diff --git a/config.yml.sample b/config.yml.sample index 3f02e61c..b36fa23b 100644 --- a/config.yml.sample +++ b/config.yml.sample @@ -3,6 +3,9 @@ service: # Default is a random token which will be generated at each startup of vikunja. # (This means all already issued tokens will be invalid once you restart vikunja) JWTSecret: "" + # The duration of the issed JWT tokens in seconds. + # The default is 259200 seconds (3 Days). + jwtttl: 259200 # The interface on which to run the webserver interface: ":3456" # Path to Unix socket. If set, it will be created and used instead of tcp diff --git a/docs/content/doc/setup/config.md b/docs/content/doc/setup/config.md index 8a0110c6..f5ad3f81 100644 --- a/docs/content/doc/setup/config.md +++ b/docs/content/doc/setup/config.md @@ -79,6 +79,18 @@ Full path: `service.JWTSecret` Environment path: `VIKUNJA_SERVICE_JWT_SECRET` +### jwtttl + +The duration of the issed JWT tokens in seconds. +The default is 259200 seconds (3 Days). + +Default: `259200` + +Full path: `service.jwtttl` + +Environment path: `VIKUNJA_SERVICE_JWTTTL` + + ### interface The interface on which to run the webserver diff --git a/pkg/config/config.go b/pkg/config/config.go index abcff4fb..d0ec87c8 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -37,6 +37,7 @@ type Key string const ( // #nosec ServiceJWTSecret Key = `service.JWTSecret` + ServiceJWTTTL Key = `service.jwtttl` ServiceInterface Key = `service.interface` ServiceUnixSocket Key = `service.unixsocket` ServiceUnixSocketMode Key = `service.unixsocketmode` @@ -226,6 +227,7 @@ func InitDefaultConfig() { // Service ServiceJWTSecret.setDefault(random) + ServiceJWTTTL.setDefault(259200) ServiceInterface.setDefault(":3456") ServiceUnixSocket.setDefault("") ServiceFrontendurl.setDefault("") diff --git a/pkg/modules/auth/auth.go b/pkg/modules/auth/auth.go index 3a7e7771..486f598c 100644 --- a/pkg/modules/auth/auth.go +++ b/pkg/modules/auth/auth.go @@ -54,13 +54,16 @@ func NewUserAuthTokenResponse(u *user.User, c echo.Context) error { func NewUserJWTAuthtoken(user *user.User) (token string, err error) { t := jwt.New(jwt.SigningMethodHS256) + var ttl = time.Duration(config.ServiceJWTTTL.GetInt64()) + var exp = time.Now().Add(time.Second * ttl).Unix() + // Set claims claims := t.Claims.(jwt.MapClaims) claims["type"] = AuthTypeUser claims["id"] = user.ID claims["username"] = user.Username claims["email"] = user.Email - claims["exp"] = time.Now().Add(time.Hour * 72).Unix() + claims["exp"] = exp claims["name"] = user.Name claims["emailRemindersEnabled"] = user.EmailRemindersEnabled @@ -72,6 +75,9 @@ func NewUserJWTAuthtoken(user *user.User) (token string, err error) { func NewLinkShareJWTAuthtoken(share *models.LinkSharing) (token string, err error) { t := jwt.New(jwt.SigningMethodHS256) + var ttl = time.Duration(config.ServiceJWTTTL.GetInt64()) + var exp = time.Now().Add(time.Second * ttl).Unix() + // Set claims claims := t.Claims.(jwt.MapClaims) claims["type"] = AuthTypeLinkShare @@ -80,7 +86,7 @@ func NewLinkShareJWTAuthtoken(share *models.LinkSharing) (token string, err erro claims["list_id"] = share.ListID claims["right"] = share.Right claims["sharedByID"] = share.SharedByID - claims["exp"] = time.Now().Add(time.Hour * 72).Unix() + claims["exp"] = exp // Generate encoded token and send it as response. return t.SignedString([]byte(config.ServiceJWTSecret.GetString()))