updates to support IndieAuth spec 20220212 metadata and issuer

[squeep-authentication-module] / lib / authenticator.js

diff --git a/lib/authenticator.js b/lib/authenticator.js
index 1cff2108f309e2ac51245070281e0ec346f6168c..c388ee883c60bb0fa79380696b87b9894528d209 100644 (file)
--- a/lib/authenticator.js
+++ b/lib/authenticator.js
@@ -20,6 +20,7 @@ class Authenticator {
    * @param {Boolean} options.authenticator.secureAuthOnly
    * @param {String[]} options.authenticator.forbiddenPAMIdentifiers
    * @param {String[]} options.authenticator.authnEnabled
+   * @param {Number=} options.authenticator.inactiveSessionLifespanSeconds
    * @param {String[]=} options.authenticator.loginBlurb
    * @param {String[]=} options.authenticator.indieAuthBlurb
    * @param {String[]=} options.authenticator.userBlurb
@@ -51,6 +52,8 @@ class Authenticator {
     }
 
     this.mysteryBox = new MysteryBox(logger, options);
+
+    this.cookieLifespan = options.authenticator.inactiveSessionLifespanSeconds || 60 * 60 * 24 * 32;
   }
 
 
@@ -259,6 +262,17 @@ class Authenticator {
     &&  (ctx.session.authenticatedIdentifier
          || (profilesAllowed && ctx.session.authenticatedProfile))) {
       this.logger.debug(_scope, 'valid session cookie', { ctx });
+      // Refresh timeout on valid session.
+      const cookieParts = [
+        sessionCookie,
+        'HttpOnly',
+        `Path=${this.options.dingus.proxyPrefix}/`,
+        `Max-Age=${this.cookieLifespan}`,
+      ];
+      if (this.options.authenticator.secureAuthOnly) {
+        cookieParts.push('Secure');
+      }
+      res.setHeader(Enum.Header.SetCookie, cookieParts.join('; '));
       return true;
     }