andrechristikan · andrechristikan · Nov 30, 2023 · Nov 30, 2023 · Nov 30, 2023
diff --git a/.env.example b/.env.example
@@ -24,8 +24,9 @@ AUTH_JWT_SUBJECT=AckDevelopment
 AUTH_JWT_ISSUER=ack
 AUTH_JWT_AUDIENCE=https://example.com
 
-AUTH_JWT_ACCESS_TOKEN_SECRET_KEY=1234567890
 AUTH_JWT_ACCESS_TOKEN_EXPIRED=1h
+AUTH_JWT_ACCESS_TOKEN_SECRET_KEY=1234567890
+AUTH_JWT_REFRESH_TOKEN_EXPIRED=182d
 AUTH_JWT_REFRESH_TOKEN_SECRET_KEY=0987654321
 
 AUTH_JWT_PAYLOAD_ENCRYPT=false

diff --git a/src/common/auth/guards/jwt-refresh/auth.jwt-refresh.strategy.ts b/src/common/auth/guards/jwt-refresh/auth.jwt-refresh.strategy.ts
@@ -17,7 +17,7 @@ export class AuthJwtRefreshStrategy extends PassportStrategy(
             jwtFromRequest: ExtractJwt.fromAuthHeaderWithScheme(
                 configService.get<string>('auth.prefixAuthorization')
             ),
-            ignoreExpiration: true,
+            ignoreExpiration: false,
             jsonWebTokenOptions: {
                 ignoreNotBefore: true,
                 audience: configService.get<string>('auth.audience'),

diff --git a/src/common/auth/services/auth.service.ts b/src/common/auth/services/auth.service.ts
@@ -22,6 +22,7 @@ export class AuthService implements IAuthService {
     private readonly accessTokenEncryptIv: string;
 
     private readonly refreshTokenSecretKey: string;
+    private readonly refreshTokenExpirationTime: number;
     private readonly refreshTokenEncryptKey: string;
     private readonly refreshTokenEncryptIv: string;
 
@@ -61,6 +62,9 @@ export class AuthService implements IAuthService {
         this.refreshTokenSecretKey = this.configService.get<string>(
             'auth.refreshToken.secretKey'
         );
+        this.refreshTokenExpirationTime = this.configService.get<number>(
+            'auth.refreshToken.expirationTime'
+        );
         this.refreshTokenEncryptKey = this.configService.get<string>(
             'auth.refreshToken.encryptKey'
         );
@@ -172,7 +176,7 @@ export class AuthService implements IAuthService {
             { data: payloadHashed },
             {
                 secretKey: this.refreshTokenSecretKey,
-                expiredIn: '0',
+                expiredIn: this.refreshTokenExpirationTime,
                 audience: this.audience,
                 issuer: this.issuer,
                 subject: this.subject,

diff --git a/src/common/common.module.ts b/src/common/common.module.ts
@@ -69,13 +69,16 @@ import { PolicyModule } from 'src/common/policy/policy.module';
                 AUTH_JWT_AUDIENCE: Joi.string().required(),
                 AUTH_JWT_ISSUER: Joi.string().required(),
 
+                AUTH_JWT_ACCESS_TOKEN_EXPIRED: Joi.string()
+                    .default('15m')
+                    .required(),
                 AUTH_JWT_ACCESS_TOKEN_SECRET_KEY: Joi.string()
                     .alphanum()
                     .min(5)
                     .max(50)
                     .required(),
-                AUTH_JWT_ACCESS_TOKEN_EXPIRED: Joi.string()
-                    .default('15m')
+                AUTH_JWT_REFRESH_TOKEN_EXPIRED: Joi.string()
+                    .default('182d')
                     .required(),
                 AUTH_JWT_REFRESH_TOKEN_SECRET_KEY: Joi.string()
                     .alphanum()

diff --git a/src/common/helper/interfaces/helper.interface.ts b/src/common/helper/interfaces/helper.interface.ts
@@ -10,9 +10,11 @@ export interface IHelperJwtVerifyOptions {
     issuer: string;
     subject: string;
     secretKey: string;
+    ignoreExpiration?: boolean;
 }
 
-export interface IHelperJwtOptions extends IHelperJwtVerifyOptions {
+export interface IHelperJwtOptions
+    extends Omit<IHelperJwtVerifyOptions, 'ignoreExpiration'> {
     expiredIn: number | string;
     notBefore?: number | string;
 }

diff --git a/src/common/helper/services/helper.encryption.service.ts b/src/common/helper/services/helper.encryption.service.ts
@@ -80,6 +80,7 @@ export class HelperEncryptionService implements IHelperEncryptionService {
                 audience: options.audience,
                 issuer: options.issuer,
                 subject: options.subject,
+                ignoreExpiration: options.ignoreExpiration ?? false,
             });
 
             return true;

diff --git a/src/configs/auth.config.ts b/src/configs/auth.config.ts
@@ -17,6 +17,9 @@ export default registerAs(
         refreshToken: {
             secretKey:
                 process.env.AUTH_JWT_REFRESH_TOKEN_SECRET_KEY ?? '123456000',
+            expirationTime: seconds(
+                process.env.AUTH_JWT_REFRESH_TOKEN_EXPIRED ?? '182d'
+            ), // 1 hours
 
             encryptKey: process.env.AUTH_JWT_PAYLOAD_REFRESH_TOKEN_ENCRYPT_KEY,
             encryptIv: process.env.AUTH_JWT_PAYLOAD_REFRESH_TOKEN_ENCRYPT_IV,