LIT-Protocol · Ansonhkg · Sep 4, 2023 · Sep 4, 2023
diff --git a/packages/lit-auth-client/src/lib/providers/DiscordProvider.ts b/packages/lit-auth-client/src/lib/providers/DiscordProvider.ts
@@ -16,6 +16,9 @@ import {
 import { ethers } from 'ethers';
 import { sha256 } from 'ethers/lib/utils';
 
+const MAX_EXPIRATION_LENGTH = 30;
+const MAX_EXPIRATION_UNIT = 'minutes';
+
 export default class DiscordProvider extends BaseProvider {
   /**
    * The redirect URI that Lit's login server should send the user back to
@@ -136,11 +139,34 @@ export default class DiscordProvider extends BaseProvider {
       const storageUID = this.getAuthMethodStorageUID(accessToken);
 
       if (this.storageProvider.isExpired(storageUID)) {
+        const expirationLength =
+          _options.expirationLength ?? MAX_EXPIRATION_LENGTH;
+        const expirationUnit = _options.expirationUnit ?? MAX_EXPIRATION_UNIT;
+
+        const userExpirationISOString = this.storageProvider.convertToISOString(
+          expirationLength,
+          expirationUnit
+        );
+
+        const maxExpirationISOString = this.storageProvider.convertToISOString(
+          MAX_EXPIRATION_LENGTH,
+          MAX_EXPIRATION_UNIT
+        );
+
+        const userExpirationDate = new Date(userExpirationISOString);
+        const maxExpirationDate = new Date(maxExpirationISOString); // Just convert the ISO string to a Date
+
+        if (userExpirationDate > maxExpirationDate) {
+          throw new Error(
+            `The expiration date for this auth method cannot be more than ${MAX_EXPIRATION_LENGTH} ${MAX_EXPIRATION_UNIT} from now. Please provide a valid expiration length and unit.}`
+          );
+        }
+
         this.storageProvider.setExpirableItem(
           storageUID,
           JSON.stringify(authMethod),
-          _options.expirationLength ?? 24,
-          _options.expirationUnit ?? 'hours'
+          expirationLength,
+          expirationUnit
         );
       }
     }

diff --git a/packages/lit-auth-client/src/lib/providers/GoogleProvider.ts b/packages/lit-auth-client/src/lib/providers/GoogleProvider.ts
@@ -16,6 +16,9 @@ import { BaseProvider } from './BaseProvider';
 import { ethers } from 'ethers';
 import * as jose from 'jose';
 
+const MAX_EXPIRATION_LENGTH = 30;
+const MAX_EXPIRATION_UNIT = 'minutes';
+
 // import {
 //   LitAbility,
 //   LitAccessControlConditionResource,
@@ -132,11 +135,34 @@ export default class GoogleProvider extends BaseProvider {
       const storageUID = this.getAuthMethodStorageUID(idToken);
 
       if (this.storageProvider.isExpired(storageUID)) {
+        const expirationLength =
+          _options.expirationLength ?? MAX_EXPIRATION_LENGTH;
+        const expirationUnit = _options.expirationUnit ?? MAX_EXPIRATION_UNIT;
+
+        const userExpirationISOString = this.storageProvider.convertToISOString(
+          expirationLength,
+          expirationUnit
+        );
+
+        const maxExpirationISOString = this.storageProvider.convertToISOString(
+          MAX_EXPIRATION_LENGTH,
+          MAX_EXPIRATION_UNIT
+        );
+
+        const userExpirationDate = new Date(userExpirationISOString);
+        const maxExpirationDate = new Date(maxExpirationISOString); // Just convert the ISO string to a Date
+
+        if (userExpirationDate > maxExpirationDate) {
+          throw new Error(
+            `The expiration date for this auth method cannot be more than ${MAX_EXPIRATION_LENGTH} ${MAX_EXPIRATION_UNIT} from now. Please provide a valid expiration length and unit.}`
+          );
+        }
+
         this.storageProvider.setExpirableItem(
           storageUID,
           JSON.stringify(authMethod),
-          _options.expirationLength ?? 24,
-          _options.expirationUnit ?? 'hours'
+          expirationLength,
+          expirationUnit
         );
       }
     }

diff --git a/packages/lit-auth-client/src/lib/providers/OtpProvider.ts b/packages/lit-auth-client/src/lib/providers/OtpProvider.ts
@@ -12,6 +12,9 @@ import { BaseProvider } from './BaseProvider';
 import { OtpProviderOptions } from '@lit-protocol/types';
 import { ethers } from 'ethers';
 
+const MAX_EXPIRATION_LENGTH = 30;
+const MAX_EXPIRATION_UNIT = 'minutes';
+
 export class OtpProvider extends BaseProvider {
   #accessToken: string | undefined;
 
@@ -76,11 +79,36 @@ export class OtpProvider extends BaseProvider {
         const storageUID = this.getAuthMethodStorageUID(accessToken);
 
         if (this.storageProvider.isExpired(storageUID)) {
+          const expirationLength =
+            _options.expirationLength ?? MAX_EXPIRATION_LENGTH;
+          const expirationUnit = _options.expirationUnit ?? MAX_EXPIRATION_UNIT;
+
+          const userExpirationISOString =
+            this.storageProvider.convertToISOString(
+              expirationLength,
+              expirationUnit
+            );
+
+          const maxExpirationISOString =
+            this.storageProvider.convertToISOString(
+              MAX_EXPIRATION_LENGTH,
+              MAX_EXPIRATION_UNIT
+            );
+
+          const userExpirationDate = new Date(userExpirationISOString);
+          const maxExpirationDate = new Date(maxExpirationISOString); // Just convert the ISO string to a Date
+
+          if (userExpirationDate > maxExpirationDate) {
+            throw new Error(
+              `The expiration date for this auth method cannot be more than ${MAX_EXPIRATION_LENGTH} ${MAX_EXPIRATION_UNIT} from now. Please provide a valid expiration length and unit.}`
+            );
+          }
+
           this.storageProvider.setExpirableItem(
             storageUID,
             item,
-            _options.expirationLength ?? 24,
-            _options.expirationUnit ?? 'hours'
+            expirationLength,
+            expirationUnit
           );
         }
       }

diff --git a/packages/lit-auth-client/src/lib/providers/WebAuthnProvider.ts b/packages/lit-auth-client/src/lib/providers/WebAuthnProvider.ts
@@ -15,6 +15,9 @@ import { getRPIdFromOrigin, parseAuthenticatorData } from '../utils';
 import { BaseProvider } from './BaseProvider';
 import { RegistrationResponseJSON } from '@simplewebauthn/typescript-types';
 
+const MAX_EXPIRATION_LENGTH = 3;
+const MAX_EXPIRATION_UNIT = 'minutes';
+
 export default class WebAuthnProvider extends BaseProvider {
   /**
    * Name of relying party. Defaults to "lit"
@@ -208,11 +211,34 @@ export default class WebAuthnProvider extends BaseProvider {
       const storageUID = this.getAuthMethodStorageUID(authMethod.accessToken);
 
       if (this.storageProvider.isExpired(storageUID)) {
+        const expirationLength =
+          _options.expirationLength ?? MAX_EXPIRATION_LENGTH;
+        const expirationUnit = _options.expirationUnit ?? MAX_EXPIRATION_UNIT;
+
+        const userExpirationISOString = this.storageProvider.convertToISOString(
+          expirationLength,
+          expirationUnit
+        );
+
+        const maxExpirationISOString = this.storageProvider.convertToISOString(
+          MAX_EXPIRATION_LENGTH,
+          MAX_EXPIRATION_UNIT
+        );
+
+        const userExpirationDate = new Date(userExpirationISOString);
+        const maxExpirationDate = new Date(maxExpirationISOString); // Just convert the ISO string to a Date
+
+        if (userExpirationDate > maxExpirationDate) {
+          throw new Error(
+            `The expiration date for this auth method cannot be more than ${MAX_EXPIRATION_LENGTH} ${MAX_EXPIRATION_UNIT} from now. Please provide a valid expiration length and unit.}`
+          );
+        }
+
         this.storageProvider.setExpirableItem(
           storageUID,
           JSON.stringify(authMethod),
-          _options.expirationLength ?? 24,
-          _options.expirationUnit ?? 'hours'
+          expirationLength,
+          expirationUnit
         );
       }
     }