feat(auth): added in a rolling token

server/services/auth/controllers/login.ts

@@ -9,7 +9,7 @@ import {log} from "../../logger/logger.js";
 /**
  * Authenticate a user and return a JWT.
  */
-const {sign, verify} = jwt;
+const {sign} = jwt;
 
 export async function login(
     username: string,
@@ -56,5 +56,6 @@ export async function login(
     }
 
     const token = sign({user: userData}, secret, {expiresIn: expiresIn * 60});
+
     return {token, user: userData};
 }

server/services/auth/routes/session.ts

@@ -2,9 +2,13 @@ import {z, createRoute, OpenAPIHono} from "@hono/zod-openapi";
 import {verify} from "hono/jwt";
 import {log} from "../../logger/logger.js";
 import {authMiddleware} from "../middleware/authMiddleware.js";
+import jwt from "jsonwebtoken";
 
 const session = new OpenAPIHono();
+const expiresIn = Number(process.env.JWT_EXPIRES!) || 60;
+const secret: string = process.env.JWT_SECRET!;
 
+const {sign} = jwt;
 const UserSchema = z.object({
     username: z
     .string()
@@ -79,7 +83,11 @@ session.openapi(
 
         try {
             const payload = await verify(token, process.env.JWT_SECRET!);
-            return c.json({data: {token: token, user: payload.user}}, 200);
+
+            // If it's valid, return a new token
+            const newToken = sign({user: payload.user}, secret, {expiresIn: expiresIn * 60});
+
+            return c.json({data: {token: newToken, user: payload.user}}, 200);
         } catch (error) {
             log.error(error, "Failed session check, user must be logged out");
             return c.json({message: "Unauthorized"}, 401);