Merge pull request #56 from anandshukla15/feature/session-expiry

resolve bugs

Author: 04shubham7

backend/.env.example

@@ -1,11 +1,12 @@
-MONGO_URI = mongodb://localhost:27017/PeerCall
-PORT = 3000
-JWT_SECRET = secret12peercall
-FRONTEND_URL = http://localhost:5173
+# MONGO_URI = mongodb://localhost:27017/PeerCall
+# PORT = 3000
+# JWT_SECRET = secret12peercall
+# FRONTEND_URL = http://localhost:5173
+
+# GITHUB_CLIENT_ID = put yours
+# GITHUB_CLIENT_SECRET put yours
+# GOOGLE_CLIENT_ID =  put yours
+# GOOGLE_CLIENT_SECRET = put yours
+# GOOGLE_CALLBACK_URL = http://localhost:3000/api/auth/google/callback
+# GITHUB_CALLBACK_URL = http://localhost:3000/api/auth/github/callback    
 
-GITHUB_CLIENT_ID = put yours
-GITHUB_CLIENT_SECRET put yours
-GOOGLE_CLIENT_ID =  put yours
-GOOGLE_CLIENT_SECRET = put yours
-GOOGLE_CALLBACK_URL = http://localhost:3000/api/auth/google/callback
-GITHUB_CALLBACK_URL = http://localhost:3000/api/auth/github/callback    

backend/package-lock.json

@@ -3,12 +3,13 @@ import bcrypt from "bcryptjs";
 import jwt from "jsonwebtoken"; // <-- ADDED
 import User, { type IUser } from "../models/userModel.js";
 import {
+  generateToken,
   generateAccessToken, // <-- RENAMED/UPDATED
   generateRefreshToken, // <-- ADDED
 } from "../utils/generateToken.js";
 import { userSchema, loginSchema } from "../utils/validateInputs.js";
 import dotenv from "dotenv";
-import jwt from "jsonwebtoken";
+
 import { Session } from "../models/sessionModel.js";
 
 dotenv.config();
@@ -70,7 +71,7 @@ export const registerUser = async (
     const typedUser = asTypedUser(newUser);
 
     const token = generateToken(typedUser._id.toString());
-const decoded = jwt.decode(token) as { exp?: number } | null;
+const decoded = jwt.verify(token, process.env.JWT_SECRET!) as { exp?: number };
 
 if (!decoded || !decoded.exp) {
   throw new Error("Invalid token format or missing expiration");

backend/src/controllers/authController.ts

@@ -1,5 +1,5 @@
 import express from "express";
-import { registerUser, loginUser,  getUserProfile} from "../controllers/authController.js";
+import { registerUser, loginUser,  getUserProfile, logoutUser,handleRefreshToken} from "../controllers/authController.js";
 import passport from "passport";
 import { Session } from "../models/sessionModel.js";
 import {protect} from "../middleware/authMiddleware.js";

backend/src/routes/authRoutes.ts

@@ -3,6 +3,7 @@ import type { SignOptions } from "jsonwebtoken";
 import dotenv from 'dotenv';
 dotenv.config();
 const accessTokenSecret = process.env.JWT_ACCESS_SECRET;
+const refreshTokenSecret = process.env.JWT_REFRESH_SECRET;
 
 export const generateToken = (userId: string) => {
   const expiresIn = "7d"; 
@@ -12,6 +13,22 @@ export const generateToken = (userId: string) => {
   return token;
 };
 
+const parseExpiration = (val: string | undefined, fallback: number | string): number | string => {
+    if (!val) return fallback;
+    const trimmed = val.trim();
+    return /^\d+$/.test(trimmed) ? Number(trimmed) : trimmed;
+};
+
+export const generateAccessToken = (id: string) => {
+    if (!accessTokenSecret) throw new Error("JWT_ACCESS_SECRET is not defined");
+
+    const options = {
+        expiresIn: parseExpiration(process.env.JWT_ACCESS_EXPIRATION, 900),
+    } as SignOptions;
+
+    return jwt.sign({ id }, accessTokenSecret, options);
+};
+
 export const generateRefreshToken = (id: string) => {
     if (!refreshTokenSecret) throw new Error("JWT_REFRESH_SECRET is not defined");