From c955db2a08080291fd5ceb8ed24227fbc3fe843d Mon Sep 17 00:00:00 2001
From: Rahul Goel <rgoel@expedia.com>
Date: Fri, 19 Jul 2019 14:50:04 +0530
Subject: [PATCH] https://github.com/pantsel/konga/issues/412 introduced the
 jwt expiry for forced logout of users; defaulting to 1 hour, overridable by
 env. variable KONGA_JWT_TOKEN_EXPIRY

---
 api/policies/authenticated.js | 2 +-
 api/services/Token.js         | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/api/policies/authenticated.js b/api/policies/authenticated.js
index 2c21e0465..101635750 100644
--- a/api/policies/authenticated.js
+++ b/api/policies/authenticated.js
@@ -28,7 +28,7 @@ module.exports = function authenticated(request, response, next) {
       return response.json(401, {message: 'Given authorization token is not valid', logout: true});
     } else {
       // Store user id to request object
-      request.token = token;
+      request.token = token.id.toString();
 
       // We delete the token from query and body to not mess with blueprints
       request.query && delete request.query.token;
diff --git a/api/services/Token.js b/api/services/Token.js
index 77dfbba96..056cc461b 100644
--- a/api/services/Token.js
+++ b/api/services/Token.js
@@ -20,7 +20,8 @@ module.exports.issue = function issue(payload) {
 
     return jwt.sign(
         payload, // This is the payload we want to put inside the token
-        process.env.TOKEN_SECRET || "oursecret" // Secret string which will be used to sign the token
+        process.env.TOKEN_SECRET || "oursecret", // Secret string which will be used to sign the token
+        { expiresIn: parseInt(process.env.KONGA_JWT_TOKEN_EXPIRY || 60 * 60 )}
     );
 };