chore: make cookie expiration same as jwt (#1554)

* chore: make cookie expiration same as jwt

* fix: update package-lock

* chore: remove package-lock.json

---------

Co-authored-by: BrickheadJohnny <[email protected]>

package.json

@@ -31,6 +31,7 @@
     "clsx": "^2.1.1",
     "foxact": "^0.2.41",
     "jotai": "^2.10.2",
+    "jwt-decode": "^4.0.0",
     "next": "15.0.3",
     "next-themes": "^0.4.3",
     "react": "19.0.0-rc-66855b96-20241106",

src/actions/auth.ts

@@ -2,6 +2,7 @@
 
 import { GUILD_AUTH_COOKIE_NAME } from "@/config/constants";
 import { env } from "@/lib/env";
+import { jwtDecode } from "jwt-decode";
 import { cookies } from "next/headers";
 import { redirect } from "next/navigation";
 import { z } from "zod";
@@ -12,6 +13,12 @@ const authSchema = z.object({
   userId: z.string().uuid(),
 });
 
+const tokenSchema = z.object({
+  userId: z.string().uuid(),
+  exp: z.number().positive().int(),
+  iat: z.number().positive().int(),
+});
+
 export const signIn = async ({
   message,
   signature,
@@ -38,26 +45,23 @@ export const signIn = async ({
     requestInit,
   );
 
+  let json: unknown;
   if (signInRes.status === 401) {
     const registerRes = await fetch(
       `${env.NEXT_PUBLIC_API}/auth/siwe/register`,
       requestInit,
     );
-    const json = await registerRes.json();
-
-    const registerData = authSchema.parse(json);
-    cookieStore.set(GUILD_AUTH_COOKIE_NAME, registerData.token);
-
-    return registerData;
+    json = await registerRes.json();
+  } else {
+    json = await signInRes.json();
   }
+  const authData = authSchema.parse(json);
+  const { exp } = tokenSchema.parse(jwtDecode(authData.token));
 
-  const json = await signInRes.json();
-
-  const signInData = authSchema.parse(json);
-
-  cookieStore.set(GUILD_AUTH_COOKIE_NAME, signInData.token);
-
-  return signInData;
+  cookieStore.set(GUILD_AUTH_COOKIE_NAME, authData.token, {
+    expires: new Date(exp * 1000),
+  });
+  return authData;
 };
 
 export const signOut = async (redirectTo?: string) => {