fix: use config value for tokenRenewal expiration (#2042)

* fix: tokenRenewal seems to be hard coded #1540

fix: use config value for tokenRenewal expiration (#2042)
0e6340f5 · Regev Brody · GitHub · 330c9022 · 0e6340f5
Unverified Commit 0e6340f5 authored Jun 18, 2020 by Regev Brody Committed by GitHub Jun 18, 2020
Show whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

auth.js server/core/auth.js +3 -1

No files found.
--- a/server/core/auth.js
+++ b/server/core/auth.js
@@ -2,6 +2,7 @@ const passport = require('passport')
 const passportJWT = require('passport-jwt')
 const _ = require('lodash')
 const jwt = require('jsonwebtoken')
+const ms = require('ms')
 const moment = require('moment')
 const Promise = require('bluebird')
 const crypto = Promise.promisifyAll(require('crypto'))
@@ -112,7 +113,8 @@ module.exports = {
      if (err) { return next() }

      // Expired but still valid within N days, just renew
-      if (info instanceof Error && info.name === 'TokenExpiredError' && moment().subtract(14, 'days').isBefore(info.expiredAt)) {
+      if (info instanceof Error && info.name === 'TokenExpiredError' &&
+        moment().subtract(ms(WIKI.config.auth.tokenRenewal), 'ms').isBefore(info.expiredAt)) {
        const jwtPayload = jwt.decode(securityHelper.extractJWT(req))
        try {
          const newToken = await WIKI.models.users.refreshToken(jwtPayload.id)