feat: Improve security of access tokens (#279)

Closes #275
2025-07-21 14:19:44 +02:00 · 2022-08-09 18:03:21 +02:00 · 2022-08-09 18:03:21 +02:00 · 7786533a90
commit 7786533a90
parent dab38cbc18
40 changed files with 273 additions and 133 deletions
--- a/server/api/helpers/utils/create-token.js
+++ b/server/api/helpers/utils/create-token.js
@ -0,0 +1,29 @@
+const jwt = require('jsonwebtoken');
+
+module.exports = {
+  sync: true,
+
+  inputs: {
+    subject: {
+      type: 'json',
+      required: true,
+    },
+    issuedAt: {
+      type: 'ref',
+    },
+  },
+
+  fn(inputs) {
+    const { issuedAt = new Date() } = inputs;
+    const iat = Math.floor(issuedAt / 1000);
+
+    return jwt.sign(
+      {
+        iat,
+        sub: inputs.subject,
+        exp: iat + sails.config.custom.tokenExpiresIn * 24 * 60 * 60,
+      },
+      sails.config.session.secret,
+    );
+  },
+};