From 6488873bad5117383a25bf1ea01adf3156342ea4 Mon Sep 17 00:00:00 2001 From: Samuel Path Date: Wed, 11 Jun 2025 20:27:27 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7=20fix:=20Properly=20handle=20Token?= =?UTF-8?q?=20Expiry=20Defaults=20when=20Env=20Variable=20not=20set=20(#78?= =?UTF-8?q?34)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- api/server/services/AuthService.js | 4 +++- packages/data-schemas/src/methods/session.ts | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/api/server/services/AuthService.js b/api/server/services/AuthService.js index 11b37ac88..2c285512e 100644 --- a/api/server/services/AuthService.js +++ b/api/server/services/AuthService.js @@ -409,7 +409,9 @@ const setOpenIDAuthTokens = (tokenset, res) => { return; } const { REFRESH_TOKEN_EXPIRY } = process.env ?? {}; - const expiryInMilliseconds = eval(REFRESH_TOKEN_EXPIRY) ?? 1000 * 60 * 60 * 24 * 7; // 7 days default + const expiryInMilliseconds = REFRESH_TOKEN_EXPIRY + ? eval(REFRESH_TOKEN_EXPIRY) + : 1000 * 60 * 60 * 24 * 7; // 7 days default const expirationDate = new Date(Date.now() + expiryInMilliseconds); if (tokenset == null) { logger.error('[setOpenIDAuthTokens] No tokenset found in request'); diff --git a/packages/data-schemas/src/methods/session.ts b/packages/data-schemas/src/methods/session.ts index 8c44aa54d..c5af51e93 100644 --- a/packages/data-schemas/src/methods/session.ts +++ b/packages/data-schemas/src/methods/session.ts @@ -13,7 +13,9 @@ export class SessionError extends Error { } const { REFRESH_TOKEN_EXPIRY } = process.env ?? {}; -const expires = eval(REFRESH_TOKEN_EXPIRY ?? '0') ?? 1000 * 60 * 60 * 24 * 7; // 7 days default +const expires = REFRESH_TOKEN_EXPIRY + ? eval(REFRESH_TOKEN_EXPIRY) + : 1000 * 60 * 60 * 24 * 7; // 7 days default // Factory function that takes mongoose instance and returns the methods export function createSessionMethods(mongoose: typeof import('mongoose')) {