Merge pull request #33 from hirushaph/development

Development
hirushaph · Mar 15, 2024 · d6acc56 · d6acc56
2 parents 810b109 + 84e55fc
commit d6acc56
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 7 deletions.
diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml
@@ -30,3 +30,5 @@ jobs:
       - run: npm test
         env:
           MONGODB_URL_TEST: ${{ secrets.MONGODB_URL_TEST }}
+          JWT_ACCESS_SECRET: ${{ secrets.JWT_ACCESS_SECRET }}
+          JWT_REFRESH_SECRET: ${{ secrets.JWT_REFRESH_SECRET }}
diff --git a/src/app.js b/src/app.js
@@ -5,6 +5,7 @@ const router = require("./router/route");
 const cookieParser = require("cookie-parser");
 const { default: rateLimit } = require("express-rate-limit");
 const helmet = require("helmet");
+const { MAX_API_REQUEST_PER_IP_FOR_MINUTE } = require("./config");
 
 require("dotenv").config();
 
@@ -16,7 +17,7 @@ app.use(helmet());
 // Rate limit
 const limiter = rateLimit({
   windowMs: 1 * 60 * 1000, //1 min
-  max: process.env.MAX_API_REQUEST_PER_IP_FOR_MINUTE || 100,
+  max: MAX_API_REQUEST_PER_IP_FOR_MINUTE || 100,
 });
 
 // Middlewares

diff --git a/src/config.js b/src/config.js
@@ -0,0 +1,9 @@
+const ACCESS_TOKEN_EXPIRE_TIME = "30m";
+const REFRESH_TOKEN_EXPIRE_TIME = "10d";
+const MAX_API_REQUEST_PER_IP_FOR_MINUTE = 100;
+
+module.exports = {
+  ACCESS_TOKEN_EXPIRE_TIME,
+  REFRESH_TOKEN_EXPIRE_TIME,
+  MAX_API_REQUEST_PER_IP_FOR_MINUTE,
+};
diff --git a/src/controllers/authController.js b/src/controllers/authController.js
@@ -12,6 +12,7 @@ const {
   convertToMilliseconds,
 } = require("../utils/helpers");
 const { sendEmail, emailBodyGenerate } = require("../utils/emai");
+const { REFRESH_TOKEN_EXPIRE_TIME } = require("../config");
 
 // bcrypt salt rounds
 const saltRounds = 10;
@@ -80,9 +81,7 @@ async function registerUser(req, res) {
             httpOnly: true, // only accessible by web server
             secure: false, // https
             sameSite: "lax", //cross-site cookie
-            maxAge: convertToMilliseconds(
-              process.env.REFRESH_TOKEN_EXPIRE_TIME
-            ), // expiry time
+            maxAge: convertToMilliseconds(REFRESH_TOKEN_EXPIRE_TIME), // expiry time
           };
 
           if (status === "production") {
@@ -132,7 +131,7 @@ async function login(req, res) {
         httpOnly: true, // only accessible by web server
         secure: false, // https
         sameSite: "lax", //cross-site cookie
-        maxAge: convertToMilliseconds(process.env.REFRESH_TOKEN_EXPIRE_TIME), // expiry time
+        maxAge: convertToMilliseconds(REFRESH_TOKEN_EXPIRE_TIME), // expiry time
       };
 
       if (status === "production") {

diff --git a/src/utils/helpers.js b/src/utils/helpers.js
@@ -1,15 +1,19 @@
 const jwt = require("jsonwebtoken");
+const {
+  REFRESH_TOKEN_EXPIRE_TIME,
+  ACCESS_TOKEN_EXPIRE_TIME,
+} = require("../config");
 
 function createToken(data) {
   const token = jwt.sign(data, process.env.JWT_ACCESS_SECRET, {
-    expiresIn: process.env.ACCESS_TOKEN_EXPIRE_TIME,
+    expiresIn: ACCESS_TOKEN_EXPIRE_TIME,
   });
   return token;
 }
 
 function createRefreshToken(data) {
   const token = jwt.sign(data, process.env.JWT_REFRESH_SECRET, {
-    expiresIn: process.env.REFRESH_TOKEN_EXPIRE_TIME,
+    expiresIn: REFRESH_TOKEN_EXPIRE_TIME,
   });
   return token;
 }