fix: verify token expired (#2)

* fix: verify token expired * debug condition * debug * debug * debug * fix typo * fix condition * debug --------- Co-authored-by: Andrea Cecchi <andrea.cecchi85@gmail.com>
RedTurtle · Feb 5, 2024 · 3b3d26e · 3b3d26e
1 parent f87505d
commit 3b3d26e
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/src/index.js b/src/index.js
@@ -40,9 +40,19 @@ const applyConfig = (config) => {
         }
         if (token && settings?.userHeaderName) {
           const user = req.get(settings.userHeaderName);
-          if (user && jwtDecode(token).sub !== user) {
+          // require auth if:
+          // - header user is different from token user
+          // - token has no expiration
+          // - token is expired
+          console.log("USER: ", user);
+          console.log("TOKEN: ", jwtDecode(token));
+          console.log("TOKEN SCADUTO: ", jwtDecode(token).exp < Date.now() / 1000);
+          console.log("CONDIZIONE: ", ((user && jwtDecode(token).sub !== user) || !jwtDecode(token).exp || jwtDecode(token).exp < Date.now() / 1000));
+          if ((user && jwtDecode(token).sub !== user) || !jwtDecode(token).exp || jwtDecode(token).exp < Date.now() / 1000){
+            // TODO: eventually add base_url to a relative settings.loginUrl
             return res.redirect(`${settings.loginUrl}?came_from=${req.url}`);
           }
+
         }
       }
       return next();