Added the ability to configure the JWT expiry date using a new server.jwtttl config parameter. (#999)

Co-authored-by: Stephen Hill <stephen@gatekiller.co.uk>
Reviewed-on: vikunja/api#999
Co-authored-by: stephen-hill <stephen@gatekiller.co.uk>
Co-committed-by: stephen-hill <stephen@gatekiller.co.uk>
This commit is contained in:
stephen-hill 2021-10-09 11:02:28 +00:00 committed by konrad
parent fb9fa27488
commit 82a3330412
4 changed files with 25 additions and 2 deletions

View File

@ -3,6 +3,9 @@ service:
# Default is a random token which will be generated at each startup of vikunja.
# (This means all already issued tokens will be invalid once you restart vikunja)
JWTSecret: "<jwt-secret>"
# The duration of the issed JWT tokens in seconds.
# The default is 259200 seconds (3 Days).
jwtttl: 259200
# The interface on which to run the webserver
interface: ":3456"
# Path to Unix socket. If set, it will be created and used instead of tcp

View File

@ -79,6 +79,18 @@ Full path: `service.JWTSecret`
Environment path: `VIKUNJA_SERVICE_JWT_SECRET`
### jwtttl
The duration of the issed JWT tokens in seconds.
The default is 259200 seconds (3 Days).
Default: `259200`
Full path: `service.jwtttl`
Environment path: `VIKUNJA_SERVICE_JWTTTL`
### interface
The interface on which to run the webserver

View File

@ -37,6 +37,7 @@ type Key string
const (
// #nosec
ServiceJWTSecret Key = `service.JWTSecret`
ServiceJWTTTL Key = `service.jwtttl`
ServiceInterface Key = `service.interface`
ServiceUnixSocket Key = `service.unixsocket`
ServiceUnixSocketMode Key = `service.unixsocketmode`
@ -226,6 +227,7 @@ func InitDefaultConfig() {
// Service
ServiceJWTSecret.setDefault(random)
ServiceJWTTTL.setDefault(259200)
ServiceInterface.setDefault(":3456")
ServiceUnixSocket.setDefault("")
ServiceFrontendurl.setDefault("")

View File

@ -54,13 +54,16 @@ func NewUserAuthTokenResponse(u *user.User, c echo.Context) error {
func NewUserJWTAuthtoken(user *user.User) (token string, err error) {
t := jwt.New(jwt.SigningMethodHS256)
var ttl = time.Duration(config.ServiceJWTTTL.GetInt64())
var exp = time.Now().Add(time.Second * ttl).Unix()
// Set claims
claims := t.Claims.(jwt.MapClaims)
claims["type"] = AuthTypeUser
claims["id"] = user.ID
claims["username"] = user.Username
claims["email"] = user.Email
claims["exp"] = time.Now().Add(time.Hour * 72).Unix()
claims["exp"] = exp
claims["name"] = user.Name
claims["emailRemindersEnabled"] = user.EmailRemindersEnabled
@ -72,6 +75,9 @@ func NewUserJWTAuthtoken(user *user.User) (token string, err error) {
func NewLinkShareJWTAuthtoken(share *models.LinkSharing) (token string, err error) {
t := jwt.New(jwt.SigningMethodHS256)
var ttl = time.Duration(config.ServiceJWTTTL.GetInt64())
var exp = time.Now().Add(time.Second * ttl).Unix()
// Set claims
claims := t.Claims.(jwt.MapClaims)
claims["type"] = AuthTypeLinkShare
@ -80,7 +86,7 @@ func NewLinkShareJWTAuthtoken(share *models.LinkSharing) (token string, err erro
claims["list_id"] = share.ListID
claims["right"] = share.Right
claims["sharedByID"] = share.SharedByID
claims["exp"] = time.Now().Add(time.Hour * 72).Unix()
claims["exp"] = exp
// Generate encoded token and send it as response.
return t.SignedString([]byte(config.ServiceJWTSecret.GetString()))