feature: include Last-Modified and Expires headers when returning an …

…auth token This will make it easier for clients to keep using the same auth token for its full lifetime. see also joyent/conch-ui#179
joyent · Dec 12, 2019 · 532b876 · 532b876
1 parent 838480d
commit 532b876
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 1 deletion.
diff --git a/lib/Conch/Controller/Login.pm b/lib/Conch/Controller/Login.pm
@@ -38,6 +38,9 @@ sub _respond_with_jwt ($c, $user_id, $expires_delta = undef) {
     );
 
     return if $c->res->code;
+
+    $c->res->headers->last_modified(Mojo::Date->new($session_token->created->epoch));
+    $c->res->headers->expires(Mojo::Date->new($session_token->expires->epoch));
     return $c->status(200, { jwt_token => $jwt });
 }
 
@@ -220,6 +223,8 @@ sub session_login ($c) {
         ->search({ user_id => $c->stash('user_id') })
         ->search(\[ '(expires - now()) >= (now() - created)' ]);
     if (my $token = $token_rs->order_by({ -desc => 'created' })->rows(1)->single) {
+        $c->res->headers->last_modified(Mojo::Date->new($token->created->epoch));
+        $c->res->headers->expires(Mojo::Date->new($token->expires->epoch));
         return $c->status(200, { jwt_token => $c->generate_jwt_from_token($token) });
     }
 

diff --git a/lib/Conch/Controller/User.pm b/lib/Conch/Controller/User.pm
@@ -615,6 +615,8 @@ sub create_api_token ($c) {
     my ($token, $jwt) = $c->generate_jwt($user->id, $expires_abs, $input->{name});
     return if $c->res->code;
 
+    $c->res->headers->last_modified(Mojo::Date->new($token->created->epoch));
+    $c->res->headers->expires(Mojo::Date->new($token->expires->epoch));
     $c->res->headers->location($c->url_for('/user/'
         .($user->id eq $c->stash('user_id') ? 'me' : $user->id)
         .'/token/'.$input->{name}));

diff --git a/t/integration/users.t b/t/integration/users.t
@@ -355,7 +355,11 @@ subtest 'Log out' => sub {
 
 subtest 'JWT authentication' => sub {
     $t->authenticate(email => $ro_user->email, bailout => 0)
-        ->json_has('/jwt_token');
+        ->status_is(200)
+        ->header_exists('Last-Modified')
+        ->header_exists('Expires')
+        ->json_schema_is('Login')
+        ->json_cmp_deeply({ jwt_token => re(qr/\..*\./) });
 
     my $jwt_token = $t->tx->res->json->{jwt_token};
 
@@ -617,11 +621,15 @@ subtest 'modify another user' => sub {
     $t2->get_ok('/me')->status_is(204);
 
     $t2->post_ok('/user/me/token', json => { name => 'my api token' })
+        ->header_exists('Last-Modified')
+        ->header_exists('Expires')
         ->status_is(201)
         ->location_is('/user/me/token/my api token');
     my $api_token = $t2->tx->res->json->{token};
 
     $t2->post_ok('/user/me/token', json => { name => 'my second api token' })
+        ->header_exists('Last-Modified')
+        ->header_exists('Expires')
         ->status_is(201)
         ->location_is('/user/me/token/my second api token');