Merge pull request #154 from MedvedewEM/enhancement/access_token_expiry_time

lakhansamani · web-flow · commit dbbe36f6b5ec · 2022-03-25T18:57:53.000+05:30
enhancement: add access_token_expiry_time env variable
diff --git a/dashboard/src/constants.ts b/dashboard/src/constants.ts
@@ -2,6 +2,7 @@ export const LOGO_URL =
 	'https://user-images.githubusercontent.com/6964334/147834043-fc384cab-e7ca-40f8-9663-38fc25fd5f3a.png';
 
 export const TextInputType = {
+	ACCESS_TOKEN_EXPIRY_TIME: 'ACCESS_TOKEN_EXPIRY_TIME',
 	CLIENT_ID: 'CLIENT_ID',
 	GOOGLE_CLIENT_ID: 'GOOGLE_CLIENT_ID',
 	GITHUB_CLIENT_ID: 'GITHUB_CLIENT_ID',
@@ -125,4 +126,5 @@ export interface envVarTypes {
 	DATABASE_NAME: string;
 	DATABASE_TYPE: string;
 	DATABASE_URL: string;
+	ACCESS_TOKEN_EXPIRY_TIME: string;
 }
diff --git a/dashboard/src/graphql/queries/index.ts b/dashboard/src/graphql/queries/index.ts
@@ -53,6 +53,7 @@ export const EnvVariablesQuery = `
       DATABASE_NAME,
       DATABASE_TYPE,
       DATABASE_URL,
+      ACCESS_TOKEN_EXPIRY_TIME,
     }
   }
 `;
diff --git a/dashboard/src/pages/Environment.tsx b/dashboard/src/pages/Environment.tsx
@@ -85,6 +85,7 @@ export default function Environment() {
 		DATABASE_NAME: '',
 		DATABASE_TYPE: '',
 		DATABASE_URL: '',
+		ACCESS_TOKEN_EXPIRY_TIME: '',
 	});
 
 	const [fieldVisibility, setFieldVisibility] = React.useState<
@@ -600,19 +601,35 @@ export default function Environment() {
 			</Stack>
 			<Divider marginTop="2%" marginBottom="2%" />
 			<Text fontSize="md" paddingTop="2%" fontWeight="bold">
-				Custom Access Token Scripts
+				Access Token
 			</Text>
 			<Stack spacing={6} padding="2% 0%">
 				<Flex>
-					<Center w="100%">
+					<Flex w="30%" justifyContent="start" alignItems="center">
+						<Text fontSize="sm">Access Token Expiry Time:</Text>
+					</Flex>
+					<Flex w="70%">
 						<InputField
+							variables={envVariables}
+							setVariables={setEnvVariables}
+							inputType={TextInputType.ACCESS_TOKEN_EXPIRY_TIME}
+							placeholder="0h15m0s"
+						/>
+					</Flex>
+				</Flex>
+				<Flex>
+					<Flex w="30%" justifyContent="start" alignItems="center">
+						<Text fontSize="sm">Custom Access Token Scripts:</Text>
+					</Flex>
+					<Flex w="70%">
+					<InputField
 							variables={envVariables}
 							setVariables={setEnvVariables}
 							inputType={TextAreaInputType.CUSTOM_ACCESS_TOKEN_SCRIPT}
 							placeholder="Add script here"
 							minH="25vh"
 						/>
-					</Center>
+					</Flex>
 				</Flex>
 			</Stack>
 			<Divider marginTop="2%" marginBottom="2%" />
diff --git a/server/constants/env.go b/server/constants/env.go
@@ -21,6 +21,8 @@ const (
 	// EnvKeyPort key for env variable PORT
 	EnvKeyPort = "PORT"
 
+	// EnvKeyAccessTokenExpiryTime key for env variable ACCESS_TOKEN_EXPIRY_TIME
+	EnvKeyAccessTokenExpiryTime = "ACCESS_TOKEN_EXPIRY_TIME"
 	// EnvKeyAdminSecret key for env variable ADMIN_SECRET
 	EnvKeyAdminSecret = "ADMIN_SECRET"
 	// EnvKeyDatabaseType key for env variable DATABASE_TYPE
diff --git a/server/env/env.go b/server/env/env.go
@@ -120,6 +120,10 @@ func InitAllEnv() error {
 		}
 	}
 
+	if envData.StringEnv[constants.EnvKeyAccessTokenExpiryTime] == "" {
+		envData.StringEnv[constants.EnvKeyAccessTokenExpiryTime] = os.Getenv(constants.EnvKeyAccessTokenExpiryTime)
+	}
+
 	if envData.StringEnv[constants.EnvKeyAdminSecret] == "" {
 		envData.StringEnv[constants.EnvKeyAdminSecret] = os.Getenv(constants.EnvKeyAdminSecret)
 	}
diff --git a/server/graph/generated/generated.go b/server/graph/generated/generated.go
diff --git a/server/graph/model/models_gen.go b/server/graph/model/models_gen.go
diff --git a/server/graph/schema.graphqls b/server/graph/schema.graphqls
@@ -87,6 +87,7 @@ type Response {
 }
 
 type Env {
+	ACCESS_TOKEN_EXPIRY_TIME: String
 	ADMIN_SECRET: String
 	DATABASE_NAME: String!
 	DATABASE_URL: String!
@@ -138,6 +139,7 @@ type GenerateJWTKeysResponse {
 }
 
 input UpdateEnvInput {
+	ACCESS_TOKEN_EXPIRY_TIME: String
 	ADMIN_SECRET: String
 	CUSTOM_ACCESS_TOKEN_SCRIPT: String
 	OLD_ADMIN_SECRET: String
diff --git a/server/handlers/authorize.go b/server/handlers/authorize.go
@@ -5,6 +5,7 @@ import (
 	"net/http"
 	"strconv"
 	"strings"
+	"time"
 
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/cookie"
@@ -279,7 +280,11 @@ func AuthorizeHandler() gin.HandlerFunc {
 			sessionstore.SetState(authToken.FingerPrintHash, authToken.FingerPrint+"@"+user.ID)
 			sessionstore.SetState(authToken.AccessToken.Token, authToken.FingerPrint+"@"+user.ID)
 			cookie.SetSession(gc, authToken.FingerPrintHash)
-			expiresIn := int64(1800)
+
+			expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
+			if expiresIn <= 0 {
+				expiresIn = 1
+			}
 
 			// used of query mode
 			params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token
diff --git a/server/handlers/oauth_callback.go b/server/handlers/oauth_callback.go
@@ -157,7 +157,12 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 		if err != nil {
 			c.JSON(500, gin.H{"error": err.Error()})
 		}
-		expiresIn := int64(1800)
+
+		expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
+		if expiresIn <= 0 {
+			expiresIn = 1
+		}
+
 		params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + stateValue + "&id_token=" + authToken.IDToken.Token
 
 		cookie.SetSession(c, authToken.FingerPrintHash)
diff --git a/server/handlers/token.go b/server/handlers/token.go
@@ -5,6 +5,7 @@ import (
 	"encoding/base64"
 	"net/http"
 	"strings"
+	"time"
 
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/cookie"
@@ -174,7 +175,11 @@ func TokenHandler() gin.HandlerFunc {
 		sessionstore.SetState(authToken.AccessToken.Token, authToken.FingerPrint+"@"+user.ID)
 		cookie.SetSession(gc, authToken.FingerPrintHash)
 
-		expiresIn := int64(1800)
+		expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
+		if expiresIn <= 0 {
+			expiresIn = 1
+		}
+
 		res := map[string]interface{}{
 			"access_token": authToken.AccessToken.Token,
 			"id_token":     authToken.IDToken.Token,
diff --git a/server/handlers/verify_email.go b/server/handlers/verify_email.go
@@ -82,7 +82,12 @@ func VerifyEmailHandler() gin.HandlerFunc {
 			c.JSON(500, errorRes)
 			return
 		}
-		expiresIn := int64(1800)
+
+		expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
+		if expiresIn <= 0 {
+			expiresIn = 1
+		}
+
 		params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token
 
 		cookie.SetSession(c, authToken.FingerPrintHash)
diff --git a/server/resolvers/env.go b/server/resolvers/env.go
@@ -27,6 +27,7 @@ func EnvResolver(ctx context.Context) (*model.Env, error) {
 
 	// get clone of store
 	store := envstore.EnvStoreObj.GetEnvStoreClone()
+	accessTokenExpiryTime := store.StringEnv[constants.EnvKeyAccessTokenExpiryTime]
 	adminSecret := store.StringEnv[constants.EnvKeyAdminSecret]
 	clientID := store.StringEnv[constants.EnvKeyClientID]
 	clientSecret := store.StringEnv[constants.EnvKeyClientSecret]
@@ -67,6 +68,7 @@ func EnvResolver(ctx context.Context) (*model.Env, error) {
 	organizationLogo := store.StringEnv[constants.EnvKeyOrganizationLogo]
 
 	res = &model.Env{
+		AccessTokenExpiryTime:      &accessTokenExpiryTime,
 		AdminSecret:                &adminSecret,
 		DatabaseName:               databaseName,
 		DatabaseURL:                databaseURL,
diff --git a/server/resolvers/login.go b/server/resolvers/login.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"log"
 	"strings"
+	"time"
 
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/cookie"
@@ -73,7 +74,11 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
 		return res, err
 	}
 
-	expiresIn := int64(1800)
+	expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
+	if expiresIn <= 0 {
+		expiresIn = 1
+	}
+
 	res = &model.AuthResponse{
 		Message:     `Logged in successfully`,
 		AccessToken: &authToken.AccessToken.Token,
diff --git a/server/resolvers/session.go b/server/resolvers/session.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"log"
+	"time"
 
 	"github.com/authorizerdev/authorizer/server/cookie"
 	"github.com/authorizerdev/authorizer/server/db"
@@ -73,7 +74,11 @@ func SessionResolver(ctx context.Context, params *model.SessionQueryInput) (*mod
 	sessionstore.SetState(authToken.AccessToken.Token, authToken.FingerPrint+"@"+user.ID)
 	cookie.SetSession(gc, authToken.FingerPrintHash)
 
-	expiresIn := int64(1800)
+	expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
+	if expiresIn <= 0 {
+		expiresIn = 1
+	}
+
 	res = &model.AuthResponse{
 		Message:     `Session token refreshed`,
 		AccessToken: &authToken.AccessToken.Token,
diff --git a/server/resolvers/signup.go b/server/resolvers/signup.go
@@ -176,7 +176,10 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
 		cookie.SetSession(gc, authToken.FingerPrintHash)
 		go utils.SaveSessionInDB(gc, user.ID)
 
-		expiresIn := int64(1800)
+		expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
+		if expiresIn <= 0 {
+			expiresIn = 1
+		}
 
 		res = &model.AuthResponse{
 			Message:     `Signed up successfully.`,
diff --git a/server/resolvers/verify_email.go b/server/resolvers/verify_email.go
@@ -64,7 +64,11 @@ func VerifyEmailResolver(ctx context.Context, params model.VerifyEmailInput) (*m
 	cookie.SetSession(gc, authToken.FingerPrintHash)
 	go utils.SaveSessionInDB(gc, user.ID)
 
-	expiresIn := int64(1800)
+	expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
+	if expiresIn <= 0 {
+		expiresIn = 1
+	}
+
 	res = &model.AuthResponse{
 		Message:     `Email verified successfully.`,
 		AccessToken: &authToken.AccessToken.Token,
diff --git a/server/token/auth_token.go b/server/token/auth_token.go
diff --git a/server/utils/parser.go b/server/utils/parser.go

Original file line number	Diff line number	Diff line change
@@ -53,6 +53,7 @@ export const EnvVariablesQuery = `
`53`	`53`	`DATABASE_NAME,`
`54`	`54`	`DATABASE_TYPE,`
`55`	`55`	`DATABASE_URL,`
	`56`	`+ ACCESS_TOKEN_EXPIRY_TIME,`
`56`	`57`	`}`
`57`	`58`	`}`
`58`	`59`	`;
Original file line number	Diff line number	Diff line change
`@@ -120,6 +120,10 @@ func InitAllEnv() error {`
`120`	`120`	`}`
`121`	`121`	`}`
`122`	`122`
	`123`	`+ if envData.StringEnv[constants.EnvKeyAccessTokenExpiryTime] == "" {`
	`124`	`+ envData.StringEnv[constants.EnvKeyAccessTokenExpiryTime] = os.Getenv(constants.EnvKeyAccessTokenExpiryTime)`
	`125`	`+ }`
	`126`	`+`
`123`	`127`	`if envData.StringEnv[constants.EnvKeyAdminSecret] == "" {`
`124`	`128`	`envData.StringEnv[constants.EnvKeyAdminSecret] = os.Getenv(constants.EnvKeyAdminSecret)`
`125`	`129`	`}`
Original file line number	Diff line number	Diff line change
`@@ -87,6 +87,7 @@ type Response {`
`87`	`87`	`}`
`88`	`88`
`89`	`89`	`type Env {`
	`90`	`+ ACCESS_TOKEN_EXPIRY_TIME: String`
`90`	`91`	`ADMIN_SECRET: String`
`91`	`92`	`DATABASE_NAME: String!`
`92`	`93`	`DATABASE_URL: String!`
`@@ -138,6 +139,7 @@ type GenerateJWTKeysResponse {`
`138`	`139`	`}`
`139`	`140`
`140`	`141`	`input UpdateEnvInput {`
	`142`	`+ ACCESS_TOKEN_EXPIRY_TIME: String`
`141`	`143`	`ADMIN_SECRET: String`
`142`	`144`	`CUSTOM_ACCESS_TOKEN_SCRIPT: String`
`143`	`145`	`OLD_ADMIN_SECRET: String`