JWT processing fixed

gadget-code/src/services/session.ts

@@ -16,6 +16,7 @@ import { WebVisit } from "../models/web-visit.js";
 
 import UserService from "../services/user.js";
 import { DtpService } from "../lib/service.js";
+import { PopulateOptions } from "mongoose";
 
 export enum SessionType {
   WEB = "web",
@@ -30,6 +31,13 @@ interface UserWebToken {
 }
 
 class SessionService extends DtpService {
+  private populateWebToken: PopulateOptions[] = [
+    {
+      path: "user",
+      select: "-passwordSalt -password",
+    },
+  ];
+
   get name(): string {
     return "SessionService";
   }
@@ -48,13 +56,13 @@ class SessionService extends DtpService {
     webToken.user = user._id;
 
     const payload: UserWebToken = {
-      _id: user._id.toString(),
+      _id: user._id,
       email: user.email,
       displayName: user.displayName,
       webToken: webToken._id,
     };
     const token = jwt.sign(payload, env.auth.jwtSecret, {
-      expiresIn: "1h",
+      expiresIn: "24h",
     });
 
     webToken.token = token;
@@ -69,13 +77,16 @@ class SessionService extends DtpService {
       const payload = jwt.verify(token, env.auth.jwtSecret) as UserWebToken;
       const userId = payload._id;
 
-      const webToken = await WebToken.findOne({ _id: payload.webToken });
+      const webToken = await WebToken.findOne({
+        _id: payload.webToken,
+      }).populate(this.populateWebToken);
       if (!webToken) {
         const error = new Error("Invalid JSON Web Token");
         error.name = "InvalidToken";
         error.statusCode = 401;
         throw error;
       }
+
       if (webToken.expires < NOW) {
         await WebToken.deleteOne({ _id: webToken._id });
         const error = new Error("JSON Web Token has expired");