fix(auth): unify JWT config — single expiry constant across all consu…#304
Merged
Merged
Conversation
…mers
Introduce JWT_ACCESS_TOKEN_EXPIRES_IN ("15m") in jwt.config.ts and use
it as the default parameter for createJwtConfig. Both AuthModule and
GatewaysModule now import and reference this constant, eliminating the
divergent "15m" / "1h" expiry values and the local JWT_EXPIRES_IN
constant that had been duplicated in AuthModule.
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Introduces JWT_ACCESS_TOKEN_EXPIRES_IN = "15m" as a named export in api/src/config/jwt.config.ts and sets it as the default parameter for createJwtConfig, making it the single source of truth for access-token lifetime
Removes the local JWT_EXPIRES_IN = "15m" constant from AuthModule — it now imports and uses JWT_ACCESS_TOKEN_EXPIRES_IN directly
Fixes GatewaysModule, which was calling createJwtConfig("1h") — it now uses the same JWT_ACCESS_TOKEN_EXPIRES_IN constant, closing the expiry mismatch that could cause tokens issued by auth to be treated inconsistently by the WebSocket gateway
Test plan
GET /auth/login issues a token expiring in 15 min
WebSocket handshake with that token is accepted by StreamsGateway
WebSocket handshake with an expired token is rejected
npm test passes for all gateway and auth specs
No duplicate fallback secrets remain in either module
Closes #205