fix: verify token expired (#2)

* fix: verify token expired

* debug condition

* debug

* debug

* debug

* fix typo

* fix condition

* debug

---------

Co-authored-by: Andrea Cecchi <andrea.cecchi85@gmail.com>

Author: mamico

src/index.js

@@ -40,9 +40,19 @@ const applyConfig = (config) => {
         }
         if (token && settings?.userHeaderName) {
           const user = req.get(settings.userHeaderName);
-          if (user && jwtDecode(token).sub !== user) {
+          // require auth if:
+          // - header user is different from token user
+          // - token has no expiration
+          // - token is expired
+          console.log("USER: ", user);
+          console.log("TOKEN: ", jwtDecode(token));
+          console.log("TOKEN SCADUTO: ", jwtDecode(token).exp < Date.now() / 1000);
+          console.log("CONDIZIONE: ", ((user && jwtDecode(token).sub !== user) || !jwtDecode(token).exp || jwtDecode(token).exp < Date.now() / 1000));
+          if ((user && jwtDecode(token).sub !== user) || !jwtDecode(token).exp || jwtDecode(token).exp < Date.now() / 1000){
+            // TODO: eventually add base_url to a relative settings.loginUrl
             return res.redirect(`${settings.loginUrl}?came_from=${req.url}`);
           }
+
         }
       }
       return next();