fix: access_token expire time in cookie and jwt

velog-io · winverse · Feb 14, 2024 · Feb 14, 2024 · Feb 14, 2024 · Feb 14, 2024
commit 49d53427ef222302cce7a1f076f6b18445d763b5
diff --git a/packages/velog-server/package.json b/packages/velog-server/package.json
@@ -60,7 +60,7 @@
     "graphql-scalars": "^1.22.2",
     "inquirer": "^9.2.12",
     "ioredis": "^5.3.2",
-    "jsonwebtoken": "^9.0.0",
+    "jsonwebtoken": "^9.0.2",
     "lru-cache": "^10.0.0",
     "marked": "^8.0.0",
     "mercurius": "^13.0.0",

diff --git a/packages/velog-server/src/common/plugins/global/authPlugin.ts b/packages/velog-server/src/common/plugins/global/authPlugin.ts
@@ -10,9 +10,11 @@ const authPlugin: FastifyPluginAsync = async (fastify) => {
   fastify.decorateRequest('user', null)
   fastify.addHook('preHandler', async (request, reply) => {
     if (request.url.includes('/auth/logout')) return
+
     let accessToken: string | undefined = request.cookies['access_token']
     const refreshToken: string | undefined = request.cookies['refresh_token']
     const authorization = request.headers['authorization']
+
     try {
       if (!accessToken && authorization) {
         accessToken = authorization.split('Bearer ')[1]

diff --git a/packages/velog-server/src/lib/jwt/JwtService.ts b/packages/velog-server/src/lib/jwt/JwtService.ts
@@ -63,7 +63,7 @@ export class JwtService {
       },
       {
         subject: 'access_token',
-        expiresIn: '1h',
+        expiresIn: '24h',
       },
     )
 
@@ -100,7 +100,7 @@ export class JwtService {
       },
       {
         subject: 'access_token',
-        expiresIn: '1h',
+        expiresIn: '24h',
       },
     )
 

diff --git a/packages/velog-server/src/routes/auth/v3/social/SocialController.ts b/packages/velog-server/src/routes/auth/v3/social/SocialController.ts
@@ -131,7 +131,7 @@ export class SocialController implements Controller {
       if (user) {
         const tokens = await this.jwt.generateUserToken(user.id)
         this.cookie.setCookie(reply, 'access_token', tokens.accessToken, {
-          maxAge: Time.ONE_HOUR_IN_MS,
+          maxAge: Time.ONE_HOUR_IN_MS * 24,
         })
         this.cookie.setCookie(reply, 'refresh_token', tokens.refreshToken, {
           maxAge: Time.ONE_DAY_IN_MS * 30,
@@ -255,7 +255,7 @@ export class SocialController implements Controller {
 
     const tokens = await this.jwt.generateUserToken(user.id)
     this.cookie.setCookie(reply, 'access_token', tokens.accessToken, {
-      maxAge: Time.ONE_HOUR_IN_MS,
+      maxAge: Time.ONE_HOUR_IN_MS * 24,
     })
     this.cookie.setCookie(reply, 'refresh_token', tokens.refreshToken, {
       maxAge: Time.ONE_DAY_IN_MS * 30,

diff --git a/packages/velog-server/src/services/UserService/index.ts b/packages/velog-server/src/services/UserService/index.ts
@@ -144,7 +144,7 @@ export class UserService implements Service {
     )
 
     this.cookie.setCookie(ctx.reply, 'access_token', tokens.accessToken, {
-      maxAge: Time.ONE_HOUR_IN_MS,
+      maxAge: Time.ONE_HOUR_IN_MS * 24,
     })
     this.cookie.setCookie(ctx.reply, 'refresh_token', tokens.refreshToken, {
       maxAge: Time.ONE_DAY_IN_MS * 30,