Extend access token and refresh token timeouts

nt-web-app/package.json

@@ -28,6 +28,7 @@
     "jsonwebtoken": "^9.0.2",
     "jwk-to-pem": "^2.0.5",
     "keytar": "^7.9.0",
+    "ms": "^2.1.3",
     "next": "13.4.4",
     "pg": "^8.11.3",
     "react": "18.2.0",
@@ -44,6 +45,7 @@
   "devDependencies": {
     "@types/jsonwebtoken": "^9.0.2",
     "@types/jwk-to-pem": "^2.0.1",
+    "@types/ms": "^0.7.34",
     "@types/node": "20.2.5",
     "eslint": "8.41.0",
     "eslint-config-next": "13.4.4",

nt-web-app/pages/api/auth/refresh.ts

@@ -1,9 +1,10 @@
 import type {NextApiRequest, NextApiResponse} from 'next'
 import {getUsersById} from "../../../utils/TwitchUtils";
-import {createAccessToken, verifyToken} from "../../../utils/jwtUtils";
+import {createAccessToken, verifyToken, ACCESS_TOKEN_DURATION} from "../../../utils/jwtUtils";
 import {UserDatasource} from "../../../websocket/Datasource";
 import {LoginProvider, User} from "../../../entity/User";
 import * as jwt from "jsonwebtoken";
+import ms from 'ms'
 
 const SECRET_ACCESS = process.env.SECRET_JWT_ACCESS as string
 const SECRET_REFRESH = process.env.SECRET_JWT_REFRESH as string
@@ -50,7 +51,7 @@ export default async function handler(
         return
     }
 
-    const expiresIn = '28800'
+    const expiresIn = ms(ACCESS_TOKEN_DURATION)/1000 //ms to seconds, using the vercel ms library, as JWT lib does
     let accessKey: string
 
     switch (user.provider as LoginProvider) {
@@ -72,12 +73,12 @@ export default async function handler(
                 profile_image_url: '',
                 provider: 'local'
             }, SECRET_ACCESS, {
-                expiresIn: '8h'
+                expiresIn: ACCESS_TOKEN_DURATION
             })
             break
     }
     res.status(200).json({
         token: accessKey,
-        expires_in: expiresIn
+        expires_in: expiresIn.toString()
     });
 }

nt-web-app/utils/TwitchUtils.ts

@@ -46,7 +46,7 @@ const getServerAccessToken = async(): Promise<TwitchAppAccessToken|null> => {
     if(serverAccessToken){
         let expiration = serverAccessToken.acquired_at!! + serverAccessToken.expires_in*1000
         if(Date.now() - expiration <= 120000){ //if the expiration is within 2 minutes, lets refresh the token
-            console.log('Tokens expired!')
+            console.log('Twitch API Token expired!')
             serverAccessToken = undefined
         }
         else return serverAccessToken
@@ -66,14 +66,13 @@ const getServerAccessToken = async(): Promise<TwitchAppAccessToken|null> => {
                 console.log(e)
                 return null
             })
-        console.log('Fetched?')
         if(access){
             access.acquired_at = Date.now()
             serverAccessToken = access
-            console.log('Yes!')
+            console.log('Fetched Twitch API Token')
         }
         else{
-            console.log('Nope!')
+            console.log('Failed to fetch Twitch API Token')
         }
     }
     return serverAccessToken!!

nt-web-app/utils/jwtUtils.ts

@@ -4,6 +4,8 @@ import {TwitchUserData} from "../entity/TwitchGetUsersResponse";
 
 const SECRET_ACCESS = process.env.SECRET_JWT_ACCESS as string
 const SECRET_REFRESH = process.env.SECRET_JWT_REFRESH as string
+const REFRESH_TOKEN_DURATION = process.env.REFRESH_TOKEN_DURATION ?? '30d' //see https://github.com/vercel/ms for valid formats
+const ACCESS_TOKEN_DURATION = process.env.REFRESH_TOKEN_DURATION ?? '1d' //see https://github.com/vercel/ms for valid formats
 
 function createAccessToken(userData: TwitchUserData){
     return jwt.sign({
@@ -12,7 +14,7 @@ function createAccessToken(userData: TwitchUserData){
         profile_image_url: userData.profile_image_url,
         provider: 'twitch'
     }, SECRET_ACCESS, {
-        expiresIn: '8h'
+        expiresIn: ACCESS_TOKEN_DURATION
     })
 // Creating refresh token not that expiry of refresh
 //token is greater than the access token
@@ -21,7 +23,7 @@ function createAccessToken(userData: TwitchUserData){
 function createRefreshToken(userData: TwitchUserData){
     return jwt.sign({
         sub: userData.id,
-    }, SECRET_REFRESH, {expiresIn: '5d'})
+    }, SECRET_REFRESH, {expiresIn: REFRESH_TOKEN_DURATION})
 }
 
 const verifyToken = (jwtToken: string, tokenSecret: string): any => {
@@ -42,5 +44,7 @@ const verifyToken = (jwtToken: string, tokenSecret: string): any => {
 export {
     createAccessToken,
     createRefreshToken,
-    verifyToken
+    verifyToken,
+    REFRESH_TOKEN_DURATION,
+    ACCESS_TOKEN_DURATION
 }

yarn.lock

@@ -1647,7 +1647,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@types/ms@npm:*":
+"@types/ms@npm:*, @types/ms@npm:^0.7.34":
   version: 0.7.34
   resolution: "@types/ms@npm:0.7.34"
   checksum: f38d36e7b6edecd9badc9cf50474159e9da5fa6965a75186cceaf883278611b9df6669dc3a3cc122b7938d317b68a9e3d573d316fcb35d1be47ec9e468c6bd8a
@@ -11027,7 +11027,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"ms@npm:2.1.3, ms@npm:^2.1.1":
+"ms@npm:2.1.3, ms@npm:^2.1.1, ms@npm:^2.1.3":
   version: 2.1.3
   resolution: "ms@npm:2.1.3"
   checksum: aa92de608021b242401676e35cfa5aa42dd70cbdc082b916da7fb925c542173e36bce97ea3e804923fe92c0ad991434e4a38327e15a1b5b5f945d66df615ae6d
@@ -11473,6 +11473,7 @@ __metadata:
     "@popperjs/core": ^2.6.0
     "@types/jsonwebtoken": ^9.0.2
     "@types/jwk-to-pem": ^2.0.1
+    "@types/ms": ^0.7.34
     "@types/node": 20.2.5
     "@types/react": 18.2.8
     "@types/react-dom": 18.2.4
@@ -11485,6 +11486,7 @@ __metadata:
     jsonwebtoken: ^9.0.2
     jwk-to-pem: ^2.0.5
     keytar: ^7.9.0
+    ms: ^2.1.3
     next: 13.4.4
     pg: ^8.11.3
     react: 18.2.0