Withdrew the sessionId from the JWT.

backend/src/graphql/directive/isAuthorized.ts

@@ -13,15 +13,9 @@ const isAuthorized: AuthChecker<any> = async (
 ) => {
   if (context.token) {
     const decoded = decode(context.token)
-    if (decoded.sessionId && decoded.sessionId !== 0) {
-      const result = await apiGet(
-        `${CONFIG.LOGIN_API_URL}checkSessionState?session_id=${decoded.sessionId}`,
-      )
-      context.sessionId = decoded.sessionId
-      context.pubKey = decoded.pubKey
-      context.setHeaders.push({ key: 'token', value: encode(decoded.sessionId, decoded.pubKey) })
-      return result.success
-    }
+    context.pubKey = decoded.pubKey
+    context.setHeaders.push({ key: 'token', value: encode(decoded.pubKey) })
+    return true
   }
   throw new Error('401 Unauthorized')
 }

backend/src/jwt/decode.ts

@@ -2,27 +2,22 @@ import jwt, { JwtPayload } from 'jsonwebtoken'
 import CONFIG from '../config/'
 
 interface CustomJwtPayload extends JwtPayload {
-  sessionId: number
   pubKey: Buffer
 }
 
 type DecodedJwt = {
   token: string
-  sessionId: number
   pubKey: Buffer
 }
 
 export default (token: string): DecodedJwt => {
   if (!token) throw new Error('401 Unauthorized')
-  let sessionId = null
   let pubKey = null
   try {
     const decoded = <CustomJwtPayload>jwt.verify(token, CONFIG.JWT_SECRET)
-    sessionId = decoded.sessionId
     pubKey = decoded.pubKey
     return {
       token,
-      sessionId,
       pubKey,
     }
   } catch (err) {

backend/src/jwt/encode.ts

@@ -5,10 +5,9 @@ import jwt from 'jsonwebtoken'
 import CONFIG from '../config/'
 
 // Generate an Access Token
-export default function encode(sessionId: number, pubKey: Buffer): string {
-  const token = jwt.sign({ sessionId, pubKey }, CONFIG.JWT_SECRET, {
+export default function encode(pubKey: Buffer): string {
+  const token = jwt.sign({ pubKey }, CONFIG.JWT_SECRET, {
     expiresIn: CONFIG.JWT_EXPIRES_IN,
-    subject: sessionId.toString(),
   })
   return token
 }