Improve JWT tokens expiration

- Reduce access tokens TTL to 15 minutes
- Set refresh tokens TTL to 60 days
- Set Guardian.DB to only track refresh tokens
- Remove refresh token when logging out

Closes #710 #705 #706

Signed-off-by: Thomas Citharel <tcit@tcit.fr>

js/src/graphql/auth.ts

@@ -46,3 +46,9 @@ export const REFRESH_TOKEN = gql`
     }
   }
 `;
+
+export const LOGOUT = gql`
+  mutation Logout($refreshToken: String!) {
+    logout(refreshToken: $refreshToken)
+  }
+`;

js/src/utils/auth.ts

@@ -14,6 +14,7 @@ import { IPerson } from "@/types/actor";
 import { IDENTITIES, UPDATE_CURRENT_ACTOR_CLIENT } from "@/graphql/actor";
 import { ICurrentUserRole } from "@/types/enums";
 import { NormalizedCacheObject } from "@apollo/client/cache/inmemory/types";
+import { LOGOUT } from "@/graphql/auth";
 
 export function saveTokenData(obj: IToken): void {
   localStorage.setItem(AUTH_ACCESS_TOKEN, obj.accessToken);
@@ -96,6 +97,13 @@ export async function initializeCurrentActor(
 export async function logout(
   apollo: ApolloClient<NormalizedCacheObject>
 ): Promise<void> {
+  await apollo.mutate({
+    mutation: LOGOUT,
+    variables: {
+      refreshToken: localStorage.getItem(AUTH_REFRESH_TOKEN),
+    },
+  });
+
   await apollo.mutate({
     mutation: UPDATE_CURRENT_USER_CLIENT,
     variables: {

js/src/views/Settings/Notifications.vue

@@ -385,7 +385,7 @@ export default class Notifications extends Vue {
   private async isSubscribed(): Promise<boolean> {
     if (!("serviceWorker" in navigator)) return Promise.resolve(false);
     const registration = await navigator.serviceWorker.getRegistration();
-    return (await registration?.pushManager.getSubscription()) !== null;
+    return (await registration?.pushManager.getSubscription()) != null;
   }
 
   private async deleteFeedToken(token: string): Promise<void> {