fix: verify token expired

RedTurtle · Feb 1, 2024 · 4c73da9 · 4c73da9
1 parent bc475fc
commit 4c73da9
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/src/index.js b/src/index.js
@@ -40,9 +40,15 @@ const applyConfig = (config) => {
         }
         if (token && settings?.userHeaderName) {
           const user = req.get(settings.userHeaderName);
-          if (user && jwtDecode(token).sub !== user) {
+          // require auth if:
+          // - header user is different from token user
+          // - token has no expiration
+          // - token is expired
+          if (jwtDecode(token).sub !== user || !jwtDecode(token).exp || jwtDecode(token).exp < Date.now() / 1000){
+            // TODO: eventually add base_url to a relative settings.loginUrl
             return res.redirect(`${settings.loginUrl}?came_from=${req.url}`);
           }
+
         }
       }
       return next();