From a3c3326df91caa67ebaeac3ea03a657b91b36666 Mon Sep 17 00:00:00 2001
From: Simon Ser <contact@emersion.fr>
Date: Mon, 19 Feb 2024 15:23:41 +0100
Subject: [PATCH] Use short-lived tokens for login cookie

---
 entity.go | 6 +++---
 user.go   | 3 ++-

diff --git a/entity.go b/entity.go
index 15c99c938f18a27b8fe98c0d3d6af0face5dfc91..ae7438ff3bddd0e255f4c629c8d769f98f2b341f 100644
--- a/entity.go
+++ b/entity.go
@@ -189,14 +189,14 @@ 	IssuedAt  time.Time
 	ExpiresAt time.Time
 }
 
-func (token *AccessToken) Generate() (secret string, err error) {
+func (token *AccessToken) Generate(expiration time.Duration) (secret string, err error) {
 	secret, hash, err := generateSecret()
 	if err != nil {
 		return "", fmt.Errorf("failed to generate access token secret: %v", err)
 	}
 	token.Hash = hash
 	token.IssuedAt = time.Now()
-	token.ExpiresAt = time.Now().Add(accessTokenExpiration)
+	token.ExpiresAt = time.Now().Add(expiration)
 	return secret, nil
 }
 
@@ -206,7 +206,7 @@ 		User:   authCode.User,
 		Client: authCode.Client,
 		Scope:  authCode.Scope,
 	}
-	secret, err = token.Generate()
+	secret, err = token.Generate(accessTokenExpiration)
 	return token, secret, err
 }
 
diff --git a/user.go b/user.go
index 509955bc2ef9bccf6eee1b88a54fe8a1a0a8599b..6b9c9b44217c38a369e00b0fa15d060c20dfbe7a 100644
--- a/user.go
+++ b/user.go
@@ -5,6 +5,7 @@ 	"fmt"
 	"log"
 	"net/http"
 	"net/url"
+	"time"
 
 	"github.com/go-chi/chi/v5"
 )
@@ -126,7 +127,7 @@ 	token := AccessToken{
 		User:  user.ID,
 		Scope: internalTokenScope,
 	}
-	secret, err := token.Generate()
+	secret, err := token.Generate(4 * time.Hour)
 	if err != nil {
 		httpError(w, fmt.Errorf("failed to generate access token: %v", err))
 		return

-- 
2.48.1