add token expiry validation

Author: VeryBigSad

chats/middleware.py

@@ -108,7 +108,7 @@ async def __call__(self, scope, receive, send):
         # Look up user from query string
 
         # TODO: (you should also do things like
-        #  checking if it is a valid user ID, or if scope["user"] is already
+        #  checking if it is a valid user ID, or if scope["user" ] is already
         #  populated).
 
         query_string = scope["query_string"].decode()

procollab/settings.py

@@ -82,7 +82,7 @@
     "rest_framework_simplejwt",
     "rest_framework_simplejwt.token_blacklist",
     "django_cleanup.apps.CleanupConfig",
-    "rest_framework.authtoken",
+    # "rest_framework.authtoken",
     # Plugins
     "corsheaders",
     "django_filters",
@@ -262,7 +262,7 @@
     "UPDATE_LAST_LOGIN": False,
     "ALGORITHM": "HS256",
     "SIGNING_KEY": SECRET_KEY,
-    "VERIFYING_KEY": None,
+    "VERIFYING_KEY": True,
     "AUDIENCE": None,
     "ISSUER": None,
     "JWK_URL": None,
@@ -283,7 +283,7 @@
 }
 
 if DEBUG:
-    SIMPLE_JWT["ACCESS_TOKEN_LIFETIME"] = timedelta(weeks=1)
+    SIMPLE_JWT["ACCESS_TOKEN_LIFETIME"] = timedelta(seconds=30)
 
 SESSION_COOKIE_SECURE = False