[#51] JWT Token's expiration is configurable

poanetwork · Aug 12, 2018 · 9edae31 · 9edae31
1 parent 559de69
commit 9edae31
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/config/prod.exs b/config/prod.exs
@@ -67,5 +67,13 @@ config :poa_backend,
          {"admin2", "password87654321"}
        ]
 
+# this will set the expiration in the JWT tokens, the format is `{integer, unit}` where unit is one of:
+# `:second` | `:seconds`
+# `:minute` | `:minutes`
+# `:hour` | `:hours`
+# `:week` | `:weeks`
+config :poa_backend,
+       jwt_ttl: {1, :hour}
+
 config :mnesia,
   dir: 'priv/data/mnesia' # make sure this directory exists!
diff --git a/lib/poa_backend/auth/router.ex b/lib/poa_backend/auth/router.ex
@@ -19,7 +19,8 @@ defmodule POABackend.Auth.Router do
          [user_name, password] <- String.split(decoded64, ":"),
          {:ok, user} <- Auth.authenticate_user(user_name, password)
     do
-      {:ok, token, _} = POABackend.Auth.Guardian.encode_and_sign(user, %{}, ttl: @token_default_ttl)
+      ttl = Application.get_env(:poa_backend, :jwt_ttl, @token_default_ttl)
+      {:ok, token, _} = POABackend.Auth.Guardian.encode_and_sign(user, %{}, ttl: ttl)
 
       {:ok, result} =
         %{token: token}