fix: use config value for tokenRenewal expiration (#2042)

* fix: tokenRenewal seems to be hard coded #1540
5 years ago · 0e6340f51e
parent 330c90229e
commit 0e6340f51e
1 changed files with 3 additions and 1 deletions
--- a/server/core/auth.js
+++ b/server/core/auth.js
@ -2,6 +2,7 @@ const passport = require('passport')
 const passportJWT = require('passport-jwt')
 const _ = require('lodash')
 const jwt = require('jsonwebtoken')
+const ms = require('ms')
 const moment = require('moment')
 const Promise = require('bluebird')
 const crypto = Promise.promisifyAll(require('crypto'))
@ -112,7 +113,8 @@ module.exports = {
      if (err) { return next() }

      // Expired but still valid within N days, just renew
-      if (info instanceof Error && info.name === 'TokenExpiredError' && moment().subtract(14, 'days').isBefore(info.expiredAt)) {
+      if (info instanceof Error && info.name === 'TokenExpiredError' &&
+        moment().subtract(ms(WIKI.config.auth.tokenRenewal), 'ms').isBefore(info.expiredAt)) {
        const jwtPayload = jwt.decode(securityHelper.extractJWT(req))
        try {
          const newToken = await WIKI.models.users.refreshToken(jwtPayload.id)