From d874b450b4f0b368cd99b80469e96c4e7776c4c8 Mon Sep 17 00:00:00 2001
From: mohitsinhchavda <mohit.chavda1997@gmail.com>
Date: Fri, 18 Oct 2024 15:38:05 +0530
Subject: [PATCH] added 2 checks for the function. 1. exp check for
 iaAuthenticatedFactory function 2. issuer check, both are to determine the
 token is expired or not

---
 src/session/isAuthenticated.js | 41 +++++++++++++++++++++++++++++++---
 1 file changed, 38 insertions(+), 3 deletions(-)

diff --git a/src/session/isAuthenticated.js b/src/session/isAuthenticated.js
index d3f3e992..ecc4dc3a 100644
--- a/src/session/isAuthenticated.js
+++ b/src/session/isAuthenticated.js
@@ -1,4 +1,6 @@
-import {getUserFactory} from './getUser';
+import { removeTrailingSlash } from '../utils/removeTrailingSlash';
+import { getUserFactory } from './getUser';
+import jwtDecode from 'jwt-decode';
 
 /**
  *
@@ -8,5 +10,38 @@ import {getUserFactory} from './getUser';
  */
 export const isAuthenticatedFactory = (req, res) => async () => {
   const user = await getUserFactory(req, res)();
-  return Boolean(user);
-};
+  
+  if (!user) {
+    return false;
+  }
+
+  const token = req.headers.authorization?.split(' ')[1];
+  if (!token) {
+    return false;
+  }
+
+  try {
+    const decoded = jwtDecode(token);
+    if (!decoded) {
+      return false;
+    }
+
+    const { exp, iss } = decoded;
+    const currentTime = Math.floor(Date.now() / 1000);
+
+    // Check expiration
+    if (exp < currentTime) {
+      return false;
+    }
+
+    // Verify issuer
+    if (iss !== removeTrailingSlash(process.env.KINDE_ISSUER_URL)) {
+      return false;
+    }
+
+    return true;
+  } catch (error) {
+    console.error('Token decoding failed:', error);
+    return false;
+  }
+};
\ No newline at end of file