fix: use JWT expiry time for cookie duration (#1268)

* Set default jwt expiry to 90 days.
2025-11-15 13:01:13 +10:00 · 2025-06-18 20:50:11 +01:00
parent 080900610d
commit 3318e13225
5 changed files with 26 additions and 9 deletions
--- a/apps/server/src/core/auth/auth.controller.ts
+++ b/apps/server/src/core/auth/auth.controller.ts
@ -1,11 +1,9 @@
 import {
-  BadRequestException,
  Body,
  Controller,
  HttpCode,
  HttpStatus,
  Post,
-  Req,
  Res,
  UseGuards,
 } from '@nestjs/common';
@ -23,7 +21,6 @@ import { ForgotPasswordDto } from './dto/forgot-password.dto';
 import { PasswordResetDto } from './dto/password-reset.dto';
 import { VerifyUserTokenDto } from './dto/verify-user-token.dto';
 import { FastifyReply } from 'fastify';
-import { addDays } from 'date-fns';
 import { validateSsoEnforcement } from './auth.util';

@Controller('auth')
@ -125,7 +122,7 @@ export class AuthController {
    res.setCookie('authToken', token, {
      httpOnly: true,
      path: '/',
-      expires: addDays(new Date(), 30),
+      expires: this.environmentService.getCookieExpiresIn(),
      secure: this.environmentService.isHttps(),
    });
  }
--- a/apps/server/src/core/workspace/controllers/workspace.controller.ts
+++ b/apps/server/src/core/workspace/controllers/workspace.controller.ts
@ -29,9 +29,7 @@ import WorkspaceAbilityFactory from '../../casl/abilities/workspace-ability.fact
 import {
  WorkspaceCaslAction,
  WorkspaceCaslSubject,
-} from '../../casl/interfaces/workspace-ability.type';
-import { addDays } from 'date-fns';
-import { FastifyReply } from 'fastify';
+} from '../../casl/interfaces/workspace-ability.type';import { FastifyReply } from 'fastify';
 import { EnvironmentService } from '../../../integrations/environment/environment.service';
 import { CheckHostnameDto } from '../dto/check-hostname.dto';
 import { RemoveWorkspaceUserDto } from '../dto/remove-workspace-user.dto';
@ -267,7 +265,7 @@ export class WorkspaceController {
    res.setCookie('authToken', authToken, {
      httpOnly: true,
      path: '/',
-      expires: addDays(new Date(), 30),
+      expires: this.environmentService.getCookieExpiresIn(),
      secure: this.environmentService.isHttps(),
    });
  }
--- a/apps/server/src/integrations/environment/environment.service.ts
+++ b/apps/server/src/integrations/environment/environment.service.ts
@ -1,5 +1,6 @@
 import { Injectable } from '@nestjs/common';
 import { ConfigService } from '@nestjs/config';
+import ms, { StringValue } from 'ms';

@Injectable()
 export class EnvironmentService {
@ -56,7 +57,18 @@ export class EnvironmentService {
  }

  getJwtTokenExpiresIn(): string {
-    return this.configService.get<string>('JWT_TOKEN_EXPIRES_IN', '30d');
+    return this.configService.get<string>('JWT_TOKEN_EXPIRES_IN', '90d');
+  }
+
+  getCookieExpiresIn(): Date {
+    const expiresInStr = this.getJwtTokenExpiresIn();
+    let msUntilExpiry: number;
+    try {
+      msUntilExpiry = ms(expiresInStr as StringValue);
+    } catch (err) {
+      msUntilExpiry = ms('90d');
+    }
+    return new Date(Date.now() + msUntilExpiry);
  }

  getStorageDriver(): string {