Enhance JWT Token Management and Authentication Flow (#720)

- Implement extended token lifetime for "Remember Me" functionality - Add token expiration details to authentication responses - Update client-side token handling to support dynamic expiration - Modify authentication middleware to handle token initialization more robustly - Configure JWT configuration to support longer token lifetimes
2025-03-10 17:32:17 +08:00
parent 06328a47ab
commit a5162192b1
10 changed files with 63 additions and 20 deletions
--- a/api/.env.example
+++ b/api/.env.example
@@ -55,7 +55,8 @@ PUSHER_APP_CLUSTER=mt1
 MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
 MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"

-JWT_TTL=1440
+JWT_TTL=10080
+JWT_REMEMBER_TTL=43200
 JWT_SECRET=

 STRIPE_KEY=
--- a/api/app/Http/Controllers/Admin/ImpersonationController.php
+++ b/api/app/Http/Controllers/Admin/ImpersonationController.php
@@ -41,6 +41,8 @@ class ImpersonationController extends Controller

        return $this->success([
            'token' => $token,
+            'token_type' => 'bearer',
+            'expires_in' => auth()->getPayload()->get('exp') - time(),
        ]);
    }
 }
--- a/api/app/Http/Controllers/Auth/LoginController.php
+++ b/api/app/Http/Controllers/Auth/LoginController.php
@@ -30,7 +30,15 @@ class LoginController extends Controller
     */
    protected function attemptLogin(Request $request)
    {
-        $token = $this->guard()->attempt($this->credentials($request));
+        // Only set custom TTL if remember me is checked
+        $guard = $this->guard();
+
+        if ($request->remember) {
+            // Use the extended TTL from config for "Remember me"
+            $guard->setTTL(config('jwt.remember_ttl'));
+        }
+
+        $token = $guard->attempt($this->credentials($request));

        if (! $token) {
            return false;
--- a/api/config/jwt.php
+++ b/api/config/jwt.php
@@ -101,7 +101,19 @@ return [
    |
    */

-    'ttl' => (int) env('JWT_TTL', 60),
+    'ttl' => (int) env('JWT_TTL', 60 * 24 * 7),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Extended JWT time to live (Remember Me)
+    |--------------------------------------------------------------------------
+    |
+    | Specify the length of time (in minutes) that the token will be valid for
+    | when the "Remember me" option is selected. Defaults to 30 days.
+    |
+    */
+
+    'remember_ttl' => (int) env('JWT_REMEMBER_TTL', 60 * 24 * 30),

    /*
    |--------------------------------------------------------------------------