@rmdes/indiekit-endpoint-activitypub 3.12.3 → 3.12.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/lib/mastodon/routes/oauth.js +4 -8
  2. package/package.json +1 -1
package/lib/mastodon/routes/oauth.js CHANGED
@@ -467,7 +467,6 @@ router.post("/oauth/token", async (req, res, next) => {
467
467
  accessToken,
468
468
  createdAt: new Date(),
469
469
  grantType: "client_credentials",
470
- expiresAt: new Date(Date.now() + 3600 * 1000),
471
470
  });
472
471
 
473
472
  return res.json({
@@ -475,7 +474,6 @@ router.post("/oauth/token", async (req, res, next) => {
475
474
  token_type: "Bearer",
476
475
  scope: "read",
477
476
  created_at: Math.floor(Date.now() / 1000),
478
- expires_in: 3600,
479
477
  });
480
478
  }
481
479
 
@@ -510,9 +508,9 @@ router.post("/oauth/token", async (req, res, next) => {
510
508
  $set: {
511
509
  accessToken: newAccessToken,
512
510
  refreshToken: newRefreshToken,
513
- expiresAt: new Date(Date.now() + 3600 * 1000),
514
511
  refreshExpiresAt: new Date(Date.now() + 90 * 24 * 3600 * 1000),
515
512
  },
513
+ $unset: { expiresAt: "" },
516
514
  },
517
515
  );
518
516
 
@@ -522,7 +520,6 @@ router.post("/oauth/token", async (req, res, next) => {
522
520
  scope: existing.scopes.join(" "),
523
521
  created_at: Math.floor(existing.createdAt.getTime() / 1000),
524
522
  refresh_token: newRefreshToken,
525
- expires_in: 3600,
526
523
  });
527
524
  }
528
525
 
@@ -590,8 +587,9 @@ router.post("/oauth/token", async (req, res, next) => {
590
587
  }
591
588
  }
592
589
 
593
- // Generate access token and refresh token with expiry.
594
- const ACCESS_TOKEN_TTL = 3600 * 1000; // 1 hour
590
+ // Generate access token and refresh token.
591
+ // Access tokens do not expire (matching Mastodon behavior — valid until revoked).
592
+ // Refresh tokens expire after 90 days as a safety measure.
595
593
  const REFRESH_TOKEN_TTL = 90 * 24 * 3600 * 1000; // 90 days
596
594
  const accessToken = randomHex(64);
597
595
  const refreshToken = randomHex(64);
@@ -601,7 +599,6 @@ router.post("/oauth/token", async (req, res, next) => {
601
599
  $set: {
602
600
  accessToken,
603
601
  refreshToken,
604
- expiresAt: new Date(Date.now() + ACCESS_TOKEN_TTL),
605
602
  refreshExpiresAt: new Date(Date.now() + REFRESH_TOKEN_TTL),
606
603
  },
607
604
  },
@@ -613,7 +610,6 @@ router.post("/oauth/token", async (req, res, next) => {
613
610
  scope: grant.scopes.join(" "),
614
611
  created_at: Math.floor(grant.createdAt.getTime() / 1000),
615
612
  refresh_token: refreshToken,
616
- expires_in: 3600,
617
613
  });
618
614
  } catch (error) {
619
615
  next(error);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@rmdes/indiekit-endpoint-activitypub",
3
- "version": "3.12.3",
3
+ "version": "3.12.4",
4
4
  "description": "ActivityPub federation endpoint for Indiekit via Fedify. Adds full fediverse support: actor, inbox, outbox, followers, following, syndication, and Mastodon migration.",
5
5
  "keywords": [
6
6
  "indiekit",