Skip to content

Commit

Permalink
feat: add alpine.auth.jwt.ttl.seconds config
Browse files Browse the repository at this point in the history
  • Loading branch information
ShuP1 committed May 22, 2024
1 parent e747ed5 commit bdc8255
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 9 deletions.
3 changes: 2 additions & 1 deletion alpine-common/src/main/java/alpine/Config.java
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,8 @@ public enum AlpineKey implements Key {
CORS_ALLOW_CREDENTIALS ("alpine.cors.allow.credentials", true),
CORS_MAX_AGE ("alpine.cors.max.age", 3600),
WATCHDOG_LOGGING_INTERVAL ("alpine.watchdog.logging.interval", 0),
API_KEY_PREFIX ("alpine.api.key.prefix", "alpine_");
API_KEY_PREFIX ("alpine.api.key.prefix", "alpine_"),
AUTH_JWT_TTL_SECONDS ("alpine.auth.jwt.ttl.seconds", 7 * 24 * 60);


private String propertyName;
Expand Down
33 changes: 25 additions & 8 deletions alpine-server/src/main/java/alpine/server/auth/JsonWebToken.java
Original file line number Diff line number Diff line change
Expand Up @@ -130,13 +130,30 @@ public String createToken(final Principal principal, final List<Permission> perm
* @return a String representation of the generated token
* @since 1.8.0
*/
public String createToken(final Principal principal, final List<Permission> permissions, final IdentityProvider identityProvider) {
final Date today = new Date();
public String createToken(final Principal principal, final List<Permission> permissions,
final IdentityProvider identityProvider) {
final int ttl = Config.getInstance().getPropertyAsInt(Config.AlpineKey.AUTH_JWT_TTL_SECONDS);
return createToken(principal, permissions, identityProvider, ttl);
}

/**
* Creates a new JWT for the specified principal. Token is signed using
* the SecretKey with an HMAC 256 algorithm.
*
* @param principal the Principal to create the token for
* @param permissions the effective list of permissions for the principal
* @param identityProvider the identity provider the principal was authenticated with. If null, it will be derived from principal
* @param ttlSeconds the token time-to-live in seconds
* @return a String representation of the generated token
* @since 2.2.6
*/
public String createToken(final Principal principal, final List<Permission> permissions, final IdentityProvider identityProvider, final int ttlSeconds) {
final Date now = new Date();
final JwtBuilder jwtBuilder = Jwts.builder();
jwtBuilder.setSubject(principal.getName());
jwtBuilder.setIssuer(ISSUER);
jwtBuilder.setIssuedAt(today);
jwtBuilder.setExpiration(addDays(today, 7));
jwtBuilder.setIssuedAt(now);
jwtBuilder.setExpiration(addSeconds(now, ttlSeconds));
if (permissions != null) {
jwtBuilder.claim("permissions", permissions.stream()
.map(Permission::getName)
Expand Down Expand Up @@ -203,14 +220,14 @@ public boolean validateToken(final String token) {
/**
* Create a new future Date from the specified Date.
*
* @param date The date to base the future date from
* @param days The number of dates to + offset
* @param date The date to base the future date from
* @param seconds The number of seconds to + offset
* @return a future date
*/
private Date addDays(final Date date, final int days) {
private Date addSeconds(final Date date, final int seconds) {
final Calendar cal = Calendar.getInstance();
cal.setTime(date);
cal.add(Calendar.DATE, days); //minus number would decrement the days
cal.add(Calendar.SECOND, seconds); //minus number would decrement the seconds
return cal.getTime();
}

Expand Down

0 comments on commit bdc8255

Please sign in to comment.