From 6f0e15bd77dd96ccce0f9fe8783fd9933ded2678 Mon Sep 17 00:00:00 2001
From: Matthew Sullivan <contact@matthewsullivan.media>
Date: Wed, 30 Dec 2020 16:14:04 -0500
Subject: [PATCH 1/2] Add token expiration

---
 app/helpers/jwt_helper.rb | 5 +++--
 config/local_env.yml      | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/app/helpers/jwt_helper.rb b/app/helpers/jwt_helper.rb
index 79f312e..c0e5a52 100644
--- a/app/helpers/jwt_helper.rb
+++ b/app/helpers/jwt_helper.rb
@@ -2,9 +2,10 @@
 
 module JwtHelper
   class << self
-    SECRET = ENV['RJPA_SECRET']
+    SECRET = ENV['JWT_SECRET']
 
     def encode_token(payload)
+      payload[:exp] = Time.now.to_i + ENV['JWT_EXPIRATION'].to_i
       JWT.encode(payload, SECRET)
     end
 
@@ -22,7 +23,7 @@ def logged_in_user(token)
 
     def decoded_token(token)
       JWT.decode(token, SECRET, true, algorithm: ENV['JWT_ALGORITHM'])
-    rescue StandardError => e
+    rescue JWT::ExpiredSignature, StandardError => e
       GraphQL::ExecutionError.new(e.message)
       nil
     end
diff --git a/config/local_env.yml b/config/local_env.yml
index eed50a4..63c3721 100644
--- a/config/local_env.yml
+++ b/config/local_env.yml
@@ -1,2 +1,3 @@
-RJPA_SECRET: 'RJPA_SECRET'
-JWT_ALGORITHM: 'HS256'
\ No newline at end of file
+JWT_ALGORITHM: 'HS256'
+JWT_EXPIRATION: '3600'
+JWT_SECRET: 'RJPA_SECRET'
\ No newline at end of file

From 59b4996ba9b4bed1f5f3e0e1fc5a9b9e34f5c613 Mon Sep 17 00:00:00 2001
From: Matthew Sullivan <contact@matthewsullivan.media>
Date: Wed, 30 Dec 2020 16:22:57 -0500
Subject: [PATCH 2/2] Update JWT Payload

---
 app/graph/authentication/mutations/login.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/graph/authentication/mutations/login.rb b/app/graph/authentication/mutations/login.rb
index 8ec7e69..21c909e 100644
--- a/app/graph/authentication/mutations/login.rb
+++ b/app/graph/authentication/mutations/login.rb
@@ -23,7 +23,7 @@ def login_user!(credentials)
       user = User.find_by(email: credentials[:email])
       raise StandardError unless user&.authenticate(credentials[:password])
 
-      token = JwtHelper.encode_token({ user_id: user.id })
+      token = JwtHelper.encode_token({ email: user.email, user_id: user.id })
       { user: user, token: token }
     end
   end