Skip to content

Add AUTH_TOKEN_LIFETIME_SECONDS support to example app#328

Merged
0xNgoo merged 1 commit into
0xNgoo:mainfrom
spaicycookies:feat/example-auth-token-lifetime-274
Jul 1, 2026
Merged

Add AUTH_TOKEN_LIFETIME_SECONDS support to example app#328
0xNgoo merged 1 commit into
0xNgoo:mainfrom
spaicycookies:feat/example-auth-token-lifetime-274

Conversation

@spaicycookies

Copy link
Copy Markdown
Contributor

What does this PR do?

Exposes the SDK's configurable access token lifetime to the example app through an AUTH_TOKEN_LIFETIME_SECONDS env var. When unset (or invalid), the SDK default (3600s) is preserved.

How to test?

bun run test — new example/express-app AUTH_TOKEN_LIFETIME_SECONDS suites assert the default lifetime when the var is absent and 60s when it is set (decoded from the issued JWT exp/iat).

Checklist

  • My code follows the code style of this project.
  • I have added tests for my changes.
  • I have updated the documentation accordingly.
  • I have run bun run test and bun run lint locally.

Issue Reference

Closes #274

@drips-wave

drips-wave Bot commented Jun 29, 2026

Copy link
Copy Markdown

@spaicycookies Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces support for configuring the authentication token lifetime via the AUTH_TOKEN_LIFETIME_SECONDS environment variable, including corresponding integration tests. Feedback on the changes highlights duplicate dependency declarations introduced in bun.lock and suggests using Number.isInteger instead of Number.isFinite when parsing the token lifetime to prevent non-integer values from causing issues with JWT expiration claims.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread bun.lock
Comment on lines 19 to +30
"@types/bcryptjs": "^3.0.0",
"@types/bcryptjs": "^3.0.0",
"@types/better-sqlite3": "^7.6.13",
"@types/big.js": "^6.2.2",
"@types/bun": "latest",
"@types/express": "^5.0.6",
"@types/express": "^5.0.6",
"@types/jsonwebtoken": "^9.0.10",
"@types/jsonwebtoken": "^9.0.10",
"@types/node": "^25.5.0",
"@types/supertest": "^7.2.0",
"@types/supertest": "^7.2.0",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

There are duplicate dependency declarations in devDependencies (e.g., @types/bcryptjs, @types/express, @types/jsonwebtoken, and @types/supertest). This can cause parsing issues or inconsistencies in the lockfile. Please remove the duplicate entries.

        "@types/bcryptjs": "^3.0.0",
        "@types/better-sqlite3": "^7.6.13",
        "@types/big.js": "^6.2.2",
        "@types/bun": "latest",
        "@types/express": "^5.0.6",
        "@types/jsonwebtoken": "^9.0.10",
        "@types/node": "^25.5.0",
        "@types/supertest": "^7.2.0",

Comment thread bun.lock
Comment on lines 40 to +41
"supertest": "^7.2.2",
"supertest": "^7.2.2",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The dependency "supertest" is declared twice in devDependencies. Please remove the duplicate entry.

        "supertest": "^7.2.2",

Comment thread example/express-app.ts
Comment on lines +38 to +41
const parsedValue = Number(rawValue);
if (!Number.isFinite(parsedValue) || parsedValue <= 0) {
return undefined;
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The auth token lifetime is parsed as any finite number, which allows float values (e.g., 3600.5). Since JWT expiration claims (exp and iat) must be integers representing epoch seconds, allowing non-integer values can lead to issues with token generation or verification in strict JWT libraries. It is safer to enforce that the configured lifetime is a positive integer.

  const parsedValue = Number(rawValue);
  if (!Number.isInteger(parsedValue) || parsedValue <= 0) {
    return undefined;
}

@0xNgoo 0xNgoo force-pushed the feat/example-auth-token-lifetime-274 branch from 0b3d426 to 0573959 Compare July 1, 2026 14:30
@0xNgoo 0xNgoo merged commit c41818f into 0xNgoo:main Jul 1, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add AUTH_TOKEN_LIFETIME_SECONDS support to the example app

2 participants