🔧 fix: Properly handle Token Expiry Defaults when Env Variable not set (#7834)

2025-06-11 20:27:27 +02:00
parent 13c7ceb918
commit 6488873bad
2 changed files with 6 additions and 2 deletions
--- a/api/server/services/AuthService.js
+++ b/api/server/services/AuthService.js
@@ -409,7 +409,9 @@ const setOpenIDAuthTokens = (tokenset, res) => {
      return;
    }
    const { REFRESH_TOKEN_EXPIRY } = process.env ?? {};
-    const expiryInMilliseconds = eval(REFRESH_TOKEN_EXPIRY) ?? 1000 * 60 * 60 * 24 * 7; // 7 days default
+    const expiryInMilliseconds = REFRESH_TOKEN_EXPIRY
+      ? eval(REFRESH_TOKEN_EXPIRY)
+      : 1000 * 60 * 60 * 24 * 7; // 7 days default
    const expirationDate = new Date(Date.now() + expiryInMilliseconds);
    if (tokenset == null) {
      logger.error('[setOpenIDAuthTokens] No tokenset found in request');
--- a/packages/data-schemas/src/methods/session.ts
+++ b/packages/data-schemas/src/methods/session.ts
@@ -13,7 +13,9 @@ export class SessionError extends Error {
 }

 const { REFRESH_TOKEN_EXPIRY } = process.env ?? {};
-const expires = eval(REFRESH_TOKEN_EXPIRY ?? '0') ?? 1000 * 60 * 60 * 24 * 7; // 7 days default
+const expires = REFRESH_TOKEN_EXPIRY
+  ? eval(REFRESH_TOKEN_EXPIRY)
+  : 1000 * 60 * 60 * 24 * 7; // 7 days default

 // Factory function that takes mongoose instance and returns the methods
 export function createSessionMethods(mongoose: typeof import('mongoose')) {