fix: set expires time in sec

client/components/Auth/AuthLoader.tsx

@@ -1,4 +1,4 @@
-import { fetchAuthSession, signOut } from 'aws-amplify/auth';
+import { fetchAuthSession, getCurrentUser, signOut } from 'aws-amplify/auth';
 import { Hub } from 'aws-amplify/utils';
 import { isAxiosError } from 'axios';
 import { useAlert } from 'components/Alert/useAlert';
@@ -25,14 +25,10 @@ export const AuthLoader = () => {
   }, [catchApiErr, setUser]);
 
   useEffect(() => {
-    const controller = new AbortController();
-    apiClient.private.me
-      .$get({ config: { signal: controller.signal } })
-      .then(setUser)
-      .catch((e) => (isAxiosError(e) && e.response?.status === 401 ? setUser(null) : null));
-
-    return () => controller.abort();
-  }, [setUser]);
+    getCurrentUser()
+      .then(updateCookie)
+      .catch(() => setUser(null));
+  }, [setUser, updateCookie]);
 
   useEffect(() => {
     const useId = apiAxios.interceptors.response.use(undefined, async (err) => {
@@ -61,12 +57,13 @@ export const AuthLoader = () => {
             break;
           case 'signInWithRedirect_failure':
             break;
+          case 'tokenRefresh':
+            break;
           case 'signedOut':
             await apiClient.public.session.$delete().catch(catchApiErr);
             setUser(null);
             break;
           case 'signedIn':
-          case 'tokenRefresh':
             await updateCookie().catch(catchApiErr);
             break;
           case 'tokenRefresh_failure':

server/api/private/hooks.ts

@@ -15,7 +15,7 @@ export default defineHooks(() => ({
     try {
       await req.jwtVerify({ onlyCookie: true });
     } catch (e) {
-      res.status(401).send();
+      res.status(401).send((e as Error).message);
       return;
     }
 

server/api/public/session/controller.ts

@@ -16,18 +16,21 @@ const options: CookieSerializeOptions = {
   sameSite: 'none',
 };
 
-export default defineController(() => ({
+export default defineController((fastify) => ({
   post: {
     validators: { body: z.object({ jwt: z.string() }) },
     hooks: {
       preHandler: (req, reply, done) => {
         assert(req.body);
 
-        const expiresIn = 60 * 60 * 24 * 5 * 1000;
+        const decoded = z
+          .object({ payload: z.object({ exp: z.number() }).passthrough() })
+          .passthrough()
+          .parse(fastify.jwt.decode(req.body.jwt));
 
         reply.setCookie(COOKIE_NAME, req.body.jwt, {
           ...options,
-          expires: new Date(Date.now() + expiresIn),
+          expires: new Date(decoded.payload.exp * 1000),
         });
 
         done();

server/domain/user/service/genTokens.ts

@@ -2,6 +2,7 @@ import type { Jwks } from 'api/@types/auth';
 import type { EntityId } from 'api/@types/brandedId';
 import type { UserEntity } from 'api/@types/user';
 import { createSigner } from 'fast-jwt';
+import { EXPIRES_SEC } from 'service/constants';
 import { PORT } from 'service/envValues';
 import type { AccessTokenJwt, IdTokenJwt } from 'service/types';
 import { ulid } from 'ulid';
@@ -17,14 +18,14 @@ export const genTokens = (params: {
     aud: params.userPoolClientId,
     header: { kid: params.jwks.keys[0].kid, alg: params.jwks.keys[0].alg },
   });
-  const now = Date.now();
+  const now = Math.floor(Date.now() / 1000);
   const comomn = {
     sub: params.user.id,
     iss: `http://localhost:${PORT}/${params.user.userPoolId}`,
     origin_jti: ulid(),
     event_id: ulid(),
     auth_time: now,
-    exp: now + 3600 * 1000,
+    exp: now + EXPIRES_SEC,
     iat: now,
     jti: ulid(),
   };

server/domain/user/useCase/authUseCase.ts

@@ -17,6 +17,7 @@ import { genTokens } from 'domain/user/service/genTokens';
 import { userPoolQuery } from 'domain/userPool/repository/userPoolQuery';
 import { jwtDecode } from 'jwt-decode';
 import { cognitoAssert } from 'service/cognitoAssert';
+import { EXPIRES_SEC } from 'service/constants';
 import { transaction } from 'service/prismaClient';
 import type { AccessTokenJwt } from 'service/types';
 import { genCodeDeliveryDetails } from '../service/genCodeDeliveryDetails';
@@ -91,7 +92,7 @@ export const authUseCase = {
             jwks,
             user,
           }),
-          ExpiresIn: 3600,
+          ExpiresIn: EXPIRES_SEC,
           TokenType: 'Bearer',
         },
         ChallengeParameters: {},

server/service/constants.ts

@@ -1,2 +1,5 @@
 export const COOKIE_NAME = 'session';
+
 export const JWT_PROP_NAME = 'idToken';
+
+export const EXPIRES_SEC = 3600;

server/tests/api/public.test.ts

@@ -1,4 +1,5 @@
-import { COOKIE_NAME } from 'service/constants';
+import { createSigner } from 'fast-jwt';
+import { COOKIE_NAME, EXPIRES_SEC } from 'service/constants';
 import { DEFAULT_USER_POOL_CLIENT_ID, DEFAULT_USER_POOL_ID } from 'service/envValues';
 import { expect, test } from 'vitest';
 import { noCookieClient } from './apiClient';
@@ -38,7 +39,7 @@ test(GET(noCookieClient.public.defaults), async () => {
 });
 
 test(POST(noCookieClient.public.session), async () => {
-  const jwt = 'dummy-jwt';
+  const jwt = createSigner({ key: 'dummy' })({ exp: Math.floor(Date.now() / 1000) + EXPIRES_SEC });
   const res = await noCookieClient.public.session.post({ body: { jwt } });
 
   expect(res.headers['set-cookie'][0].startsWith(`${COOKIE_NAME}=${jwt};`)).toBeTruthy();