backend: refactor token expiration handling to use internal configuration constants

2025-07-11 12:04:12 +02:00 · 2025-07-11 12:04:12 +02:00 · 98de6fe0e8
commit 98de6fe0e8
parent 6dd074df57
5 changed files with 21 additions and 29 deletions
--- a/backend/src/config/internal-config.ts
+++ b/backend/src/config/internal-config.ts
@ -11,6 +11,12 @@ const INTERNAL_CONFIG = {
 	PARTICIPANT_TOKEN_COOKIE_NAME: 'OvMeetParticipantToken',
 	RECORDING_TOKEN_COOKIE_NAME: 'OvMeetRecordingToken',

+	// Token expiration times
+	ACCESS_TOKEN_EXPIRATION: '2h',
+	REFRESH_TOKEN_EXPIRATION: '1d',
+	PARTICIPANT_TOKEN_EXPIRATION: '2h',
+	RECORDING_TOKEN_EXPIRATION: '2h',
+
 	// Headers for API requests
 	API_KEY_HEADER: 'x-api-key',
 	PARTICIPANT_ROLE_HEADER: 'x-participant-role',
--- a/backend/src/controllers/auth.controller.ts
+++ b/backend/src/controllers/auth.controller.ts
@ -2,7 +2,6 @@ import { Request, Response } from 'express';
 import { ClaimGrants } from 'livekit-server-sdk';
 import { container } from '../config/index.js';
 import INTERNAL_CONFIG from '../config/internal-config.js';
-import { MEET_ACCESS_TOKEN_EXPIRATION, MEET_REFRESH_TOKEN_EXPIRATION } from '../environment.js';
 import {
 	errorInvalidCredentials,
 	errorInvalidRefreshToken,
@ -35,12 +34,15 @@ export const login = async (req: Request, res: Response) => {
 		res.cookie(
 			INTERNAL_CONFIG.ACCESS_TOKEN_COOKIE_NAME,
 			accessToken,
-			getCookieOptions('/', MEET_ACCESS_TOKEN_EXPIRATION)
+			getCookieOptions('/', INTERNAL_CONFIG.ACCESS_TOKEN_EXPIRATION)
 		);
 		res.cookie(
 			INTERNAL_CONFIG.REFRESH_TOKEN_COOKIE_NAME,
 			refreshToken,
-			getCookieOptions(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/auth`, MEET_REFRESH_TOKEN_EXPIRATION)
+			getCookieOptions(
+				`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/auth`,
+				INTERNAL_CONFIG.REFRESH_TOKEN_EXPIRATION
+			)
 		);
 		logger.info(`Login succeeded for user '${username}'`);
 		return res.status(200).json({ message: 'Login succeeded' });
@ -94,7 +96,7 @@ export const refreshToken = async (req: Request, res: Response) => {
 		res.cookie(
 			INTERNAL_CONFIG.ACCESS_TOKEN_COOKIE_NAME,
 			accessToken,
-			getCookieOptions('/', MEET_ACCESS_TOKEN_EXPIRATION)
+			getCookieOptions('/', INTERNAL_CONFIG.ACCESS_TOKEN_EXPIRATION)
 		);
 		logger.info(`Token refreshed for user ${username}`);
 		return res.status(200).json({ message: 'Token refreshed' });
--- a/backend/src/controllers/room.controller.ts
+++ b/backend/src/controllers/room.controller.ts
@ -2,7 +2,6 @@ import { MeetRoomFilters, MeetRoomOptions, MeetRoomRoleAndPermissions, Participa
 import { Request, Response } from 'express';
 import { container } from '../config/index.js';
 import INTERNAL_CONFIG from '../config/internal-config.js';
-import { MEET_RECORDING_TOKEN_EXPIRATION } from '../environment.js';
 import { handleError } from '../models/error.model.js';
 import { LoggerService, ParticipantService, RoomService } from '../services/index.js';
 import { getCookieOptions } from '../utils/cookie-utils.js';
@ -149,7 +148,7 @@ export const generateRecordingToken = async (req: Request, res: Response) => {
 		res.cookie(
 			INTERNAL_CONFIG.RECORDING_TOKEN_COOKIE_NAME,
 			token,
-			getCookieOptions('/', MEET_RECORDING_TOKEN_EXPIRATION)
+			getCookieOptions('/', INTERNAL_CONFIG.RECORDING_TOKEN_EXPIRATION)
 		);
 		return res.status(200).json({ token });
 	} catch (error) {
--- a/backend/src/environment.ts
+++ b/backend/src/environment.ts
@ -32,12 +32,6 @@ export const {
 	MEET_ADMIN_SECRET = 'admin',
 	MEET_COOKIE_SECURE = 'false',

-	// Token expiration times
-	MEET_ACCESS_TOKEN_EXPIRATION = '2h',
-	MEET_REFRESH_TOKEN_EXPIRATION = '1d',
-	MEET_PARTICIPANT_TOKEN_EXPIRATION = '2h',
-	MEET_RECORDING_TOKEN_EXPIRATION = '2h',
-
 	/**
 	 * Webhook configuration
 	 *
@ -115,8 +109,6 @@ export const logEnvVars = () => {
 	console.log('MEET API KEY: ', credential('****' + MEET_API_KEY.slice(-3)));
 	console.log('MEET ADMIN USER: ', credential('****' + MEET_ADMIN_USER.slice(-3)));
 	console.log('MEET ADMIN PASSWORD: ', credential('****' + MEET_ADMIN_SECRET.slice(-3)));
-	console.log('MEET ACCESS TOKEN EXPIRATION: ', text(MEET_ACCESS_TOKEN_EXPIRATION));
-	console.log('MEET REFRESH TOKEN EXPIRATION: ', text(MEET_REFRESH_TOKEN_EXPIRATION));
 	console.log('MEET PREFERENCES STORAGE:', text(MEET_PREFERENCES_STORAGE_MODE));
 	console.log('MEET_WEBHOOK_ENABLED:', text(MEET_WEBHOOK_ENABLED));

--- a/backend/src/services/token.service.ts
+++ b/backend/src/services/token.service.ts
@ -7,18 +7,11 @@ import {
 	User
 } from '@typings-ce';
 import { inject, injectable } from 'inversify';
-import { AccessToken, AccessTokenOptions, ClaimGrants, TokenVerifier, VideoGrant } from 'livekit-server-sdk';
-import {
-	LIVEKIT_API_KEY,
-	LIVEKIT_API_SECRET,
-	LIVEKIT_URL,
-	MEET_ACCESS_TOKEN_EXPIRATION,
-	MEET_PARTICIPANT_TOKEN_EXPIRATION,
-	MEET_RECORDING_TOKEN_EXPIRATION,
-	MEET_REFRESH_TOKEN_EXPIRATION
-} from '../environment.js';
-import { LoggerService } from './index.js';
 import { jwtDecode } from 'jwt-decode';
+import { AccessToken, AccessTokenOptions, ClaimGrants, TokenVerifier, VideoGrant } from 'livekit-server-sdk';
+import INTERNAL_CONFIG from '../config/internal-config.js';
+import { LIVEKIT_API_KEY, LIVEKIT_API_SECRET, LIVEKIT_URL } from '../environment.js';
+import { LoggerService } from './index.js';

@injectable()
 export class TokenService {
@ -27,7 +20,7 @@ export class TokenService {
 	async generateAccessToken(user: User): Promise<string> {
 		const tokenOptions: AccessTokenOptions = {
 			identity: user.username,
-			ttl: MEET_ACCESS_TOKEN_EXPIRATION,
+			ttl: INTERNAL_CONFIG.ACCESS_TOKEN_EXPIRATION,
 			metadata: JSON.stringify({
 				roles: user.roles
 			})
@ -38,7 +31,7 @@ export class TokenService {
 	async generateRefreshToken(user: User): Promise<string> {
 		const tokenOptions: AccessTokenOptions = {
 			identity: user.username,
-			ttl: MEET_REFRESH_TOKEN_EXPIRATION,
+			ttl: INTERNAL_CONFIG.REFRESH_TOKEN_EXPIRATION,
 			metadata: JSON.stringify({
 				roles: user.roles
 			})
@ -57,7 +50,7 @@ export class TokenService {
 		const tokenOptions: AccessTokenOptions = {
 			identity: participantName,
 			name: participantName,
-			ttl: MEET_PARTICIPANT_TOKEN_EXPIRATION,
+			ttl: INTERNAL_CONFIG.PARTICIPANT_TOKEN_EXPIRATION,
 			metadata: JSON.stringify({
 				livekitUrl: LIVEKIT_URL,
 				roles
@ -73,7 +66,7 @@ export class TokenService {
 	): Promise<string> {
 		this.logger.info(`Generating recording token for room ${roomId}`);
 		const tokenOptions: AccessTokenOptions = {
-			ttl: MEET_RECORDING_TOKEN_EXPIRATION,
+			ttl: INTERNAL_CONFIG.RECORDING_TOKEN_EXPIRATION,
 			metadata: JSON.stringify({
 				role,
 				recordingPermissions: permissions