From 9767260e597751bd0d04ba586783427514967aa0 Mon Sep 17 00:00:00 2001
From: Wing-Kam Wong <wingkwong.code@gmail.com>
Date: Sat, 18 Jun 2022 13:03:58 +0800
Subject: [PATCH] fix: expired jwt token still usable

---
 packages/nocodb/src/lib/Noco.ts               | 36 +++++++++++--------
 .../lib/meta/api/userApi/initStrategies.ts    |  9 +++--
 2 files changed, 26 insertions(+), 19 deletions(-)

diff --git a/packages/nocodb/src/lib/Noco.ts b/packages/nocodb/src/lib/Noco.ts
index c0439bfb75..8d0a93368e 100644
--- a/packages/nocodb/src/lib/Noco.ts
+++ b/packages/nocodb/src/lib/Noco.ts
@@ -187,7 +187,7 @@ export default class Noco {
     }
 
     await Noco._ncMeta.metaInit();
-    await this.readOrGenJwtSecret();
+    await this.initJwt();
     await initAdminFromEnv();
 
     await NcUpgrader.upgrade({ ncMeta: Noco._ncMeta });
@@ -489,20 +489,28 @@ export default class Noco {
     }
   }
 
-  private async readOrGenJwtSecret(): Promise<any> {
-    if (this.config?.auth?.jwt && !this.config.auth.jwt.secret) {
-      let secret = (
-        await Noco._ncMeta.metaGet('', '', 'nc_store', {
-          key: 'nc_auth_jwt_secret'
-        })
-      )?.value;
-      if (!secret) {
-        await Noco._ncMeta.metaInsert('', '', 'nc_store', {
-          key: 'nc_auth_jwt_secret',
-          value: secret = uuidv4()
-        });
+  private async initJwt(): Promise<any> {
+    if (this.config?.auth?.jwt) {
+      if (!this.config.auth.jwt.secret) {
+        let secret = (
+          await Noco._ncMeta.metaGet('', '', 'nc_store', {
+            key: 'nc_auth_jwt_secret'
+          })
+        )?.value;
+        if (!secret) {
+          await Noco._ncMeta.metaInsert('', '', 'nc_store', {
+            key: 'nc_auth_jwt_secret',
+            value: secret = uuidv4()
+          });
+        }
+        this.config.auth.jwt.secret = secret;
+      }
+
+      this.config.auth.jwt.options = this.config.auth.jwt.options || {};
+      if (!this.config.auth.jwt.options?.expiresIn) {
+        this.config.auth.jwt.options.expiresIn =
+          process.env.NC_JWT_EXPIRES_IN ?? '10h';
       }
-      this.config.auth.jwt.secret = secret;
     }
     let serverId = (
       await Noco._ncMeta.metaGet('', '', 'nc_store', {
diff --git a/packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts b/packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts
index 6cdd004865..e6c99869ac 100644
--- a/packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts
+++ b/packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts
@@ -2,18 +2,17 @@ import User from '../../../models/User';
 import ProjectUser from '../../../models/ProjectUser';
 import { promisify } from 'util';
 import { Strategy as CustomStrategy } from 'passport-custom';
-
-import { Strategy } from 'passport-jwt';
 import passport from 'passport';
-import { ExtractJwt } from 'passport-jwt';
+import passportJWT from 'passport-jwt';
 import { Strategy as AuthTokenStrategy } from 'passport-auth-token';
 import { Strategy as GoogleStrategy } from 'passport-google-oauth20';
 import { randomTokenString } from '../../helpers/stringHelpers';
 
 const PassportLocalStrategy = require('passport-local').Strategy;
+const ExtractJwt = passportJWT.ExtractJwt;
+const JwtStrategy = passportJWT.Strategy;
 
 const jwtOptions = {
-  expiresIn: process.env.NC_JWT_EXPIRES_IN ?? '10h',
   jwtFromRequest: ExtractJwt.fromHeader('xc-auth')
 };
 
@@ -84,7 +83,7 @@ export function initStrategies(router): void {
   });
 
   passport.use(
-    new Strategy(
+    new JwtStrategy(
       {
         secretOrKey: Noco.getConfig().auth.jwt.secret,
         ...jwtOptions,