From f67cb364c920b69f9dd2db8fe90a2ddc55bef51e Mon Sep 17 00:00:00 2001
From: Aydan Pirani <aydanpirani@gmail.com>
Date: Sun, 15 Oct 2023 11:12:40 -0500
Subject: [PATCH] Change JWT Expiration Logic (#83)

* Added JWT changes

* Formatter/linter changes

* Change default expiry to 24h
---
 src/constants.ts                 | 22 +++++++++-------------
 src/services/auth/auth-lib.ts    |  8 +++++---
 src/services/auth/auth-router.ts |  3 ++-
 src/services/user/user-router.ts |  4 ++--
 4 files changed, 18 insertions(+), 19 deletions(-)

diff --git a/src/constants.ts b/src/constants.ts
index e249d5d3..f36e8508 100644
--- a/src/constants.ts
+++ b/src/constants.ts
@@ -12,22 +12,18 @@ abstract class Constants {
     static readonly INTERNAL_ERROR: number = 500;
 
     // URLs
-    private static readonly ADMIN_DEVICE: string = "admin";
-    private static readonly ADMIN_REDIRECT: string = "https://admin.hackillinois.org/auth/";
+    static readonly ADMIN_DEVICE: string = "admin";
+    static readonly DEV_DEVICE: string = "dev";
+    static readonly WEB_DEVICE: string = "web";
+    static readonly IOS_DEVICE: string = "ios";
+    static readonly ANDROID_DEVICE: string = "android";
+    static readonly DEFAULT_DEVICE: string = Constants.WEB_DEVICE;
 
-    private static readonly DEV_DEVICE: string = "dev";
+    private static readonly ADMIN_REDIRECT: string = "https://admin.hackillinois.org/auth/";
     private static readonly DEV_REDIRECT: string = "https://adonix.hackillinois.org/auth/dev/";
-
-    private static readonly WEB_DEVICE: string = "web";
     private static readonly WEB_REDIRECT: string = "https://www.hackillinois.org/auth/";
-
-    private static readonly IOS_DEVICE: string = "ios";
     private static readonly IOS_REDIRECT: string = "hackillinois://login/";
-
-    private static readonly ANDROID_DEVICE: string = "android";
     private static readonly ANDROID_REDIRECT: string = "hackillinois://login/";
-
-    static readonly DEFAULT_DEVICE: string = this.WEB_DEVICE;
     static readonly DEFAULT_REDIRECT: string = this.WEB_REDIRECT;
 
     static readonly REDIRECT_MAPPINGS: Map<string, string> = new Map<string, string>([
@@ -35,7 +31,7 @@ abstract class Constants {
         [this.WEB_DEVICE, this.WEB_REDIRECT],
         [this.IOS_DEVICE, this.IOS_REDIRECT],
         [this.ANDROID_DEVICE, this.ANDROID_REDIRECT],
-        [this.DEFAULT_DEVICE, this.DEFAULT_REDIRECT],
+        [Constants.DEFAULT_DEVICE, this.DEFAULT_REDIRECT],
         [this.DEV_DEVICE, this.DEV_REDIRECT],
     ]);
 
@@ -48,7 +44,7 @@ abstract class Constants {
 
     static readonly SYSTEM_ADMIN_LIST: string[] = (process.env.SYSTEM_ADMINS ?? "").split(",");
 
-    static readonly DEFAULT_JWT_OFFSET: string = "48h";
+    static readonly DEFAULT_JWT_OFFSET: string = "24h";
 
     // Constants for general usage
     static readonly ZERO: number = 0;
diff --git a/src/services/auth/auth-lib.ts b/src/services/auth/auth-lib.ts
index f61318f1..6c51dea3 100644
--- a/src/services/auth/auth-lib.ts
+++ b/src/services/auth/auth-lib.ts
@@ -107,7 +107,7 @@ export async function getJwtPayloadFromDB(targetUser: string): Promise<JwtPayloa
  * @param expiration Offset-based expiration. If not provided, defaults to 2 days.
  * @returns Signed JWT token, to be returned to the user.
  */
-export function generateJwtToken(payload?: JwtPayload, expiration?: string): string {
+export function generateJwtToken(payload?: JwtPayload, shouldNotExpire?: boolean, expiration?: string): string {
     if (!payload) {
         throw new Error("No JWT token passed in!");
     }
@@ -120,8 +120,10 @@ export function generateJwtToken(payload?: JwtPayload, expiration?: string): str
 
     // // Appends an expiry field to the JWT token
     const options: SignOptions = {};
-    const offset: number = ms(expiration ?? Constants.DEFAULT_JWT_OFFSET);
-    payload.exp = Math.floor(Date.now() + offset) / Constants.MILLISECONDS_PER_SECOND;
+    if (!shouldNotExpire) {
+        const offset: number = ms(expiration ?? Constants.DEFAULT_JWT_OFFSET);
+        payload.exp = Math.floor(Date.now() + offset) / Constants.MILLISECONDS_PER_SECOND;
+    }
 
     // Generate a token, and return it
     const token: string = jsonwebtoken.sign(payload, secret, options);
diff --git a/src/services/auth/auth-router.ts b/src/services/auth/auth-router.ts
index 5b62e942..9da3becd 100644
--- a/src/services/auth/auth-router.ts
+++ b/src/services/auth/auth-router.ts
@@ -154,7 +154,8 @@ authRouter.get(
             );
 
             // Generate the token, and return it
-            const token: string = generateJwtToken(payload);
+            const isMobile: boolean = device == Constants.ANDROID_DEVICE || device == Constants.IOS_DEVICE;
+            const token: string = generateJwtToken(payload, isMobile);
             const url: string = `${redirect}?token=${token}`;
             return res.redirect(url);
         } catch (error) {
diff --git a/src/services/user/user-router.ts b/src/services/user/user-router.ts
index a4f1061b..bbed0244 100644
--- a/src/services/user/user-router.ts
+++ b/src/services/user/user-router.ts
@@ -32,7 +32,7 @@ const userRouter: Router = Router();
 userRouter.get("/qr/", strongJwtVerification, (_: Request, res: Response) => {
     // Return the same payload, but with a shorter expiration time
     const payload: JwtPayload = res.locals.payload as JwtPayload;
-    const token: string = generateJwtToken(payload, "20s");
+    const token: string = generateJwtToken(payload, false, "20s");
     const uri: string = `hackillinois://user?userToken=${token}`;
     res.status(Constants.SUCCESS).send({ id: payload.id, qrInfo: uri });
 });
@@ -84,7 +84,7 @@ userRouter.get("/qr/:USERID", strongJwtVerification, async (req: Request, res: R
     }
 
     // Generate the token
-    const token: string = generateJwtToken(newPayload, "20s");
+    const token: string = generateJwtToken(newPayload, false, "20s");
     const uri: string = `hackillinois://user?userToken=${token}`;
     return res.status(Constants.SUCCESS).send({ id: payload.id, qrInfo: uri });
 });