ToDo.yaml

@@ -1,6 +1,5 @@
 Server:
     Auth:
-        Make sure autorenew works
         Make sure rate limiting isnt being broken by cloudflare
 
     Auth-Key-Value-Storage:

src/Server/Entities/JWT.cs

@@ -0,0 +1,5 @@
+namespace BoredCareers.Entities {
+    public class JWTRenewRequest {
+        public string JWT { get; set; } = "";
+    }
+}

src/Server/Program.cs

@@ -9,6 +9,7 @@ using Microsoft.IdentityModel.Tokens;
 using System.IdentityModel.Tokens.Jwt;
 using System.Security.Cryptography;
 using BoredCareers.Services.TimerService;
+using BoredCareers.Entities;
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -110,6 +111,7 @@ using (HttpClient client = new HttpClient()) {
     Console.WriteLine("PublicKey loaded");
 }
 
+// Pull JWT out of cookie for auth
 builder.Services.AddAuthentication(options => {
     options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
     options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
@@ -196,29 +198,35 @@ app.UseRouting();
 
 app.UseAuthentication();
 
+// Autorenew JWT about to expire
 app.Use(async (context, next) =>{
     ClaimsPrincipal user = context.User;
     if (user.Identity?.IsAuthenticated == true) {
         string? token = context.Request.Cookies["mistox_session"];
-        Claim? expClaim = user.FindFirst(JwtRegisteredClaimNames.Exp);
+        Claim? staySignedIn = user.FindFirst(ClaimTypes.IsPersistent);
+        if (staySignedIn != null && bool.TryParse(staySignedIn.Value, out bool sli) && sli == true) {
+            Claim? expClaim = user.FindFirst(ClaimTypes.Expiration);
             if (expClaim != null && long.TryParse(expClaim.Value, out long expUnix)) {
                 DateTimeOffset expTime = DateTimeOffset.FromUnixTimeSeconds(expUnix);
-            if ((expTime - DateTimeOffset.UtcNow) < TimeSpan.FromMinutes(2)) {
-                IHttpClientFactory clientFactory = context.RequestServices.GetRequiredService<IHttpClientFactory>();
-                HttpClient client = clientFactory.CreateClient();
-                HttpResponseMessage response = await client.PostAsync("https://auth.mistox.com/api/auth/renew", new StringContent(token));
+                if ((expTime - DateTimeOffset.UtcNow) < TimeSpan.FromDays(3)) {
+                    using (HttpClient client = new HttpClient()) {
+                        HttpResponseMessage response = await client.PostAsJsonAsync("https://auth.mistox.com/api/auth/renew", new JWTRenewRequest() { JWT = token });
                         if (response.IsSuccessStatusCode) {
                             string newJwt = await response.Content.ReadAsStringAsync();
                             context.Response.Cookies.Append("mistox_session", newJwt, new CookieOptions {
                                 HttpOnly = true,
                                 Secure = true,
                                 SameSite = SameSiteMode.Strict,
-                        Expires = DateTimeOffset.UtcNow.AddYears(1)
+                                Expires = DateTimeOffset.UtcNow.AddYears(3)
                             });
                         }
                     }
                 }
             }
+        }
+    } else {
+        context.Response.Cookies.Delete("mistox_session");
+    }
 
     await next();
 });