From f353c2153a8ebae25301c1a6e122105b9ab2977e Mon Sep 17 00:00:00 2001 From: Rob Colbert Date: Fri, 1 May 2026 16:43:56 -0400 Subject: [PATCH] JWT processing fixed --- gadget-code/src/services/session.ts | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/gadget-code/src/services/session.ts b/gadget-code/src/services/session.ts index bb042a2..3153806 100644 --- a/gadget-code/src/services/session.ts +++ b/gadget-code/src/services/session.ts @@ -16,6 +16,7 @@ import { WebVisit } from "../models/web-visit.js"; import UserService from "../services/user.js"; import { DtpService } from "../lib/service.js"; +import { PopulateOptions } from "mongoose"; export enum SessionType { WEB = "web", @@ -30,6 +31,13 @@ interface UserWebToken { } class SessionService extends DtpService { + private populateWebToken: PopulateOptions[] = [ + { + path: "user", + select: "-passwordSalt -password", + }, + ]; + get name(): string { return "SessionService"; } @@ -48,13 +56,13 @@ class SessionService extends DtpService { webToken.user = user._id; const payload: UserWebToken = { - _id: user._id.toString(), + _id: user._id, email: user.email, displayName: user.displayName, webToken: webToken._id, }; const token = jwt.sign(payload, env.auth.jwtSecret, { - expiresIn: "1h", + expiresIn: "24h", }); webToken.token = token; @@ -69,13 +77,16 @@ class SessionService extends DtpService { const payload = jwt.verify(token, env.auth.jwtSecret) as UserWebToken; const userId = payload._id; - const webToken = await WebToken.findOne({ _id: payload.webToken }); + const webToken = await WebToken.findOne({ + _id: payload.webToken, + }).populate(this.populateWebToken); if (!webToken) { const error = new Error("Invalid JSON Web Token"); error.name = "InvalidToken"; error.statusCode = 401; throw error; } + if (webToken.expires < NOW) { await WebToken.deleteOne({ _id: webToken._id }); const error = new Error("JSON Web Token has expired");