From 34458972f01c5325b43755bc53c6b2848e27dd43 Mon Sep 17 00:00:00 2001 From: Luiz Chaves Date: Sat, 12 Oct 2024 13:52:20 -0300 Subject: [PATCH] fix: jwt - expiresIn to ms --- public/codes/expressjs/invest-app-auth/src/routes.js | 2 +- public/codes/expressjs/invest-app-email/src/routes.js | 2 +- public/codes/expressjs/invest-app-upload/src/routes.js | 2 +- public/codes/expressjs/invest-app-validation/src/routes.js | 2 +- src/content/classnotes/expressjs/auth/index.mdx | 7 +++++-- 5 files changed, 9 insertions(+), 6 deletions(-) diff --git a/public/codes/expressjs/invest-app-auth/src/routes.js b/public/codes/expressjs/invest-app-auth/src/routes.js index 286300f..5a39e44 100644 --- a/public/codes/expressjs/invest-app-auth/src/routes.js +++ b/public/codes/expressjs/invest-app-auth/src/routes.js @@ -176,7 +176,7 @@ router.post('/signin', async (req, res) => { const token = jwt.sign( { userId }, process.env.JWT_SECRET, - { expiresIn: 3600 } // 1h + { expiresIn: 3600000 } // 1h ); return res.json({ auth: true, token }); diff --git a/public/codes/expressjs/invest-app-email/src/routes.js b/public/codes/expressjs/invest-app-email/src/routes.js index dcc9612..0dbee1b 100644 --- a/public/codes/expressjs/invest-app-email/src/routes.js +++ b/public/codes/expressjs/invest-app-email/src/routes.js @@ -291,7 +291,7 @@ router.post( const token = jwt.sign( { userId }, process.env.JWT_SECRET, - { expiresIn: 3600 } // 1h + { expiresIn: 3600000 } // 1h ); return res.json({ auth: true, token }); diff --git a/public/codes/expressjs/invest-app-upload/src/routes.js b/public/codes/expressjs/invest-app-upload/src/routes.js index 1c270e7..17dfd05 100644 --- a/public/codes/expressjs/invest-app-upload/src/routes.js +++ b/public/codes/expressjs/invest-app-upload/src/routes.js @@ -341,7 +341,7 @@ router.post( const token = jwt.sign( { userId }, process.env.JWT_SECRET, - { expiresIn: 3600 } // 1h + { expiresIn: 3600000 } // 1h ); return res.json({ auth: true, token }); diff --git a/public/codes/expressjs/invest-app-validation/src/routes.js b/public/codes/expressjs/invest-app-validation/src/routes.js index 5508c8d..499fc0c 100644 --- a/public/codes/expressjs/invest-app-validation/src/routes.js +++ b/public/codes/expressjs/invest-app-validation/src/routes.js @@ -287,7 +287,7 @@ router.post( const token = jwt.sign( { userId }, process.env.JWT_SECRET, - { expiresIn: 3600 } // 1h + { expiresIn: 3600000 } // 1h ); return res.json({ auth: true, token }); diff --git a/src/content/classnotes/expressjs/auth/index.mdx b/src/content/classnotes/expressjs/auth/index.mdx index 14394ba..2d63fa9 100644 --- a/src/content/classnotes/expressjs/auth/index.mdx +++ b/src/content/classnotes/expressjs/auth/index.mdx @@ -47,7 +47,7 @@ jwt.sign( jwt.sign( { userId: 1 }, 'secret', - { expiresIn: 3600 } // 1h + { expiresIn: 3600000 } // 1h ); //=> eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOjEsImlhdCI6MTcyODc0Njc4NiwiZXhwIjoxNzI4NzUwMzg2fQ.V1eHtVYWaI5Rji8wd4onYIGqdTGlm6NAmUeIiw6G7Gw @@ -66,7 +66,7 @@ jwt.sign( jwt.sign( { userId: 1 }, 'abc', - { expiresIn: 3600 } // 1h + { expiresIn: 3600000 } // { expiresIn: '1h' } ); //=> eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOjEsImlhdCI6MTcyODc0ODQ5NywiZXhwIjoxNzI4NzUyMDk3fQ.0m_bFbC337WRu0bqlabUJ1hN-hNwOXVJUHKBbSdmz7s @@ -83,6 +83,7 @@ Observações: - `iat` (`Issued At` ou `Gerado em`) é o timestamp de quando o token foi gerado; - A `signature` é gerado pela assinatura do `header.payload` + `privateKey` ([HMAC-SHA256 Hash Generator](https://www.devglan.com/online-tools/hmac-sha256-online)); +- expiresIn: expressed in seconds or a string describing a time span [vercel/ms](https://github.com/vercel/ms). Decode: jwt.verify(token, privateKey) @@ -116,6 +117,8 @@ jwt.verify( //=> { userId: 1, iat: 1728746786, exp: 1728750386 } ``` +> Sabendo que o `privateKey` é `secret`, gere um novo token para o usuário de `id` igual a `2` com `1h` de expiração. + ## Middleware ```text