Enhance session management: restrict session access for blocked users and reduce token expiration to one day

This commit is contained in:
Marco Pedone 2025-08-20 14:17:26 +02:00
parent b2a118e907
commit aaea1eb6bb
2 changed files with 4 additions and 4 deletions

View file

@ -62,7 +62,7 @@ export const authRouter = createTRPCRouter({
}), }),
getSession: publicProcedure.query(async ({ ctx }) => { getSession: publicProcedure.query(async ({ ctx }) => {
if (!ctx.session) return null; if (!ctx.session || ctx.session.isBlocked) return null;
return ctx.session; return ctx.session;
}), }),
addUserAdmin: adminProcedure addUserAdmin: adminProcedure

View file

@ -40,7 +40,7 @@ const accessTokenCookieOptions: OptionsType = {
const refreshTokenCookieOptions: OptionsType = { const refreshTokenCookieOptions: OptionsType = {
...cookieOptions, ...cookieOptions,
expires: add(new Date(), { days: 7 }), expires: add(new Date(), { days: 1 }),
}; };
export const createUserAdmin = async ({ export const createUserAdmin = async ({
@ -149,7 +149,7 @@ export const logIn = async ({
}; };
const accessToken = await signToken(payload, "1h", "accessToken"); const accessToken = await signToken(payload, "1h", "accessToken");
const refreshToken = await signToken(payload, "7d", "refreshToken"); const refreshToken = await signToken(payload, "1d", "refreshToken");
// Send Access Token in Cookie // Send Access Token in Cookie
await setCookie(ACCESS_TOKEN_COOKIE_NAME, accessToken, { await setCookie(ACCESS_TOKEN_COOKIE_NAME, accessToken, {
@ -208,7 +208,7 @@ export const swapAuth = async ({
} }
const accessToken = await signToken(user, "1h", "accessToken"); const accessToken = await signToken(user, "1h", "accessToken");
const refreshToken = await signToken(user, "7d", "refreshToken"); const refreshToken = await signToken(user, "1d", "refreshToken");
// Send Access Token in Cookie // Send Access Token in Cookie
await setCookie(ACCESS_TOKEN_COOKIE_NAME, accessToken, { await setCookie(ACCESS_TOKEN_COOKIE_NAME, accessToken, {