Merge pull request #155 from authorizerdev/fix/gateway-based-setup

fix: setting the cookie for proxy setup
2022-03-30 11:51:20 +05:30 · 2022-03-30 11:50:22 +05:30 · 2022-03-26 07:00:01 +05:30 · 2022-03-25 20:29:00 +05:30 · 2022-03-25 18:57:53 +05:30 · 2022-03-25 16:13:46 +03:00
25 changed files with 210 additions and 37 deletions
--- a/README.md
+++ b/README.md
@@ -26,18 +26,16 @@
 - ✅ Sign-in / Sign-up with email ID and password
 - ✅ Secure session management
 - ✅ Email verification
+- ✅ OAuth2 and OpenID compatible APIs
 - ✅ APIs to update profile securely
 - ✅ Forgot password flow using email
 - ✅ Social logins (Google, Github, Facebook, more coming soon)
 - ✅ Role-based access management
- ✅ Password-less login with email and magic link
+- ✅ Password-less login with magic link login

 ## Roadmap

- Support more JWT encryption algorithms (Currently supporting HS256)
 - 2 Factor authentication
- Back office (Admin dashboard to manage user)
- Support more database
 - VueJS SDK
 - Svelte SDK
 - React Native SDK
--- a/app/package-lock.json
+++ b/app/package-lock.json
@@ -9,7 +9,7 @@
 			"version": "1.0.0",
 			"license": "ISC",
 			"dependencies": {
-				"@authorizerdev/authorizer-react": "latest",
+				"@authorizerdev/authorizer-react": "^0.17.0",
 				"@types/react": "^17.0.15",
 				"@types/react-dom": "^17.0.9",
 				"esbuild": "^0.12.17",
@@ -24,9 +24,9 @@
 			}
 		},
 		"node_modules/@authorizerdev/authorizer-js": {
-			"version": "0.6.0",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-0.6.0.tgz",
-			"integrity": "sha512-WbqeUmhQwLNlvk4ZYTptlbAIINh7aZPyTCVA/B0FE3EoPtx1tNOtkPtJOycrn0H0HyueeXQnBSCDxkvPAP65Bw==",
+			"version": "0.10.0",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-0.10.0.tgz",
+			"integrity": "sha512-REM8FLD/Ej9gzA2zDGDAke6QFss33ubePlTDmLDmIYUuQmpHFlO5mCCS6nVsKkN7F/Bcwkmp+eUNQjkdGCaKLg==",
 			"dependencies": {
 				"node-fetch": "^2.6.1"
 			},
@@ -35,11 +35,11 @@
 			}
 		},
 		"node_modules/@authorizerdev/authorizer-react": {
-			"version": "0.11.0",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-0.11.0.tgz",
-			"integrity": "sha512-VzSZvEB/t6N2ESn4O8c/+2hPUO7L4Iux8IBzXKrobKkoqRyb+u5TPZn0UWCOaoxIdiiZY+1Yq2A/H6q9LAqLGw==",
+			"version": "0.17.0",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-0.17.0.tgz",
+			"integrity": "sha512-7WcNCU7hDFkVfFb8LcJXFwWiLYd8aY78z1AbNPxCa2Cw5G85PaRkzjKybP6h01ITVOHO6M03lLwPj8p6Sr6fEg==",
 			"dependencies": {
-				"@authorizerdev/authorizer-js": "^0.6.0",
+				"@authorizerdev/authorizer-js": "^0.10.0",
 				"final-form": "^4.20.2",
 				"react-final-form": "^6.5.3",
 				"styled-components": "^5.3.0"
@@ -829,19 +829,19 @@
 	},
 	"dependencies": {
 		"@authorizerdev/authorizer-js": {
-			"version": "0.6.0",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-0.6.0.tgz",
-			"integrity": "sha512-WbqeUmhQwLNlvk4ZYTptlbAIINh7aZPyTCVA/B0FE3EoPtx1tNOtkPtJOycrn0H0HyueeXQnBSCDxkvPAP65Bw==",
+			"version": "0.10.0",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-0.10.0.tgz",
+			"integrity": "sha512-REM8FLD/Ej9gzA2zDGDAke6QFss33ubePlTDmLDmIYUuQmpHFlO5mCCS6nVsKkN7F/Bcwkmp+eUNQjkdGCaKLg==",
 			"requires": {
 				"node-fetch": "^2.6.1"
 			}
 		},
 		"@authorizerdev/authorizer-react": {
-			"version": "0.11.0",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-0.11.0.tgz",
-			"integrity": "sha512-VzSZvEB/t6N2ESn4O8c/+2hPUO7L4Iux8IBzXKrobKkoqRyb+u5TPZn0UWCOaoxIdiiZY+1Yq2A/H6q9LAqLGw==",
+			"version": "0.17.0",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-0.17.0.tgz",
+			"integrity": "sha512-7WcNCU7hDFkVfFb8LcJXFwWiLYd8aY78z1AbNPxCa2Cw5G85PaRkzjKybP6h01ITVOHO6M03lLwPj8p6Sr6fEg==",
 			"requires": {
-				"@authorizerdev/authorizer-js": "^0.6.0",
+				"@authorizerdev/authorizer-js": "^0.10.0",
 				"final-form": "^4.20.2",
 				"react-final-form": "^6.5.3",
 				"styled-components": "^5.3.0"
--- a/app/package.json
+++ b/app/package.json
@@ -11,7 +11,7 @@
 	"author": "Lakhan Samani",
 	"license": "ISC",
 	"dependencies": {
-		"@authorizerdev/authorizer-react": "latest",
+		"@authorizerdev/authorizer-react": "^0.17.0",
 		"@types/react": "^17.0.15",
 		"@types/react-dom": "^17.0.9",
 		"esbuild": "^0.12.17",
--- a/dashboard/src/App.tsx
+++ b/dashboard/src/App.tsx
@@ -10,6 +10,9 @@ const queryClient = createClient({
 	fetchOptions: () => {
 		return {
 			credentials: 'include',
+			headers: {
+				'x-authorizer-url': window.location.origin,
+			},
 		};
 	},
 	requestPolicy: 'network-only',
--- a/dashboard/src/constants.ts
+++ b/dashboard/src/constants.ts
@@ -2,6 +2,7 @@ export const LOGO_URL =
 	'https://user-images.githubusercontent.com/6964334/147834043-fc384cab-e7ca-40f8-9663-38fc25fd5f3a.png';

 export const TextInputType = {
+	ACCESS_TOKEN_EXPIRY_TIME: 'ACCESS_TOKEN_EXPIRY_TIME',
 	CLIENT_ID: 'CLIENT_ID',
 	GOOGLE_CLIENT_ID: 'GOOGLE_CLIENT_ID',
 	GITHUB_CLIENT_ID: 'GITHUB_CLIENT_ID',
@@ -125,4 +126,5 @@ export interface envVarTypes {
 	DATABASE_NAME: string;
 	DATABASE_TYPE: string;
 	DATABASE_URL: string;
+	ACCESS_TOKEN_EXPIRY_TIME: string;
 }
--- a/dashboard/src/graphql/queries/index.ts
+++ b/dashboard/src/graphql/queries/index.ts
@@ -53,6 +53,7 @@ export const EnvVariablesQuery = `
      DATABASE_NAME,
      DATABASE_TYPE,
      DATABASE_URL,
+      ACCESS_TOKEN_EXPIRY_TIME,
    }
  }
 `;
--- a/dashboard/src/pages/Environment.tsx
+++ b/dashboard/src/pages/Environment.tsx
@@ -85,6 +85,7 @@ export default function Environment() {
 		DATABASE_NAME: '',
 		DATABASE_TYPE: '',
 		DATABASE_URL: '',
+		ACCESS_TOKEN_EXPIRY_TIME: '',
 	});

 	const [fieldVisibility, setFieldVisibility] = React.useState<
@@ -600,11 +601,28 @@ export default function Environment() {
 			</Stack>
 			<Divider marginTop="2%" marginBottom="2%" />
 			<Text fontSize="md" paddingTop="2%" fontWeight="bold">
-				Custom Access Token Scripts
+				Access Token
 			</Text>
 			<Stack spacing={6} padding="2% 0%">
 				<Flex>
-					<Center w="100%">
+					<Flex w="30%" justifyContent="start" alignItems="center">
+						<Text fontSize="sm">Access Token Expiry Time:</Text>
+					</Flex>
+					<Flex w="70%">
+						<InputField
+							variables={envVariables}
+							setVariables={setEnvVariables}
+							inputType={TextInputType.ACCESS_TOKEN_EXPIRY_TIME}
+							placeholder="0h15m0s"
+						/>
+					</Flex>
+				</Flex>
+				<Flex>
+					<Flex w="30%" justifyContent="start" direction="column">
+						<Text fontSize="sm">Custom Scripts:</Text>
+						<Text fontSize="sm">Used to add custom fields in ID token</Text>
+					</Flex>
+					<Flex w="70%">
 						<InputField
 							variables={envVariables}
 							setVariables={setEnvVariables}
@@ -612,7 +630,7 @@ export default function Environment() {
 							placeholder="Add script here"
 							minH="25vh"
 						/>
-					</Center>
+					</Flex>
 				</Flex>
 			</Stack>
 			<Divider marginTop="2%" marginBottom="2%" />
--- a/server/constants/env.go
+++ b/server/constants/env.go
@@ -16,11 +16,12 @@ const (
 	// EnvKeyEnvPath key for cli arg variable ENV_PATH
 	EnvKeyEnvPath = "ENV_PATH"
 	// EnvKeyAuthorizerURL key for env variable AUTHORIZER_URL
-	// TODO: remove support AUTHORIZER_URL env
 	EnvKeyAuthorizerURL = "AUTHORIZER_URL"
 	// EnvKeyPort key for env variable PORT
 	EnvKeyPort = "PORT"

+	// EnvKeyAccessTokenExpiryTime key for env variable ACCESS_TOKEN_EXPIRY_TIME
+	EnvKeyAccessTokenExpiryTime = "ACCESS_TOKEN_EXPIRY_TIME"
 	// EnvKeyAdminSecret key for env variable ADMIN_SECRET
 	EnvKeyAdminSecret = "ADMIN_SECRET"
 	// EnvKeyDatabaseType key for env variable DATABASE_TYPE
--- a/server/env/env.go
+++ b/server/env/env.go
@@ -113,6 +113,10 @@ func InitAllEnv() error {
 		envData.StringEnv[constants.EnvKeyAppURL] = os.Getenv(constants.EnvKeyAppURL)
 	}

+	if envData.StringEnv[constants.EnvKeyAuthorizerURL] == "" {
+		envData.StringEnv[constants.EnvKeyAuthorizerURL] = os.Getenv(constants.EnvKeyAuthorizerURL)
+	}
+
 	if envData.StringEnv[constants.EnvKeyPort] == "" {
 		envData.StringEnv[constants.EnvKeyPort] = os.Getenv(constants.EnvKeyPort)
 		if envData.StringEnv[constants.EnvKeyPort] == "" {
@@ -120,6 +124,13 @@ func InitAllEnv() error {
 		}
 	}

+	if envData.StringEnv[constants.EnvKeyAccessTokenExpiryTime] == "" {
+		envData.StringEnv[constants.EnvKeyAccessTokenExpiryTime] = os.Getenv(constants.EnvKeyAccessTokenExpiryTime)
+		if envData.StringEnv[constants.EnvKeyAccessTokenExpiryTime] == "" {
+			envData.StringEnv[constants.EnvKeyAccessTokenExpiryTime] = "30m"
+		}
+	}
+
 	if envData.StringEnv[constants.EnvKeyAdminSecret] == "" {
 		envData.StringEnv[constants.EnvKeyAdminSecret] = os.Getenv(constants.EnvKeyAdminSecret)
 	}
--- a/server/env/persist_env.go
+++ b/server/env/persist_env.go
@@ -165,6 +165,7 @@ func PersistEnv() error {
 				hasChanged = true
 			}
 		}
+
 		envstore.EnvStoreObj.UpdateEnvStore(storeData)
 		jwk, err := crypto.GenerateJWKBasedOnEnv()
 		if err != nil {
--- a/server/graph/generated/generated.go
+++ b/server/graph/generated/generated.go
@@ -53,6 +53,7 @@ type ComplexityRoot struct {
 	}

 	Env struct {
+		AccessTokenExpiryTime      func(childComplexity int) int
 		AdminSecret                func(childComplexity int) int
 		AllowedOrigins             func(childComplexity int) int
 		AppURL                     func(childComplexity int) int
@@ -299,6 +300,13 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in

 		return e.complexity.AuthResponse.User(childComplexity), true

+	case "Env.ACCESS_TOKEN_EXPIRY_TIME":
+		if e.complexity.Env.AccessTokenExpiryTime == nil {
+			break
+		}
+
+		return e.complexity.Env.AccessTokenExpiryTime(childComplexity), true
+
 	case "Env.ADMIN_SECRET":
 		if e.complexity.Env.AdminSecret == nil {
 			break
@@ -1381,6 +1389,7 @@ type Response {
 }

 type Env {
+	ACCESS_TOKEN_EXPIRY_TIME: String
 	ADMIN_SECRET: String
 	DATABASE_NAME: String!
 	DATABASE_URL: String!
@@ -1432,6 +1441,7 @@ type GenerateJWTKeysResponse {
 }

 input UpdateEnvInput {
+	ACCESS_TOKEN_EXPIRY_TIME: String
 	ADMIN_SECRET: String
 	CUSTOM_ACCESS_TOKEN_SCRIPT: String
 	OLD_ADMIN_SECRET: String
@@ -2221,6 +2231,38 @@ func (ec *executionContext) _AuthResponse_user(ctx context.Context, field graphq
 	return ec.marshalOUser2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋserverᚋgraphᚋmodelᚐUser(ctx, field.Selections, res)
 }

+func (ec *executionContext) _Env_ACCESS_TOKEN_EXPIRY_TIME(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
+	defer func() {
+		if r := recover(); r != nil {
+			ec.Error(ctx, ec.Recover(ctx, r))
+			ret = graphql.Null
+		}
+	}()
+	fc := &graphql.FieldContext{
+		Object:     "Env",
+		Field:      field,
+		Args:       nil,
+		IsMethod:   false,
+		IsResolver: false,
+	}
+
+	ctx = graphql.WithFieldContext(ctx, fc)
+	resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) {
+		ctx = rctx // use context from middleware stack in children
+		return obj.AccessTokenExpiryTime, nil
+	})
+	if err != nil {
+		ec.Error(ctx, err)
+		return graphql.Null
+	}
+	if resTmp == nil {
+		return graphql.Null
+	}
+	res := resTmp.(*string)
+	fc.Result = res
+	return ec.marshalOString2ᚖstring(ctx, field.Selections, res)
+}
+
 func (ec *executionContext) _Env_ADMIN_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
 	defer func() {
 		if r := recover(); r != nil {
@@ -8093,6 +8135,14 @@ func (ec *executionContext) unmarshalInputUpdateEnvInput(ctx context.Context, ob

 	for k, v := range asMap {
 		switch k {
+		case "ACCESS_TOKEN_EXPIRY_TIME":
+			var err error
+
+			ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ACCESS_TOKEN_EXPIRY_TIME"))
+			it.AccessTokenExpiryTime, err = ec.unmarshalOString2ᚖstring(ctx, v)
+			if err != nil {
+				return it, err
+			}
 		case "ADMIN_SECRET":
 			var err error

@@ -8711,6 +8761,8 @@ func (ec *executionContext) _Env(ctx context.Context, sel ast.SelectionSet, obj
 		switch field.Name {
 		case "__typename":
 			out.Values[i] = graphql.MarshalString("Env")
+		case "ACCESS_TOKEN_EXPIRY_TIME":
+			out.Values[i] = ec._Env_ACCESS_TOKEN_EXPIRY_TIME(ctx, field, obj)
 		case "ADMIN_SECRET":
 			out.Values[i] = ec._Env_ADMIN_SECRET(ctx, field, obj)
 		case "DATABASE_NAME":
--- a/server/graph/model/models_gen.go
+++ b/server/graph/model/models_gen.go
@@ -24,6 +24,7 @@ type DeleteUserInput struct {
 }

 type Env struct {
+	AccessTokenExpiryTime      *string  `json:"ACCESS_TOKEN_EXPIRY_TIME"`
 	AdminSecret                *string  `json:"ADMIN_SECRET"`
 	DatabaseName               string   `json:"DATABASE_NAME"`
 	DatabaseURL                string   `json:"DATABASE_URL"`
@@ -179,6 +180,7 @@ type UpdateAccessInput struct {
 }

 type UpdateEnvInput struct {
+	AccessTokenExpiryTime      *string  `json:"ACCESS_TOKEN_EXPIRY_TIME"`
 	AdminSecret                *string  `json:"ADMIN_SECRET"`
 	CustomAccessTokenScript    *string  `json:"CUSTOM_ACCESS_TOKEN_SCRIPT"`
 	OldAdminSecret             *string  `json:"OLD_ADMIN_SECRET"`
--- a/server/graph/schema.graphqls
+++ b/server/graph/schema.graphqls
@@ -87,6 +87,7 @@ type Response {
 }

 type Env {
+	ACCESS_TOKEN_EXPIRY_TIME: String
 	ADMIN_SECRET: String
 	DATABASE_NAME: String!
 	DATABASE_URL: String!
@@ -138,6 +139,7 @@ type GenerateJWTKeysResponse {
 }

 input UpdateEnvInput {
+	ACCESS_TOKEN_EXPIRY_TIME: String
 	ADMIN_SECRET: String
 	CUSTOM_ACCESS_TOKEN_SCRIPT: String
 	OLD_ADMIN_SECRET: String
--- a/server/handlers/authorize.go
+++ b/server/handlers/authorize.go
@@ -1,10 +1,10 @@
 package handlers

 import (
-	"fmt"
 	"net/http"
 	"strconv"
 	"strings"
+	"time"

 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/cookie"
@@ -51,8 +51,6 @@ func AuthorizeHandler() gin.HandlerFunc {
 			gc.JSON(400, gin.H{"error": "invalid response mode"})
 		}

-		fmt.Println("=> redirect URI:", redirectURI)
-		fmt.Println("=> state:", state)
 		if redirectURI == "" {
 			redirectURI = "/app"
 		}
@@ -279,7 +277,11 @@ func AuthorizeHandler() gin.HandlerFunc {
 			sessionstore.SetState(authToken.FingerPrintHash, authToken.FingerPrint+"@"+user.ID)
 			sessionstore.SetState(authToken.AccessToken.Token, authToken.FingerPrint+"@"+user.ID)
 			cookie.SetSession(gc, authToken.FingerPrintHash)
-			expiresIn := int64(1800)
+
+			expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
+			if expiresIn <= 0 {
+				expiresIn = 1
+			}

 			// used of query mode
 			params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token
--- a/server/handlers/oauth_callback.go
+++ b/server/handlers/oauth_callback.go
@@ -157,7 +157,12 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 		if err != nil {
 			c.JSON(500, gin.H{"error": err.Error()})
 		}
-		expiresIn := int64(1800)
+
+		expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
+		if expiresIn <= 0 {
+			expiresIn = 1
+		}
+
 		params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + stateValue + "&id_token=" + authToken.IDToken.Token

 		cookie.SetSession(c, authToken.FingerPrintHash)
--- a/server/handlers/token.go
+++ b/server/handlers/token.go
@@ -5,6 +5,7 @@ import (
 	"encoding/base64"
 	"net/http"
 	"strings"
+	"time"

 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/cookie"
@@ -174,7 +175,11 @@ func TokenHandler() gin.HandlerFunc {
 		sessionstore.SetState(authToken.AccessToken.Token, authToken.FingerPrint+"@"+user.ID)
 		cookie.SetSession(gc, authToken.FingerPrintHash)

-		expiresIn := int64(1800)
+		expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
+		if expiresIn <= 0 {
+			expiresIn = 1
+		}
+
 		res := map[string]interface{}{
 			"access_token": authToken.AccessToken.Token,
 			"id_token":     authToken.IDToken.Token,
--- a/server/handlers/verify_email.go
+++ b/server/handlers/verify_email.go
@@ -82,7 +82,12 @@ func VerifyEmailHandler() gin.HandlerFunc {
 			c.JSON(500, errorRes)
 			return
 		}
-		expiresIn := int64(1800)
+
+		expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
+		if expiresIn <= 0 {
+			expiresIn = 1
+		}
+
 		params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token

 		cookie.SetSession(c, authToken.FingerPrintHash)
--- a/server/resolvers/env.go
+++ b/server/resolvers/env.go
@@ -27,6 +27,7 @@ func EnvResolver(ctx context.Context) (*model.Env, error) {

 	// get clone of store
 	store := envstore.EnvStoreObj.GetEnvStoreClone()
+	accessTokenExpiryTime := store.StringEnv[constants.EnvKeyAccessTokenExpiryTime]
 	adminSecret := store.StringEnv[constants.EnvKeyAdminSecret]
 	clientID := store.StringEnv[constants.EnvKeyClientID]
 	clientSecret := store.StringEnv[constants.EnvKeyClientSecret]
@@ -66,7 +67,12 @@ func EnvResolver(ctx context.Context) (*model.Env, error) {
 	organizationName := store.StringEnv[constants.EnvKeyOrganizationName]
 	organizationLogo := store.StringEnv[constants.EnvKeyOrganizationLogo]

+	if accessTokenExpiryTime == "" {
+		accessTokenExpiryTime = "30m"
+	}
+
 	res = &model.Env{
+		AccessTokenExpiryTime:      &accessTokenExpiryTime,
 		AdminSecret:                &adminSecret,
 		DatabaseName:               databaseName,
 		DatabaseURL:                databaseURL,
--- a/server/resolvers/login.go
+++ b/server/resolvers/login.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"log"
 	"strings"
+	"time"

 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/cookie"
@@ -73,7 +74,11 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
 		return res, err
 	}

-	expiresIn := int64(1800)
+	expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
+	if expiresIn <= 0 {
+		expiresIn = 1
+	}
+
 	res = &model.AuthResponse{
 		Message:     `Logged in successfully`,
 		AccessToken: &authToken.AccessToken.Token,
--- a/server/resolvers/session.go
+++ b/server/resolvers/session.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"log"
+	"time"

 	"github.com/authorizerdev/authorizer/server/cookie"
 	"github.com/authorizerdev/authorizer/server/db"
@@ -73,7 +74,11 @@ func SessionResolver(ctx context.Context, params *model.SessionQueryInput) (*mod
 	sessionstore.SetState(authToken.AccessToken.Token, authToken.FingerPrint+"@"+user.ID)
 	cookie.SetSession(gc, authToken.FingerPrintHash)

-	expiresIn := int64(1800)
+	expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
+	if expiresIn <= 0 {
+		expiresIn = 1
+	}
+
 	res = &model.AuthResponse{
 		Message:     `Session token refreshed`,
 		AccessToken: &authToken.AccessToken.Token,
--- a/server/resolvers/signup.go
+++ b/server/resolvers/signup.go
@@ -176,7 +176,10 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
 		cookie.SetSession(gc, authToken.FingerPrintHash)
 		go utils.SaveSessionInDB(gc, user.ID)

-		expiresIn := int64(1800)
+		expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
+		if expiresIn <= 0 {
+			expiresIn = 1
+		}

 		res = &model.AuthResponse{
 			Message:     `Signed up successfully.`,
--- a/server/resolvers/verify_email.go
+++ b/server/resolvers/verify_email.go
@@ -64,7 +64,11 @@ func VerifyEmailResolver(ctx context.Context, params model.VerifyEmailInput) (*m
 	cookie.SetSession(gc, authToken.FingerPrintHash)
 	go utils.SaveSessionInDB(gc, user.ID)

-	expiresIn := int64(1800)
+	expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
+	if expiresIn <= 0 {
+		expiresIn = 1
+	}
+
 	res = &model.AuthResponse{
 		Message:     `Email verified successfully.`,
 		AccessToken: &authToken.AccessToken.Token,
--- a/server/token/auth_token.go
+++ b/server/token/auth_token.go
@@ -130,7 +130,11 @@ func CreateRefreshToken(user models.User, roles, scopes []string, hostname, nonc
 // CreateAccessToken util to create JWT token, based on
 // user information, roles config and CUSTOM_ACCESS_TOKEN_SCRIPT
 func CreateAccessToken(user models.User, roles, scopes []string, hostName, nonce string) (string, int64, error) {
-	expiryBound := time.Minute * 30
+	expiryBound, err := utils.ParseDurationInSeconds(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAccessTokenExpiryTime))
+	if err != nil {
+		expiryBound = time.Minute * 30
+	}
+
 	expiresAt := time.Now().Add(expiryBound).Unix()

 	customClaims := jwt.MapClaims{
@@ -282,7 +286,11 @@ func ValidateBrowserSession(gc *gin.Context, encryptedSession string) (*SessionD
 // CreateIDToken util to create JWT token, based on
 // user information, roles config and CUSTOM_ACCESS_TOKEN_SCRIPT
 func CreateIDToken(user models.User, roles []string, hostname, nonce string) (string, int64, error) {
-	expiryBound := time.Minute * 30
+	expiryBound, err := utils.ParseDurationInSeconds(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAccessTokenExpiryTime))
+	if err != nil {
+		expiryBound = time.Minute * 30
+	}
+
 	expiresAt := time.Now().Add(expiryBound).Unix()

 	resUser := user.AsAPIUser()
--- a/server/utils/parser.go
+++ b/server/utils/parser.go
@@ -0,0 +1,21 @@
+package utils
+
+import (
+	"errors"
+	"time"
+)
+
+// ParseDurationInSeconds parses input s, removes ms/us/ns and returns result duration
+func ParseDurationInSeconds(s string) (time.Duration, error) {
+	d, err := time.ParseDuration(s)
+	if err != nil {
+		return 0, err
+	}
+
+	d = d.Truncate(time.Second)
+	if d <= 0 {
+		return 0, errors.New(`duration must be greater than 0s`)
+	}
+
+	return d, nil
+}
--- a/server/utils/urls.go
+++ b/server/utils/urls.go
@@ -10,7 +10,20 @@ import (
 )

 // GetHost returns hostname from request context
+// if X-Authorizer-URL header is set it is given highest priority
+// if EnvKeyAuthorizerURL is set it is given second highest priority.
+// if above 2 are not set the requesting host name is used
 func GetHost(c *gin.Context) string {
+	authorizerURL := c.Request.Header.Get("X-Authorizer-URL")
+	if authorizerURL != "" {
+		return authorizerURL
+	}
+
+	authorizerURL = envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAuthorizerURL)
+	if authorizerURL != "" {
+		return authorizerURL
+	}
+
 	scheme := c.Request.Header.Get("X-Forwarded-Proto")
 	if scheme != "https" {
 		scheme = "http"
Author	SHA1	Message	Date
Lakhan Samani	39947f1753	Merge pull request #155 from authorizerdev/fix/gateway-based-setup fix: setting the cookie for proxy setup	2022-03-30 11:51:20 +05:30
Lakhan Samani	4fa9f79c3f	fix: setting the cookie for proxy setup	2022-03-30 11:50:22 +05:30
Lakhan Samani	fe73c2f6f8	Update README.md	2022-03-26 07:00:01 +05:30
Lakhan Samani	4a3e3633ea	fix: default access token expiry time	2022-03-25 20:29:00 +05:30
Lakhan Samani	dbbe36f6b5	Merge pull request #154 from MedvedewEM/enhancement/access_token_expiry_time enhancement: add access_token_expiry_time env variable	2022-03-25 18:57:53 +05:30
egor.medvedev	819dd57377	Merge branch 'authorizerdev/authorizer:main' into main	2022-03-25 16:13:46 +03:00
egor.medvedev	044b025ba2	enhancement: add access_token_expiry_time env variable	2022-03-25 15:21:20 +03:00