Fix up detekt etc

Author: chrissearle

backend/src/main/kotlin/no/java/cupcake/plugins/Security.kt

@@ -21,6 +21,7 @@ import io.ktor.server.auth.oauth
 import io.ktor.server.auth.principal
 import io.ktor.server.response.respond
 import io.ktor.server.routing.Routing
+import io.ktor.server.routing.RoutingContext
 import io.ktor.server.routing.get
 import io.ktor.server.routing.post
 import io.ktor.server.routing.routing
@@ -37,14 +38,15 @@ import no.java.cupcake.slack.SlackService
 import no.java.cupcake.slack.SlackUser
 import java.time.ZonedDateTime
 import java.util.Date
+import kotlin.time.Duration
 import kotlin.time.Duration.Companion.hours
 import kotlin.time.Duration.Companion.minutes
 import kotlin.time.Duration.Companion.seconds
 
 private const val SLACK_AUTH = "slack-oauth"
 const val JWT_AUTH = "jwt-oauth"
 
-private val idTokenLifetime = 8.hours.inWholeMilliseconds
+private val idTokenLifetime = 8.hours
 
 private fun Map<String, Claim>.str(
     key: String,
@@ -75,7 +77,7 @@ fun buildIdToken(
         .withClaim("name", userInfo.name)
         .withClaim("email", userInfo.email)
         .withClaim("avatar", userInfo.avatar)
-        .withExpiresAt(Date(System.currentTimeMillis() + idTokenLifetime))
+        .withExpiresAt(Date(System.currentTimeMillis() + idTokenLifetime.inWholeMilliseconds))
         .sign(Algorithm.HMAC256(jwtConfig.secret))
 
 fun buildAccessToken(
@@ -112,10 +114,10 @@ fun buildRefreshToken(
             ),
         ).sign(Algorithm.HMAC256(jwtConfig.secret))
 
-private fun ZonedDateTime.cookieExpiry(seconds: Long) =
+private fun ZonedDateTime.cookieExpiry(duration: Duration) =
     GMTDate(
         this
-            .plusSeconds(seconds)
+            .plusSeconds(duration.inWholeSeconds)
             .toEpochSecond()
             .seconds.inWholeMilliseconds,
     )
@@ -174,6 +176,29 @@ fun Application.configureSecurity(
     }
 }
 
+private fun RoutingContext.setSessionCookies(
+    jwtConfig: JwtConfig,
+    slackId: String,
+) {
+    val now = ZonedDateTime.now()
+    val accessToken = buildAccessToken(jwtConfig = jwtConfig, slackId = slackId)
+    val refreshToken = buildRefreshToken(jwtConfig = jwtConfig, slackId = slackId)
+
+    call.response.cookies.append(
+        name = "access_token",
+        value = accessToken,
+        path = "/",
+        expires = now.cookieExpiry(jwtConfig.accessTokenLifetimeMinutes.minutes),
+    )
+    call.response.cookies.append(
+        name = "refresh_token",
+        value = refreshToken,
+        path = "/",
+        httpOnly = true,
+        expires = now.cookieExpiry(jwtConfig.refreshTokenLifetimeMinutes.minutes),
+    )
+}
+
 private fun Routing.configureAuthRouting(
     slackService: SlackService,
     redirect: String,
@@ -214,32 +239,16 @@ private fun Routing.configureAuthRouting(
                 }
 
                 val user = claims.toSlackUser(userId, true)
-                val now = ZonedDateTime.now()
-
-                val idToken = buildIdToken(jwtConfig = jwtConfig, userInfo = user)
-                val accessToken = buildAccessToken(jwtConfig = jwtConfig, slackId = userId)
-                val refreshToken = buildRefreshToken(jwtConfig = jwtConfig, slackId = userId)
 
                 call.response.cookies.append(
                     name = "id_token",
-                    value = idToken,
-                    path = "/",
-                    expires = now.cookieExpiry(idTokenLifetime / 1000),
-                )
-                call.response.cookies.append(
-                    name = "access_token",
-                    value = accessToken,
+                    value = buildIdToken(jwtConfig = jwtConfig, userInfo = user),
                     path = "/",
-                    expires = now.cookieExpiry(jwtConfig.accessTokenLifetimeMinutes * 60),
-                )
-                call.response.cookies.append(
-                    name = "refresh_token",
-                    value = refreshToken,
-                    path = "/",
-                    httpOnly = true,
-                    expires = now.cookieExpiry(jwtConfig.refreshTokenLifetimeMinutes * 60),
+                    expires = ZonedDateTime.now().cookieExpiry(idTokenLifetime),
                 )
 
+                setSessionCookies(jwtConfig, userId)
+
                 // Expire old user_session cookie
                 call.response.cookies.append(
                     name = "user_session",
@@ -253,6 +262,13 @@ private fun Routing.configureAuthRouting(
         }
     }
 
+    refreshRouting(jwtVerifier, jwtConfig)
+}
+
+private fun Routing.refreshRouting(
+    jwtVerifier: JWTVerifier,
+    jwtConfig: JwtConfig,
+) {
     post("/refresh") {
         val refreshCookie = call.request.cookies["refresh_token"]
 
@@ -271,23 +287,7 @@ private fun Routing.configureAuthRouting(
                 return@post
             }
 
-            val now = ZonedDateTime.now()
-            val newAccessToken = buildAccessToken(jwtConfig = jwtConfig, slackId = slackId)
-            val newRefreshToken = buildRefreshToken(jwtConfig = jwtConfig, slackId = slackId)
-
-            call.response.cookies.append(
-                name = "access_token",
-                value = newAccessToken,
-                path = "/",
-                expires = now.cookieExpiry(jwtConfig.accessTokenLifetimeMinutes * 60),
-            )
-            call.response.cookies.append(
-                name = "refresh_token",
-                value = newRefreshToken,
-                path = "/",
-                httpOnly = true,
-                expires = now.cookieExpiry(jwtConfig.refreshTokenLifetimeMinutes * 60),
-            )
+            setSessionCookies(jwtConfig, slackId)
 
             call.respond(HttpStatusCode.OK, mapOf("status" to "refreshed"))
         } catch (_: Exception) {