resolved nits

backend/src/auth/tokens.go

@@ -37,12 +37,12 @@ func CreateAccessToken(id string, role string) (*string, *errors.Error) {
 		StandardClaims: jwt.StandardClaims{
 			IssuedAt:  time.Now().Unix(),
 			Issuer:    id,
-			ExpiresAt: time.Now().Add(time.Minute * 15).Unix(),
+			ExpiresAt: time.Now().Add(time.Minute * time.Duration(settings.Auth.AcessTokenExpiry)).Unix(),
 		},
 		Role: role,
 	})
 
-	accessToken, err := SignToken(accessTokenClaims, settings.AuthSecret.AccessToken)
+	accessToken, err := SignToken(accessTokenClaims, settings.Auth.AccessToken)
 	if err != nil {
 		return nil, err
 	}
@@ -61,10 +61,10 @@ func CreateRefreshToken(id string) (*string, *errors.Error) {
 	refreshTokenClaims := jwt.NewWithClaims(jwt.SigningMethodHS256, &jwt.StandardClaims{
 		IssuedAt:  time.Now().Unix(),
 		Issuer:    id,
-		ExpiresAt: time.Now().Add(time.Hour * 24 * 30).Unix(),
+		ExpiresAt: time.Now().Add(time.Hour * 24 * time.Duration(settings.Auth.RefreshTokenExpiry)).Unix(),
 	})
 
-	refreshToken, err := SignToken(refreshTokenClaims, settings.AuthSecret.RefreshToken)
+	refreshToken, err := SignToken(refreshTokenClaims, settings.Auth.RefreshToken)
 	if err != nil {
 		return nil, err
 	}
@@ -128,7 +128,7 @@ func ParseAccessToken(cookie string) (*jwt.Token, error) {
 	var settings config.Settings
 
 	return jwt.ParseWithClaims(cookie, &types.CustomClaims{}, func(token *jwt.Token) (interface{}, error) {
-		return []byte(settings.AuthSecret.AccessToken), nil
+		return []byte(settings.Auth.AccessToken), nil
 	})
 }
 
@@ -137,7 +137,7 @@ func ParseRefreshToken(cookie string) (*jwt.Token, error) {
 	var settings config.Settings
 
 	return jwt.ParseWithClaims(cookie, &jwt.StandardClaims{}, func(token *jwt.Token) (interface{}, error) {
-		return []byte(settings.AuthSecret.RefreshToken), nil
+		return []byte(settings.Auth.RefreshToken), nil
 	})
 }
 

backend/src/config/config.go

@@ -12,7 +12,7 @@ type Settings struct {
 	Application ApplicationSettings `yaml:"application"`
 	Database    DatabaseSettings    `yaml:"database"`
 	SuperUser   SuperUserSettings   `yaml:"superuser"`
-	AuthSecret  AuthSecretSettings  `yaml:"authsecret"`
+	Auth  AuthSettings  `yaml:"authsecret"`
 }
 
 type ProductionSettings struct {
@@ -64,9 +64,11 @@ type SuperUserSettings struct {
 	Password string `yaml:"password"`
 }
 
-type AuthSecretSettings struct {
+type AuthSettings struct {
 	AccessToken string `yaml:"accesstoken"`
 	RefreshToken string `yaml:"refreshtoken"`
+	AcessTokenExpiry uint `yaml:"accesstokenexpiry"`
+	RefreshTokenExpiry uint `yaml:"refreshtokenexpiry"`
 }
 
 type Environment string
@@ -122,9 +124,21 @@ func GetConfiguration(path string) (Settings, error) {
 		superUserPrefix := fmt.Sprintf("%sSUPERUSER__", appPrefix)
 		authSecretPrefix := fmt.Sprintf("%sAUTHSECRET__", appPrefix)
 
+		authAccessExpiry := os.Getenv(fmt.Sprintf("%sACCESS_TOKEN_EXPIRY", authSecretPrefix))
+		authRefreshExpiry := os.Getenv(fmt.Sprintf("%sREFRESH_TOKEN_EXPIRY", authSecretPrefix))
+
+		authAccessExpiryInt, err := strconv.ParseUint(authAccessExpiry, 10, 16)
+		if err != nil {
+			return Settings{}, fmt.Errorf("failed to parse access token expiry: %w", err)
+		}
+
+		authRefreshExpiryInt, err := strconv.ParseUint(authRefreshExpiry, 10, 16)
+		if err != nil {
+			return Settings{}, fmt.Errorf("failed to parse refresh token expiry: %w", err)
+		}
+
 		portStr := os.Getenv(fmt.Sprintf("%sPORT", appPrefix))
 		portInt, err := strconv.ParseUint(portStr, 10, 16)
-
 		if err != nil {
 			return Settings{}, fmt.Errorf("failed to parse port: %w", err)
 		}
@@ -146,9 +160,11 @@ func GetConfiguration(path string) (Settings, error) {
 			SuperUser: SuperUserSettings{
 				Password: os.Getenv(fmt.Sprintf("%sPASSWORD", superUserPrefix)),
 			},
-			AuthSecret: AuthSecretSettings{
+			Auth: AuthSettings{
 				AccessToken: os.Getenv(fmt.Sprintf("%sACCESS_TOKEN", authSecretPrefix)),
 				RefreshToken: os.Getenv(fmt.Sprintf("%sREFRESH_TOKEN", authSecretPrefix)),
+				AcessTokenExpiry: uint(authAccessExpiryInt),
+				RefreshTokenExpiry: uint(authRefreshExpiryInt),
 			},
 		}, nil
 	}

backend/src/middleware/club.go

@@ -1,13 +1,14 @@
 package middleware
 
 import (
+	"slices"
+
 	"github.com/GenerateNU/sac/backend/src/auth"
 	"github.com/GenerateNU/sac/backend/src/errors"
 	"github.com/GenerateNU/sac/backend/src/transactions"
 	"github.com/GenerateNU/sac/backend/src/types"
 	"github.com/GenerateNU/sac/backend/src/utilities"
 	"github.com/gofiber/fiber/v2"
-	"github.com/google/uuid"
 )
 
 func (m *MiddlewareService) ClubAuthorizeById(c *fiber.Ctx) error {
@@ -38,18 +39,9 @@ func (m *MiddlewareService) ClubAuthorizeById(c *fiber.Ctx) error {
 	}
 
 	// check issuerID against the list of admin for the certain club
-	if ContainsUUID(clubAdmin, *issuerUUID) {
+	if slices.Contains(clubAdmin, *issuerUUID) {
 		return c.Next()
 	}
 
 	return errors.Unauthorized.FiberError(c)
-}
-
-func ContainsUUID(uuids []uuid.UUID, targetUUID uuid.UUID) bool {
-	for _, uuid := range uuids {
-		if uuid.String() == targetUUID.String() {
-			return true
-		}
-	}
-	return false
 }

backend/src/models/membership.go

@@ -22,8 +22,9 @@ type Membership struct {
 
 	UserID         uuid.UUID       `gorm:"type:uuid;not null" json:"user_id" validate:"required,uuid4"`
 	ClubID         uuid.UUID       `gorm:"type:uuid;not null" json:"club_id" validate:"required,uuid4"`
-	MembershipType MembershipType `gorm:"type:varchar(255);not null;default:member" json:"membership_type" validate:"required,oneof=member admin"`
-
+
 	Club *Club `gorm:"constraint:OnUpdate:CASCADE,OnDelete:CASCADE;" json:"-" validate:"-"`
 	User *User `gorm:"constraint:OnUpdate:CASCADE,OnDelete:CASCADE;" json:"-" validate:"-"`
+
+	MembershipType MembershipType `gorm:"type:varchar(255);not null;default:member" json:"membership_type" validate:"required,oneof=member admin"`
 }

config/local.yml

@@ -11,6 +11,8 @@ database:
   requiressl: false
 superuser:
   password: password
-authsecret:
+auth:
   accesstoken: g(r|##*?>\Qp}h37e+,T2
-  refreshtoken: amk*2!gG}1i"8D9RwJS$p
+  accesstokenexpiry: 60 # in minutes
+  refreshtoken: amk*2!gG}1i"8D9RwJS$p
+  refreshtokenexpiry: 30 # in days