From 98de6fe0e8ce390ddbaf228d80dfb284fbc3993d Mon Sep 17 00:00:00 2001
From: juancarmore <juancar_more2@hotmail.com>
Date: Fri, 11 Jul 2025 12:04:12 +0200
Subject: [PATCH] backend: refactor token expiration handling to use internal
 configuration constants

---
 backend/src/config/internal-config.ts      |  6 ++++++
 backend/src/controllers/auth.controller.ts | 10 ++++++----
 backend/src/controllers/room.controller.ts |  3 +--
 backend/src/environment.ts                 |  8 --------
 backend/src/services/token.service.ts      | 23 ++++++++--------------
 5 files changed, 21 insertions(+), 29 deletions(-)

diff --git a/backend/src/config/internal-config.ts b/backend/src/config/internal-config.ts
index f89562a..431a046 100644
--- a/backend/src/config/internal-config.ts
+++ b/backend/src/config/internal-config.ts
@@ -11,6 +11,12 @@ const INTERNAL_CONFIG = {
 	PARTICIPANT_TOKEN_COOKIE_NAME: 'OvMeetParticipantToken',
 	RECORDING_TOKEN_COOKIE_NAME: 'OvMeetRecordingToken',
 
+	// Token expiration times
+	ACCESS_TOKEN_EXPIRATION: '2h',
+	REFRESH_TOKEN_EXPIRATION: '1d',
+	PARTICIPANT_TOKEN_EXPIRATION: '2h',
+	RECORDING_TOKEN_EXPIRATION: '2h',
+
 	// Headers for API requests
 	API_KEY_HEADER: 'x-api-key',
 	PARTICIPANT_ROLE_HEADER: 'x-participant-role',
diff --git a/backend/src/controllers/auth.controller.ts b/backend/src/controllers/auth.controller.ts
index c9b7f08..d86c94a 100644
--- a/backend/src/controllers/auth.controller.ts
+++ b/backend/src/controllers/auth.controller.ts
@@ -2,7 +2,6 @@ import { Request, Response } from 'express';
 import { ClaimGrants } from 'livekit-server-sdk';
 import { container } from '../config/index.js';
 import INTERNAL_CONFIG from '../config/internal-config.js';
-import { MEET_ACCESS_TOKEN_EXPIRATION, MEET_REFRESH_TOKEN_EXPIRATION } from '../environment.js';
 import {
 	errorInvalidCredentials,
 	errorInvalidRefreshToken,
@@ -35,12 +34,15 @@ export const login = async (req: Request, res: Response) => {
 		res.cookie(
 			INTERNAL_CONFIG.ACCESS_TOKEN_COOKIE_NAME,
 			accessToken,
-			getCookieOptions('/', MEET_ACCESS_TOKEN_EXPIRATION)
+			getCookieOptions('/', INTERNAL_CONFIG.ACCESS_TOKEN_EXPIRATION)
 		);
 		res.cookie(
 			INTERNAL_CONFIG.REFRESH_TOKEN_COOKIE_NAME,
 			refreshToken,
-			getCookieOptions(`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/auth`, MEET_REFRESH_TOKEN_EXPIRATION)
+			getCookieOptions(
+				`${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/auth`,
+				INTERNAL_CONFIG.REFRESH_TOKEN_EXPIRATION
+			)
 		);
 		logger.info(`Login succeeded for user '${username}'`);
 		return res.status(200).json({ message: 'Login succeeded' });
@@ -94,7 +96,7 @@ export const refreshToken = async (req: Request, res: Response) => {
 		res.cookie(
 			INTERNAL_CONFIG.ACCESS_TOKEN_COOKIE_NAME,
 			accessToken,
-			getCookieOptions('/', MEET_ACCESS_TOKEN_EXPIRATION)
+			getCookieOptions('/', INTERNAL_CONFIG.ACCESS_TOKEN_EXPIRATION)
 		);
 		logger.info(`Token refreshed for user ${username}`);
 		return res.status(200).json({ message: 'Token refreshed' });
diff --git a/backend/src/controllers/room.controller.ts b/backend/src/controllers/room.controller.ts
index 9e19f05..df7b82d 100644
--- a/backend/src/controllers/room.controller.ts
+++ b/backend/src/controllers/room.controller.ts
@@ -2,7 +2,6 @@ import { MeetRoomFilters, MeetRoomOptions, MeetRoomRoleAndPermissions, Participa
 import { Request, Response } from 'express';
 import { container } from '../config/index.js';
 import INTERNAL_CONFIG from '../config/internal-config.js';
-import { MEET_RECORDING_TOKEN_EXPIRATION } from '../environment.js';
 import { handleError } from '../models/error.model.js';
 import { LoggerService, ParticipantService, RoomService } from '../services/index.js';
 import { getCookieOptions } from '../utils/cookie-utils.js';
@@ -149,7 +148,7 @@ export const generateRecordingToken = async (req: Request, res: Response) => {
 		res.cookie(
 			INTERNAL_CONFIG.RECORDING_TOKEN_COOKIE_NAME,
 			token,
-			getCookieOptions('/', MEET_RECORDING_TOKEN_EXPIRATION)
+			getCookieOptions('/', INTERNAL_CONFIG.RECORDING_TOKEN_EXPIRATION)
 		);
 		return res.status(200).json({ token });
 	} catch (error) {
diff --git a/backend/src/environment.ts b/backend/src/environment.ts
index 9f5624a..ab53aa6 100644
--- a/backend/src/environment.ts
+++ b/backend/src/environment.ts
@@ -32,12 +32,6 @@ export const {
 	MEET_ADMIN_SECRET = 'admin',
 	MEET_COOKIE_SECURE = 'false',
 
-	// Token expiration times
-	MEET_ACCESS_TOKEN_EXPIRATION = '2h',
-	MEET_REFRESH_TOKEN_EXPIRATION = '1d',
-	MEET_PARTICIPANT_TOKEN_EXPIRATION = '2h',
-	MEET_RECORDING_TOKEN_EXPIRATION = '2h',
-
 	/**
 	 * Webhook configuration
 	 *
@@ -115,8 +109,6 @@ export const logEnvVars = () => {
 	console.log('MEET API KEY: ', credential('****' + MEET_API_KEY.slice(-3)));
 	console.log('MEET ADMIN USER: ', credential('****' + MEET_ADMIN_USER.slice(-3)));
 	console.log('MEET ADMIN PASSWORD: ', credential('****' + MEET_ADMIN_SECRET.slice(-3)));
-	console.log('MEET ACCESS TOKEN EXPIRATION: ', text(MEET_ACCESS_TOKEN_EXPIRATION));
-	console.log('MEET REFRESH TOKEN EXPIRATION: ', text(MEET_REFRESH_TOKEN_EXPIRATION));
 	console.log('MEET PREFERENCES STORAGE:', text(MEET_PREFERENCES_STORAGE_MODE));
 	console.log('MEET_WEBHOOK_ENABLED:', text(MEET_WEBHOOK_ENABLED));
 
diff --git a/backend/src/services/token.service.ts b/backend/src/services/token.service.ts
index b356746..7ac48ef 100644
--- a/backend/src/services/token.service.ts
+++ b/backend/src/services/token.service.ts
@@ -7,18 +7,11 @@ import {
 	User
 } from '@typings-ce';
 import { inject, injectable } from 'inversify';
-import { AccessToken, AccessTokenOptions, ClaimGrants, TokenVerifier, VideoGrant } from 'livekit-server-sdk';
-import {
-	LIVEKIT_API_KEY,
-	LIVEKIT_API_SECRET,
-	LIVEKIT_URL,
-	MEET_ACCESS_TOKEN_EXPIRATION,
-	MEET_PARTICIPANT_TOKEN_EXPIRATION,
-	MEET_RECORDING_TOKEN_EXPIRATION,
-	MEET_REFRESH_TOKEN_EXPIRATION
-} from '../environment.js';
-import { LoggerService } from './index.js';
 import { jwtDecode } from 'jwt-decode';
+import { AccessToken, AccessTokenOptions, ClaimGrants, TokenVerifier, VideoGrant } from 'livekit-server-sdk';
+import INTERNAL_CONFIG from '../config/internal-config.js';
+import { LIVEKIT_API_KEY, LIVEKIT_API_SECRET, LIVEKIT_URL } from '../environment.js';
+import { LoggerService } from './index.js';
 
 @injectable()
 export class TokenService {
@@ -27,7 +20,7 @@ export class TokenService {
 	async generateAccessToken(user: User): Promise<string> {
 		const tokenOptions: AccessTokenOptions = {
 			identity: user.username,
-			ttl: MEET_ACCESS_TOKEN_EXPIRATION,
+			ttl: INTERNAL_CONFIG.ACCESS_TOKEN_EXPIRATION,
 			metadata: JSON.stringify({
 				roles: user.roles
 			})
@@ -38,7 +31,7 @@ export class TokenService {
 	async generateRefreshToken(user: User): Promise<string> {
 		const tokenOptions: AccessTokenOptions = {
 			identity: user.username,
-			ttl: MEET_REFRESH_TOKEN_EXPIRATION,
+			ttl: INTERNAL_CONFIG.REFRESH_TOKEN_EXPIRATION,
 			metadata: JSON.stringify({
 				roles: user.roles
 			})
@@ -57,7 +50,7 @@ export class TokenService {
 		const tokenOptions: AccessTokenOptions = {
 			identity: participantName,
 			name: participantName,
-			ttl: MEET_PARTICIPANT_TOKEN_EXPIRATION,
+			ttl: INTERNAL_CONFIG.PARTICIPANT_TOKEN_EXPIRATION,
 			metadata: JSON.stringify({
 				livekitUrl: LIVEKIT_URL,
 				roles
@@ -73,7 +66,7 @@ export class TokenService {
 	): Promise<string> {
 		this.logger.info(`Generating recording token for room ${roomId}`);
 		const tokenOptions: AccessTokenOptions = {
-			ttl: MEET_RECORDING_TOKEN_EXPIRATION,
+			ttl: INTERNAL_CONFIG.RECORDING_TOKEN_EXPIRATION,
 			metadata: JSON.stringify({
 				role,
 				recordingPermissions: permissions