♻️ Remove expiry from access tokens

staart · Sep 2, 2020 · cd1fb73 · cd1fb73
1 parent d9f6ddd
commit cd1fb73
Show file tree

Hide file tree

Showing 6 changed files with 5 additions and 72 deletions.
diff --git a/src/_staart/helpers/jwt.ts b/src/_staart/helpers/jwt.ts
@@ -1,8 +1,4 @@
-import {
-  accessTokensCreateInput,
-  accessTokensUpdateInput,
-  users,
-} from "@prisma/client";
+import { users } from "@prisma/client";
 import {
   IP_RANGE_CHECK_FAIL,
   REFERRER_CHECK_FAIL,
@@ -17,7 +13,6 @@ import { decode, sign, verify } from "jsonwebtoken";
 import {
   JWT_ISSUER,
   JWT_SECRET,
-  TOKEN_EXPIRY_API_KEY_MAX,
   TOKEN_EXPIRY_APPROVE_LOCATION,
   TOKEN_EXPIRY_EMAIL_VERIFICATION,
   TOKEN_EXPIRY_LOGIN,
@@ -153,28 +148,6 @@ export const loginLinkToken = (user: users) =>
 export const twoFactorToken = (user: users) =>
   generateToken({ id: user.id }, TOKEN_EXPIRY_LOGIN, Tokens.TWO_FACTOR);
 
-/**
- * Generate an access token
- */
-export const accessToken = (
-  accessToken: accessTokensCreateInput | accessTokensUpdateInput
-) => {
-  const createAccessToken = { ...removeFalsyValues(accessToken) };
-  delete createAccessToken.createdAt;
-  delete createAccessToken.accessToken;
-  delete createAccessToken.updatedAt;
-  delete createAccessToken.name;
-  delete createAccessToken.description;
-  delete createAccessToken.expiresAt;
-  return generateToken(
-    createAccessToken,
-    (typeof accessToken.expiresAt === "string"
-      ? new Date(accessToken.expiresAt).getTime()
-      : TOKEN_EXPIRY_API_KEY_MAX) - new Date().getTime(),
-    Tokens.ACCESS_TOKEN
-  );
-};
-
 /**
  * Generate a new approve location JWT
  */

diff --git a/src/_staart/rest/group.ts b/src/_staart/rest/group.ts
@@ -49,12 +49,7 @@ import {
 } from "@staart/payments";
 import { randomString } from "@staart/text";
 import axios from "axios";
-import {
-  JWT_ISSUER,
-  TOKEN_EXPIRY_API_KEY_MAX,
-  ScopesGroup,
-  ScopesUser,
-} from "../../config";
+import { JWT_ISSUER, ScopesGroup, ScopesUser } from "../../config";
 import { can, Acts } from "../helpers/authorization";
 import { deleteItemFromCache } from "../helpers/cache";
 import {
@@ -893,7 +888,6 @@ export const createApiKeyForUser = async (
     throw new Error(INSUFFICIENT_PERMISSION);
 
   apiKey.apiKey = randomString({ length: 20 });
-  apiKey.expiresAt = apiKey.expiresAt || new Date(TOKEN_EXPIRY_API_KEY_MAX);
   const result = await prisma.apiKeys.create({
     data: {
       ...apiKey,

diff --git a/src/_staart/rest/user.ts b/src/_staart/rest/user.ts
@@ -23,12 +23,7 @@ import { deleteCustomer } from "@staart/payments";
 import { compare, hash, randomString } from "@staart/text";
 import { authenticator } from "otplib";
 import { toDataURL } from "qrcode";
-import {
-  ALLOW_DISPOSABLE_EMAILS,
-  SERVICE_2FA,
-  TOKEN_EXPIRY_API_KEY_MAX,
-  ScopesUser,
-} from "../../config";
+import { ALLOW_DISPOSABLE_EMAILS, SERVICE_2FA, ScopesUser } from "../../config";
 import { can, Acts } from "../helpers/authorization";
 import { deleteItemFromCache } from "../helpers/cache";
 import { ApiKeyResponse, couponCodeJwt } from "../helpers/jwt";
@@ -458,8 +453,6 @@ export const createAccessTokenForUser = async (
     throw new Error(INSUFFICIENT_PERMISSION);
 
   accessToken.accessToken = randomString({ length: 20 });
-  accessToken.expiresAt =
-    accessToken.expiresAt || new Date(TOKEN_EXPIRY_API_KEY_MAX);
   return prisma.accessTokens.create({
     data: { ...accessToken, user: { connect: { id: userId } } },
   });

diff --git a/src/_staart/services/group.service.ts b/src/_staart/services/group.service.ts
@@ -18,11 +18,7 @@ import {
 import { capitalizeFirstAndLastLetter, ms, randomString } from "@staart/text";
 import axios from "axios";
 import randomColor from "randomcolor";
-import {
-  ELASTIC_LOGS_INDEX,
-  JWT_ISSUER,
-  TOKEN_EXPIRY_API_KEY_MAX,
-} from "../../config";
+import { ELASTIC_LOGS_INDEX, JWT_ISSUER } from "../../config";
 import {
   deleteItemFromCache,
   getItemFromCache,
@@ -112,15 +108,6 @@ export const getApiKeyLogs = async (apiKeyId: number, query: KeyValue) => {
   return cleanElasticSearchQueryResponse(result.body, 10);
 };
 
-/**
- * Create an API key
- */
-export const createApiKey = async (apiKey: apiKeysCreateInput) => {
-  apiKey.expiresAt = apiKey.expiresAt || new Date(TOKEN_EXPIRY_API_KEY_MAX);
-  apiKey.apiKey = randomString({ length: 24 });
-  return prisma.apiKeys.create({ data: apiKey });
-};
-
 /**
  * Update a user's details
  */

diff --git a/src/_staart/services/user.service.ts b/src/_staart/services/user.service.ts
@@ -1,6 +1,5 @@
 import {
   accessTokens,
-  accessTokensCreateInput,
   sessionsUpdateInput,
   users,
   usersCreateInput,
@@ -18,13 +17,12 @@ import {
 import { createHash } from "crypto";
 import { decode } from "jsonwebtoken";
 import randomInt from "random-int";
-import { TOKEN_EXPIRY_API_KEY_MAX } from "../../config";
 import {
   deleteItemFromCache,
   getItemFromCache,
   setItemInCache,
 } from "../helpers/cache";
-import { accessToken, emailVerificationToken } from "../helpers/jwt";
+import { emailVerificationToken } from "../helpers/jwt";
 import { mail } from "../helpers/mail";
 import { prisma } from "../helpers/prisma";
 import { deleteSensitiveInfoUser } from "../helpers/utils";
@@ -162,15 +160,6 @@ export const createBackupCodes = async (userId: number, count = 1) => {
   return codes;
 };
 
-/**
- * Create an API key
- */
-export const createAccessToken = async (data: accessTokensCreateInput) => {
-  data.expiresAt = data.expiresAt || new Date(TOKEN_EXPIRY_API_KEY_MAX);
-  data.accessToken = await accessToken(data);
-  return prisma.accessTokens.create({ data });
-};
-
 /**
  * Update a user's details
  */

diff --git a/src/config.ts b/src/config.ts
@@ -97,9 +97,6 @@ export const TOKEN_EXPIRY_LOGIN = process.env.TOKEN_EXPIRY_LOGIN || "15m";
 export const TOKEN_EXPIRY_APPROVE_LOCATION =
   process.env.TOKEN_EXPIRY_APPROVE_LOCATION || "10m";
 export const TOKEN_EXPIRY_REFRESH = process.env.TOKEN_EXPIRY_REFRESH || "30d";
-export const TOKEN_EXPIRY_API_KEY_MAX = process.env.TOKEN_EXPIRY_API_KEY_MAX
-  ? parseInt(process.env.TOKEN_EXPIRY_API_KEY_MAX)
-  : 10413685800000; // 2299-12-31 is the default maximum expiry (also what Microsoft uses)
 export const DISALLOW_OPEN_CORS = bool(process.env.DISALLOW_OPEN_CORS);
 
 // OAuth2 credentials