sign the token
+        { id: payload }, // This is the payload we want to put inside the token
+        process.env.TOKEN_SECRET || "oursecret", // Secret string which will be used to sign the token
+        { expiresIn: parseInt(process.env.KONGA_JWT_TOKEN_EXPIRY || 60 * 60 )}
     );
 };
 

diff --git a/charts/konga/templates/configmap.yaml b/charts/konga/templates/configmap.yaml
@@ -14,6 +14,7 @@ data:
   SSL_KEY_PATH: {{ .Values.config.ssl_key_path }}
   SSL_CRT_PATH: {{ .Values.config.ssl_crt_path }}
   KONGA_HOOK_TIMEOUT: "{{ default 60000 .Values.config.konga_hook_timeout }}"
+  KONGA_JWT_TOKEN_EXPIRY: "{{ default 3600 .Values.config.konga_jwt_token_expiry }}"
   DB_ADAPTER: {{ default "postgres" .Values.config.db_adapter }}
   DB_URI: {{ .Values.config.db_uri }}
   DB_HOST: {{ default "localhost" .Values.config.db_host }}

diff --git a/charts/konga/values.yaml b/charts/konga/values.yaml
@@ -5,7 +5,7 @@
 replicaCount: 1
 
 image:
-  repository: pantsel/konga
+  repository: onematchfox/konga
   tag: latest
   pullPolicy: IfNotPresent
 
@@ -24,6 +24,7 @@ config: {}
 #   ssl_key_path:
 #   ssl_crt_path:
 #   konga_hook_timeout: 60000
+#   konga_jwt_token_expiry:
 #   db_adapter: postgres
 #   db_uri:
 #   db_host: localhost