Added the ability to configure the JWT expiry date using a new server.jwtttl config parameter. (#999)

Co-authored-by: Stephen Hill <stephen@gatekiller.co.uk> Reviewed-on: https://kolaente.dev/vikunja/api/pulls/999 Co-authored-by: stephen-hill <stephen@gatekiller.co.uk> Co-committed-by: stephen-hill <stephen@gatekiller.co.uk>
2021-10-09 11:02:28 +00:00 · 2021-10-09 11:02:28 +00:00 · 82a3330412
commit 82a3330412
parent fb9fa27488
4 changed files with 25 additions and 2 deletions
--- a/config.yml.sample
+++ b/config.yml.sample
@ -3,6 +3,9 @@ service:
  # Default is a random token which will be generated at each startup of vikunja.
  # (This means all already issued tokens will be invalid once you restart vikunja)
  JWTSecret: "<jwt-secret>"
+  # The duration of the issed JWT tokens in seconds.
+  # The default is 259200 seconds (3 Days).
+  jwtttl: 259200
  # The interface on which to run the webserver
  interface: ":3456"
  # Path to Unix socket. If set, it will be created and used instead of tcp
--- a/docs/content/doc/setup/config.md
+++ b/docs/content/doc/setup/config.md
@ -79,6 +79,18 @@ Full path: `service.JWTSecret`
 Environment path: `VIKUNJA_SERVICE_JWT_SECRET`


+### jwtttl
+
+The duration of the issed JWT tokens in seconds.
+The default is 259200 seconds (3 Days).
+
+Default: `259200`
+
+Full path: `service.jwtttl`
+
+Environment path: `VIKUNJA_SERVICE_JWTTTL`
+
+
 ### interface

 The interface on which to run the webserver
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@ -37,6 +37,7 @@ type Key string
 const (
 	// #nosec
 	ServiceJWTSecret       Key = `service.JWTSecret`
+	ServiceJWTTTL          Key = `service.jwtttl`
 	ServiceInterface       Key = `service.interface`
 	ServiceUnixSocket      Key = `service.unixsocket`
 	ServiceUnixSocketMode  Key = `service.unixsocketmode`
@ -226,6 +227,7 @@ func InitDefaultConfig() {

 	// Service
 	ServiceJWTSecret.setDefault(random)
+	ServiceJWTTTL.setDefault(259200)
 	ServiceInterface.setDefault(":3456")
 	ServiceUnixSocket.setDefault("")
 	ServiceFrontendurl.setDefault("")
--- a/pkg/modules/auth/auth.go
+++ b/pkg/modules/auth/auth.go
@ -54,13 +54,16 @@ func NewUserAuthTokenResponse(u *user.User, c echo.Context) error {
 func NewUserJWTAuthtoken(user *user.User) (token string, err error) {
 	t := jwt.New(jwt.SigningMethodHS256)

+	var ttl = time.Duration(config.ServiceJWTTTL.GetInt64())
+	var exp = time.Now().Add(time.Second * ttl).Unix()
+
 	// Set claims
 	claims := t.Claims.(jwt.MapClaims)
 	claims["type"] = AuthTypeUser
 	claims["id"] = user.ID
 	claims["username"] = user.Username
 	claims["email"] = user.Email
-	claims["exp"] = time.Now().Add(time.Hour * 72).Unix()
+	claims["exp"] = exp
 	claims["name"] = user.Name
 	claims["emailRemindersEnabled"] = user.EmailRemindersEnabled

@ -72,6 +75,9 @@ func NewUserJWTAuthtoken(user *user.User) (token string, err error) {
 func NewLinkShareJWTAuthtoken(share *models.LinkSharing) (token string, err error) {
 	t := jwt.New(jwt.SigningMethodHS256)

+	var ttl = time.Duration(config.ServiceJWTTTL.GetInt64())
+	var exp = time.Now().Add(time.Second * ttl).Unix()
+
 	// Set claims
 	claims := t.Claims.(jwt.MapClaims)
 	claims["type"] = AuthTypeLinkShare
@ -80,7 +86,7 @@ func NewLinkShareJWTAuthtoken(share *models.LinkSharing) (token string, err erro
 	claims["list_id"] = share.ListID
 	claims["right"] = share.Right
 	claims["sharedByID"] = share.SharedByID
-	claims["exp"] = time.Now().Add(time.Hour * 72).Unix()
+	claims["exp"] = exp

 	// Generate encoded token and send it as response.
 	return t.SignedString([]byte(config.ServiceJWTSecret.GetString()))