From ac5dc44236c96d98aa04001d079b3b679f57f50b Mon Sep 17 00:00:00 2001 From: Isaac Hatilima Date: Mon, 5 Jan 2026 13:04:37 +0100 Subject: [PATCH] Align auth cookie paths and refresh token expiry --- src/lib/auth-cookies.ts | 1 + src/lib/auth-token-generator.ts | 6 +++++- src/services/auth/LoginService.ts | 6 +++++- src/services/auth/RefreshTokenService.ts | 5 ++++- 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/src/lib/auth-cookies.ts b/src/lib/auth-cookies.ts index 8470b3c..5709a85 100644 --- a/src/lib/auth-cookies.ts +++ b/src/lib/auth-cookies.ts @@ -17,6 +17,7 @@ export function setAuthCookies(res: Response, tokens: { refresh: string; access: httpOnly: true, secure: isProduction, sameSite: isProduction ? "strict" : "lax", + path: "/", maxAge: accessMaxAge, }); } diff --git a/src/lib/auth-token-generator.ts b/src/lib/auth-token-generator.ts index 4f0c35b..ab444fb 100644 --- a/src/lib/auth-token-generator.ts +++ b/src/lib/auth-token-generator.ts @@ -1,14 +1,18 @@ import {generateAccessToken, generateRefreshToken} from "./jwt"; import {prisma} from "../config/db"; +import {env} from "../utils/environment-variables"; +import ms from "ms"; export async function generateAuthToken({id, email}: { id: number; email: string; }) { const access_token = generateAccessToken({id: id, email: email}); const refresh_token = generateRefreshToken({id: id}); + const refreshExpiryMs = ms(env.JWT_REFRESH_EXPIRES_IN as ms.StringValue); + await prisma.refreshToken.create({ data: { userId: id, token: refresh_token, - expiresAt: new Date(Date.now() + 7 * 24 * 3600 * 1000), + expiresAt: new Date(Date.now() + refreshExpiryMs), }, }); return { diff --git a/src/services/auth/LoginService.ts b/src/services/auth/LoginService.ts index 282aa64..b13d4d3 100644 --- a/src/services/auth/LoginService.ts +++ b/src/services/auth/LoginService.ts @@ -12,6 +12,8 @@ import { TwoFactorChallengeError } from "../../lib/errors"; import {LoginRequestDTO} from "../../dtos/command/LoginRequestDTO"; +import {env} from "../../utils/environment-variables"; +import ms from "ms"; export class LoginService { async login(dto: LoginRequestDTO) { @@ -55,12 +57,14 @@ export class LoginService { id: user.id, }); + const refreshExpiryMs = ms(env.JWT_REFRESH_EXPIRES_IN as ms.StringValue); + try { await prisma.refreshToken.create({ data: { userId: user.id, token: refresh_token, - expiresAt: new Date(Date.now() + 7 * 24 * 3600 * 1000), + expiresAt: new Date(Date.now() + refreshExpiryMs), }, }); } catch (error) { diff --git a/src/services/auth/RefreshTokenService.ts b/src/services/auth/RefreshTokenService.ts index 4333c09..dd39817 100644 --- a/src/services/auth/RefreshTokenService.ts +++ b/src/services/auth/RefreshTokenService.ts @@ -4,6 +4,7 @@ import {generateAccessToken, generateRefreshToken} from "../../lib/jwt"; import {env} from "../../utils/environment-variables"; import {AppError, InvalidRefreshTokenError} from "../../lib/errors"; import {redis} from "../../config/redis"; +import ms from "ms"; export class RefreshTokenService { async refresh(refreshToken: string) { @@ -46,6 +47,8 @@ export class RefreshTokenService { email: user.email, }); + const refreshExpiryMs = ms(env.JWT_REFRESH_EXPIRES_IN as ms.StringValue); + try { await prisma.$transaction([ prisma.refreshToken.update({ @@ -56,7 +59,7 @@ export class RefreshTokenService { data: { userId: stored.userId, token: newRefresh, - expiresAt: new Date(Date.now() + 7 * 24 * 3600 * 1000), + expiresAt: new Date(Date.now() + refreshExpiryMs), }, }), ]);