Enhance session management: restrict session access for blocked users and reduce token expiration to one day

This commit is contained in:
Marco Pedone 2025-08-20 14:17:26 +02:00
parent b2a118e907
commit aaea1eb6bb
2 changed files with 4 additions and 4 deletions

View file

@ -62,7 +62,7 @@ export const authRouter = createTRPCRouter({
}),
getSession: publicProcedure.query(async ({ ctx }) => {
if (!ctx.session) return null;
if (!ctx.session || ctx.session.isBlocked) return null;
return ctx.session;
}),
addUserAdmin: adminProcedure

View file

@ -40,7 +40,7 @@ const accessTokenCookieOptions: OptionsType = {
const refreshTokenCookieOptions: OptionsType = {
...cookieOptions,
expires: add(new Date(), { days: 7 }),
expires: add(new Date(), { days: 1 }),
};
export const createUserAdmin = async ({
@ -149,7 +149,7 @@ export const logIn = async ({
};
const accessToken = await signToken(payload, "1h", "accessToken");
const refreshToken = await signToken(payload, "7d", "refreshToken");
const refreshToken = await signToken(payload, "1d", "refreshToken");
// Send Access Token in Cookie
await setCookie(ACCESS_TOKEN_COOKIE_NAME, accessToken, {
@ -208,7 +208,7 @@ export const swapAuth = async ({
}
const accessToken = await signToken(user, "1h", "accessToken");
const refreshToken = await signToken(user, "7d", "refreshToken");
const refreshToken = await signToken(user, "1d", "refreshToken");
// Send Access Token in Cookie
await setCookie(ACCESS_TOKEN_COOKIE_NAME, accessToken, {