diff --git a/client/components/Auth/AuthLoader.tsx b/client/components/Auth/AuthLoader.tsx index 0f78ccf..b8fc868 100644 --- a/client/components/Auth/AuthLoader.tsx +++ b/client/components/Auth/AuthLoader.tsx @@ -1,4 +1,4 @@ -import { fetchAuthSession, signOut } from 'aws-amplify/auth'; +import { fetchAuthSession, getCurrentUser, signOut } from 'aws-amplify/auth'; import { Hub } from 'aws-amplify/utils'; import { isAxiosError } from 'axios'; import { useAlert } from 'components/Alert/useAlert'; @@ -25,14 +25,10 @@ export const AuthLoader = () => { }, [catchApiErr, setUser]); useEffect(() => { - const controller = new AbortController(); - apiClient.private.me - .$get({ config: { signal: controller.signal } }) - .then(setUser) - .catch((e) => (isAxiosError(e) && e.response?.status === 401 ? setUser(null) : null)); - - return () => controller.abort(); - }, [setUser]); + getCurrentUser() + .then(updateCookie) + .catch(() => setUser(null)); + }, [setUser, updateCookie]); useEffect(() => { const useId = apiAxios.interceptors.response.use(undefined, async (err) => { @@ -61,12 +57,13 @@ export const AuthLoader = () => { break; case 'signInWithRedirect_failure': break; + case 'tokenRefresh': + break; case 'signedOut': await apiClient.public.session.$delete().catch(catchApiErr); setUser(null); break; case 'signedIn': - case 'tokenRefresh': await updateCookie().catch(catchApiErr); break; case 'tokenRefresh_failure': diff --git a/server/api/private/hooks.ts b/server/api/private/hooks.ts index bf196ee..6854836 100644 --- a/server/api/private/hooks.ts +++ b/server/api/private/hooks.ts @@ -15,7 +15,7 @@ export default defineHooks(() => ({ try { await req.jwtVerify({ onlyCookie: true }); } catch (e) { - res.status(401).send(); + res.status(401).send((e as Error).message); return; } diff --git a/server/api/public/session/controller.ts b/server/api/public/session/controller.ts index 3c73380..e234380 100644 --- a/server/api/public/session/controller.ts +++ b/server/api/public/session/controller.ts @@ -16,18 +16,21 @@ const options: CookieSerializeOptions = { sameSite: 'none', }; -export default defineController(() => ({ +export default defineController((fastify) => ({ post: { validators: { body: z.object({ jwt: z.string() }) }, hooks: { preHandler: (req, reply, done) => { assert(req.body); - const expiresIn = 60 * 60 * 24 * 5 * 1000; + const decoded = z + .object({ payload: z.object({ exp: z.number() }).passthrough() }) + .passthrough() + .parse(fastify.jwt.decode(req.body.jwt)); reply.setCookie(COOKIE_NAME, req.body.jwt, { ...options, - expires: new Date(Date.now() + expiresIn), + expires: new Date(decoded.payload.exp * 1000), }); done(); diff --git a/server/domain/user/service/genTokens.ts b/server/domain/user/service/genTokens.ts index 318260d..b7d66a8 100644 --- a/server/domain/user/service/genTokens.ts +++ b/server/domain/user/service/genTokens.ts @@ -2,6 +2,7 @@ import type { Jwks } from 'api/@types/auth'; import type { EntityId } from 'api/@types/brandedId'; import type { UserEntity } from 'api/@types/user'; import { createSigner } from 'fast-jwt'; +import { EXPIRES_SEC } from 'service/constants'; import { PORT } from 'service/envValues'; import type { AccessTokenJwt, IdTokenJwt } from 'service/types'; import { ulid } from 'ulid'; @@ -17,14 +18,14 @@ export const genTokens = (params: { aud: params.userPoolClientId, header: { kid: params.jwks.keys[0].kid, alg: params.jwks.keys[0].alg }, }); - const now = Date.now(); + const now = Math.floor(Date.now() / 1000); const comomn = { sub: params.user.id, iss: `http://localhost:${PORT}/${params.user.userPoolId}`, origin_jti: ulid(), event_id: ulid(), auth_time: now, - exp: now + 3600 * 1000, + exp: now + EXPIRES_SEC, iat: now, jti: ulid(), }; diff --git a/server/domain/user/useCase/authUseCase.ts b/server/domain/user/useCase/authUseCase.ts index f837360..64e2727 100644 --- a/server/domain/user/useCase/authUseCase.ts +++ b/server/domain/user/useCase/authUseCase.ts @@ -17,6 +17,7 @@ import { genTokens } from 'domain/user/service/genTokens'; import { userPoolQuery } from 'domain/userPool/repository/userPoolQuery'; import { jwtDecode } from 'jwt-decode'; import { cognitoAssert } from 'service/cognitoAssert'; +import { EXPIRES_SEC } from 'service/constants'; import { transaction } from 'service/prismaClient'; import type { AccessTokenJwt } from 'service/types'; import { genCodeDeliveryDetails } from '../service/genCodeDeliveryDetails'; @@ -91,7 +92,7 @@ export const authUseCase = { jwks, user, }), - ExpiresIn: 3600, + ExpiresIn: EXPIRES_SEC, TokenType: 'Bearer', }, ChallengeParameters: {}, diff --git a/server/service/constants.ts b/server/service/constants.ts index 8d592b0..5241374 100644 --- a/server/service/constants.ts +++ b/server/service/constants.ts @@ -1,2 +1,5 @@ export const COOKIE_NAME = 'session'; + export const JWT_PROP_NAME = 'idToken'; + +export const EXPIRES_SEC = 3600; diff --git a/server/tests/api/public.test.ts b/server/tests/api/public.test.ts index 5cf01da..33c8fcd 100644 --- a/server/tests/api/public.test.ts +++ b/server/tests/api/public.test.ts @@ -1,4 +1,5 @@ -import { COOKIE_NAME } from 'service/constants'; +import { createSigner } from 'fast-jwt'; +import { COOKIE_NAME, EXPIRES_SEC } from 'service/constants'; import { DEFAULT_USER_POOL_CLIENT_ID, DEFAULT_USER_POOL_ID } from 'service/envValues'; import { expect, test } from 'vitest'; import { noCookieClient } from './apiClient'; @@ -38,7 +39,7 @@ test(GET(noCookieClient.public.defaults), async () => { }); test(POST(noCookieClient.public.session), async () => { - const jwt = 'dummy-jwt'; + const jwt = createSigner({ key: 'dummy' })({ exp: Math.floor(Date.now() / 1000) + EXPIRES_SEC }); const res = await noCookieClient.public.session.post({ body: { jwt } }); expect(res.headers['set-cookie'][0].startsWith(`${COOKIE_NAME}=${jwt};`)).toBeTruthy();