feat: add cooldown to refresh token security (#1736)

2023-09-27 15:03:50 +02:00
parent 96865b0fec
commit a4cde44b13
5 changed files with 30 additions and 13 deletions
--- a/server/src/integrations/environment/environment.service.ts
+++ b/server/src/integrations/environment/environment.service.ts
@ -61,6 +61,10 @@ export class EnvironmentService {
    return this.configService.get<string>('REFRESH_TOKEN_EXPIRES_IN') ?? '90d';
  }

+  getRefreshTokenCoolDown(): string {
+    return this.configService.get<string>('REFRESH_TOKEN_COOL_DOWN') ?? '1m';
+  }
+
  getLoginTokenSecret(): string {
    return this.configService.get<string>('LOGIN_TOKEN_SECRET')!;
  }
--- a/server/src/integrations/environment/environment.validation.ts
+++ b/server/src/integrations/environment/environment.validation.ts
@ -76,6 +76,9 @@ export class EnvironmentVariables {
  @IsDuration()
  @IsOptional()
  REFRESH_TOKEN_EXPIRES_IN: string;
+  @IsDuration()
+  @IsOptional()
+  REFRESH_TOKEN_COOL_DOWN: string;

  @IsString()
  LOGIN_TOKEN_SECRET: string;