Refresh dashboard authentication on every API call and every 15 minutes

backend/src/api/auth.ts

@@ -86,6 +86,7 @@ export function initAuth(app: express.Express) {
 
       const userId = await apiLogins.getUserIdByApiKey(apiKey);
       if (userId) {
+        void apiLogins.refreshApiKeyExpiryTime(apiKey); // Refresh expiry time in the background
         return cb(null, { apiKey, userId });
       }
 
@@ -154,6 +155,12 @@ export function initAuth(app: express.Express) {
     await apiLogins.expireApiKey(req.user!.apiKey);
     return ok(res);
   });
+
+  // API route to refresh the given API token's expiry time
+  // The actual refreshing happens in the api-token passport strategy above, so we just return 200 OK here
+  app.post("/auth/refresh", ...apiTokenAuthHandlers(), (req, res) => {
+    return ok(res);
+  });
 }
 
 export function apiTokenAuthHandlers() {

backend/src/data/ApiLogins.ts

@@ -5,7 +5,9 @@ import crypto from "crypto";
 import moment from "moment-timezone";
 // tslint:disable-next-line:no-submodule-imports
 import uuidv4 from "uuid/v4";
-import { DBDateFormat } from "../utils";
+import { DAYS, DBDateFormat } from "../utils";
+
+const LOGIN_EXPIRY_TIME = 1 * DAYS;
 
 export class ApiLogins extends BaseRepository {
   private apiLogins: Repository<ApiLogin>;
@@ -68,7 +70,7 @@ export class ApiLogins extends BaseRepository {
       logged_in_at: moment.utc().format(DBDateFormat),
       expires_at: moment
         .utc()
-        .add(1, "day")
+        .add(LOGIN_EXPIRY_TIME, "ms")
         .format(DBDateFormat),
     });
 
@@ -86,4 +88,19 @@ export class ApiLogins extends BaseRepository {
       },
     );
   }
+
+  async refreshApiKeyExpiryTime(apiKey) {
+    const [loginId, token] = apiKey.split(".");
+    if (!loginId || !token) return;
+
+    await this.apiLogins.update(
+      { id: loginId },
+      {
+        expires_at: moment()
+          .utc()
+          .add(LOGIN_EXPIRY_TIME, "ms")
+          .format(DBDateFormat),
+      },
+    );
+  }
 }