From 7616c0958be295ec16925da2a1d26a2989b1277c Mon Sep 17 00:00:00 2001 From: divinedab Date: Sun, 25 Aug 2024 01:44:21 -0500 Subject: [PATCH 1/4] adding PB expiration time --- src/config.ts | 1 + src/services/auth/auth-router.ts | 7 ++++++- src/services/auth/auth-utils.ts | 4 ++++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/config.ts b/src/config.ts index 3291de7..eb9bf68 100644 --- a/src/config.ts +++ b/src/config.ts @@ -70,6 +70,7 @@ export const Config = { JWT_SIGNING_SECRET: getEnv("JWT_SIGNING_SECRET"), JWT_EXPIRATION_TIME: "1 day", + PB_JWT_EXPIRATION_TIME: "1 week", S3_ACCESS_KEY: getEnv("S3_ACCESS_KEY"), S3_SECRET_KEY: getEnv("S3_SECRET_KEY"), diff --git a/src/services/auth/auth-router.ts b/src/services/auth/auth-router.ts index 09e06ce..68d9820 100644 --- a/src/services/auth/auth-router.ts +++ b/src/services/auth/auth-router.ts @@ -11,6 +11,7 @@ import { Role } from "../auth/auth-models"; import { AuthRoleChangeRequest } from "./auth-schema"; import { z } from "zod"; import authSponsorRouter from "./sponsor/sponsor-router"; +import { isPuzzleBang } from "../auth/auth-utils"; const authStrategies: Record = {}; @@ -117,6 +118,10 @@ authRouter.get( } const userData = req.user as Profile; const userId = `user${userData.id}`; + + // Check if user has PuzzleBang role + const payload = res.locals.payload; + const isPB = isPuzzleBang(payload); // Generate the JWT, and redirect to JWT initialization try { @@ -126,7 +131,7 @@ authRouter.get( const token = jsonwebtoken.sign( jwtPayload, Config.JWT_SIGNING_SECRET, - { expiresIn: Config.JWT_EXPIRATION_TIME } + { expiresIn: isPB ? Config.PB_JWT_EXPIRATION_TIME : Config.JWT_EXPIRATION_TIME } ); const redirectUri = DeviceRedirects[req.params.DEVICE] + `?token=${token}`; diff --git a/src/services/auth/auth-utils.ts b/src/services/auth/auth-utils.ts index ecaa9ce..0c5542b 100644 --- a/src/services/auth/auth-utils.ts +++ b/src/services/auth/auth-utils.ts @@ -61,3 +61,7 @@ export function isStaff(payload?: JwtPayloadType) { export function isAdmin(payload?: JwtPayloadType) { return payload?.roles.includes(Role.Enum.ADMIN); } + +export function isPuzzleBang(payload?: JwtPayloadType) { + return payload?.roles.includes(Role.Enum.PUZZLEBANG); +} From c7de3ce3d428474cc7adc5f0747ba4de3f04caeb Mon Sep 17 00:00:00 2001 From: divinedab Date: Sun, 25 Aug 2024 01:46:25 -0500 Subject: [PATCH 2/4] fixed payload issue --- src/services/auth/auth-router.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/services/auth/auth-router.ts b/src/services/auth/auth-router.ts index 68d9820..1d7a85d 100644 --- a/src/services/auth/auth-router.ts +++ b/src/services/auth/auth-router.ts @@ -118,16 +118,16 @@ authRouter.get( } const userData = req.user as Profile; const userId = `user${userData.id}`; - - // Check if user has PuzzleBang role - const payload = res.locals.payload; - const isPB = isPuzzleBang(payload); // Generate the JWT, and redirect to JWT initialization try { const jwtPayload = ( await getJwtPayloadFromDatabase(userId) ).toObject(); + + // Check if user has PuzzleBang role + const isPB = isPuzzleBang(jwtPayload); + const token = jsonwebtoken.sign( jwtPayload, Config.JWT_SIGNING_SECRET, From b86ee70b04f142ac12b821c7ef686d4bbcdd485c Mon Sep 17 00:00:00 2001 From: divinedab Date: Sun, 25 Aug 2024 01:51:08 -0500 Subject: [PATCH 3/4] fixed jwt payload type --- src/services/auth/auth-router.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/services/auth/auth-router.ts b/src/services/auth/auth-router.ts index 1d7a85d..7544a24 100644 --- a/src/services/auth/auth-router.ts +++ b/src/services/auth/auth-router.ts @@ -7,7 +7,7 @@ import { createGoogleStrategy, getJwtPayloadFromDatabase } from "./auth-utils"; import jsonwebtoken from "jsonwebtoken"; import { Database } from "../../database"; import RoleChecker from "../../middleware/role-checker"; -import { Role } from "../auth/auth-models"; +import { Role, JwtPayloadType } from "../auth/auth-models"; import { AuthRoleChangeRequest } from "./auth-schema"; import { z } from "zod"; import authSponsorRouter from "./sponsor/sponsor-router"; @@ -123,11 +123,11 @@ authRouter.get( try { const jwtPayload = ( await getJwtPayloadFromDatabase(userId) - ).toObject(); + ).toObject() as JwtPayloadType; // Check if user has PuzzleBang role const isPB = isPuzzleBang(jwtPayload); - + const token = jsonwebtoken.sign( jwtPayload, Config.JWT_SIGNING_SECRET, From 41c0b97db552452df93b03bd21a6dd6a029f75ce Mon Sep 17 00:00:00 2001 From: divinedab Date: Sun, 25 Aug 2024 01:52:11 -0500 Subject: [PATCH 4/4] fixed linter --- src/services/auth/auth-router.ts | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/services/auth/auth-router.ts b/src/services/auth/auth-router.ts index 7544a24..300c9bb 100644 --- a/src/services/auth/auth-router.ts +++ b/src/services/auth/auth-router.ts @@ -131,7 +131,11 @@ authRouter.get( const token = jsonwebtoken.sign( jwtPayload, Config.JWT_SIGNING_SECRET, - { expiresIn: isPB ? Config.PB_JWT_EXPIRATION_TIME : Config.JWT_EXPIRATION_TIME } + { + expiresIn: isPB + ? Config.PB_JWT_EXPIRATION_TIME + : Config.JWT_EXPIRATION_TIME, + } ); const redirectUri = DeviceRedirects[req.params.DEVICE] + `?token=${token}`;