Separate token configs

SpaceAgeMP · Mar 30, 2024 · 59cdc8e · 59cdc8e
1 parent 9b63b97
commit 59cdc8e
Showing 7 changed files with 43 additions and 35 deletions.
diff --git a/lib/space_age_api/client_auth_token.ex b/lib/space_age_api/client_auth_token.ex
@@ -0,0 +1,14 @@
+defmodule SpaceAgeApi.ClientAuthToken do
+    @moduledoc """
+    Token configuration for SpaceAge API.
+    """
+    use Joken.Config
+
+    @default_exp 30 * 60
+
+    def default_exp, do: @default_exp
+
+    def token_config do
+        default_claims(default_exp: @default_exp, aud: "https://api.spaceage.mp/v2/jwt/clientauth")
+    end
+end
diff --git a/lib/space_age_api/discord_link_token.ex b/lib/space_age_api/discord_link_token.ex
@@ -0,0 +1,14 @@
+defmodule SpaceAgeApi.DiscordLinkToken do
+    @moduledoc """
+    Token configuration for SpaceAge API.
+    """
+    use Joken.Config
+
+    @default_exp 5 * 60
+
+    def default_exp, do: @default_exp
+
+    def token_config do
+        default_claims(default_exp: @default_exp, aud: "https://api.spaceage.mp/v2/jwt/discordlink")
+    end
+end
diff --git a/lib/space_age_api/plug/authenticate.ex b/lib/space_age_api/plug/authenticate.ex
@@ -68,8 +68,8 @@ defmodule SpaceAgeApi.Plug.Authenticate do
         end
     end
     defp verify_auth_header(conn, "client", token) do
-        {ok, claims} = SpaceAgeApi.Token.verify_and_validate(token)
-        if ok == :ok and claims["aud"] == "https://api.spaceage.mp/v2/jwt/clientauth" do
+        {ok, claims} = SpaceAgeApi.ClientAuthToken.verify_and_validate(token)
+        if ok == :ok do
             steamid = claims["sub"]
             server = claims["server"]
             faction_name = claims["faction_name"]

diff --git a/lib/space_age_api/token.ex b/lib/space_age_api/token.ex
diff --git a/lib/space_age_api_web.ex b/lib/space_age_api_web.ex
@@ -37,7 +37,8 @@ defmodule SpaceAgeApiWeb do
       end
 
       def changeset_perform_upsert_by_steamid(conn, changeset, response \\ true) do
-        changeset_perform_insert(conn, changeset, response, on_conflict: {:replace_all_except, [:steamid, :inserted_at]})
+        changeset_perform_insert(conn, changeset, response,
+                                  on_conflict: {:replace_all_except, [:steamid, :inserted_at]})
       end
 
       def changeset_perform_insert(conn, changeset, response \\ true, opts \\ nil) do

diff --git a/lib/space_age_api_web/controllers/discord_controller.ex b/lib/space_age_api_web/controllers/discord_controller.ex
@@ -45,8 +45,8 @@ defmodule SpaceAgeApiWeb.DiscordController do
     })
   end
   defp handle_salink_slash_command(conn, code, user_id) do
-    {ok, claims} = SpaceAgeApi.Token.verify_and_validate(code)
-    if ok == :ok and claims["aud"] == "https://api.spaceage.mp/v2/jwt/discordlink" do
+    {ok, claims} = SpaceAgeApi.DiscordLinkToken.verify_and_validate(code)
+    if ok == :ok do
       steamid = claims["sub"]
       player = Player.get_single(steamid)
       player_ok = set_player_discord_user_id(conn, player, user_id)

diff --git a/lib/space_age_api_web/controllers/players_controller.ex b/lib/space_age_api_web/controllers/players_controller.ex
@@ -74,9 +74,9 @@ defmodule SpaceAgeApiWeb.PlayersController do
         steamid = params["steamid"]
         player = Player.get_single(steamid, [:steamid, :faction_name, :is_faction_leader])
         if player do
-            make_jwt_internal(conn, player)
+            make_clientauth_jwt_internal(conn, player)
         else
-            make_jwt_internal(conn, %{
+            make_clientauth_jwt_internal(conn, %{
                 steamid: steamid,
                 faction_name: "freelancer",
                 is_faction_leader: false,
@@ -86,7 +86,7 @@ defmodule SpaceAgeApiWeb.PlayersController do
 
     def make_discordlink_jwt(conn, params) do
         steamid = params["steamid"]
-        make_jwt_minimal_internal(conn, steamid, "https://api.spaceage.mp/v2/jwt/discordlink", 5 * 60)
+        make_discordlink_jwt_internal(conn, steamid)
     end
 
     defp get_single_show(conn, params, template, select \\ nil) do
@@ -95,13 +95,12 @@ defmodule SpaceAgeApiWeb.PlayersController do
         single_or_404(conn, template, player)
     end
 
-    defp make_jwt_minimal_internal(conn, steamid, aud, valid_time) do
+    defp make_discordlink_jwt_internal(conn, steamid) do
+        valid_time = SpaceAgeApi.DiscordLinkToken.default_exp()
         expiry = System.system_time(:second) + valid_time
 
-        jwt = SpaceAgeApi.Token.generate_and_sign!(%{
+        jwt = SpaceAgeApi.DiscordLinkToken.generate_and_sign!(%{
             sub: steamid,
-            aud: aud,
-            exp: expiry,
         })
 
         single_or_404(conn, "jwt_minimal.json", %{
@@ -112,16 +111,14 @@ defmodule SpaceAgeApiWeb.PlayersController do
         })
     end
 
-    defp make_jwt_internal(conn, player) do
-        valid_time = SpaceAgeApi.Token.default_exp()
+    defp make_clientauth_jwt_internal(conn, player) do
+        valid_time = SpaceAgeApi.ClientAuthToken.default_exp()
         expiry = System.system_time(:second) + valid_time
 
         server = conn.assigns[:auth_server]
 
-        jwt = SpaceAgeApi.Token.generate_and_sign!(%{
+        jwt = SpaceAgeApi.ClientAuthToken.generate_and_sign!(%{
             sub: player.steamid,
-            aud: "https://api.spaceage.mp/v2/jwt/clientauth",
-            exp: expiry,
             server: server.name,
             faction_name: player.faction_name,
             is_faction_leader: player.is_faction_leader,