devbeni/funcode2.0
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: ensure token expiration times are based on server time from the database

Browse Source
This commit is contained in:
devbeni
2025-09-19 19:55:07 +02:00
parent 05fc2496d7
commit eca7510eb8
1 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/api/socketio/route.js
View File

@@ -63,13 +63,16 @@ async function evaluateQueue(eventId, io) {
const next = ev.queue.shift() const next = ev.queue.shift()
if (!next) break if (!next) break
// sign token // Get database time for consistency
const expiresAt = new Date(Date.now() + TOKEN_TTL_SECONDS * 1000) const [timeRows] = await connection.execute('SELECT NOW() as db_time')
const dbTime = new Date(timeRows[0].db_time)
const expiresAt = new Date(dbTime.getTime() + TOKEN_TTL_SECONDS * 1000)
const token = jwt.sign({ sid: next, eventId }, process.env.JWT_SECRET || "dev-secret", { const token = jwt.sign({ sid: next, eventId }, process.env.JWT_SECRET || "dev-secret", {
expiresIn: TOKEN_TTL_SECONDS, expiresIn: TOKEN_TTL_SECONDS,
}) })
console.log(`Creating token for ${next.substring(0, 8)}: expires at ${expiresAt.toISOString()}, TTL: ${TOKEN_TTL_SECONDS}s`) console.log(`Creating queued token for ${next.substring(0, 8)}: DB time ${dbTime.toISOString()}, expires at ${expiresAt.toISOString()}, TTL: ${TOKEN_TTL_SECONDS}s`)
ev.active.add(next) ev.active.add(next)
@@ -275,8 +278,13 @@ export async function GET(req) {
// If queue is NOT active and user doesn't have access, grant it immediately // If queue is NOT active and user doesn't have access, grant it immediately
if (!ev.queueOn && !ev.active.has(socket.id)) { if (!ev.queueOn && !ev.active.has(socket.id)) {
console.log(`Granting immediate access to ${socket.id.substring(0, 8)} (under threshold)`) console.log(`Granting immediate access to ${socket.id.substring(0, 8)} (under threshold)`)
const expiresAt = new Date(Date.now() + TOKEN_TTL_SECONDS * 1000)
console.log(`Creating immediate token: expires at ${expiresAt.toISOString()}, TTL: ${TOKEN_TTL_SECONDS}s`) // Get server time from database to ensure consistency
const [timeRows] = await connection.execute('SELECT NOW() as db_time')
const dbTime = new Date(timeRows[0].db_time)
const expiresAt = new Date(dbTime.getTime() + TOKEN_TTL_SECONDS * 1000)
console.log(`DB time: ${dbTime.toISOString()}, Token expires: ${expiresAt.toISOString()}, TTL: ${TOKEN_TTL_SECONDS}s`)
const token = jwt.sign({ sid: socket.id, eventId }, process.env.JWT_SECRET || "dev-secret", { const token = jwt.sign({ sid: socket.id, eventId }, process.env.JWT_SECRET || "dev-secret", {
expiresIn: TOKEN_TTL_SECONDS, expiresIn: TOKEN_TTL_SECONDS,