feat(auth): split api-key boundary for frontend auth flow

src/auth/auth.service.ts

@@ -21,6 +21,10 @@ function signAccessToken(userId: string, email: string): string {
   return jwt.sign({ sub: userId, email }, secret, { expiresIn });
 }
 
+function getAccessTokenExpiresInSeconds(): number {
+  return parseDurationToSeconds(process.env.FABRIC_BACKEND_CENTER_JWT_ACCESS_EXPIRES_IN ?? '15m', 900);
+}
+
 function signRefreshToken(userId: string, email: string): string {
   const secret = process.env.FABRIC_BACKEND_CENTER_JWT_REFRESH_SECRET as string;
   const expiresIn = parseDurationToSeconds(process.env.FABRIC_BACKEND_CENTER_JWT_REFRESH_EXPIRES_IN ?? '30d', 2592000);
@@ -29,7 +33,7 @@ function signRefreshToken(userId: string, email: string): string {
 
 function signGuildAccessToken(userId: string, email: string, guildNodeId: string): string {
   const secret = process.env.FABRIC_BACKEND_CENTER_JWT_ACCESS_SECRET as string;
-  const expiresIn = parseDurationToSeconds(process.env.FABRIC_BACKEND_CENTER_JWT_ACCESS_EXPIRES_IN ?? '15m', 900);
+  const expiresIn = getAccessTokenExpiresInSeconds();
   return jwt.sign({ sub: userId, email, gid: guildNodeId, typ: 'guild_access' }, secret, { expiresIn });
 }
 
@@ -88,6 +92,7 @@ export class AuthService {
       guildNodeId: g.nodeId,
       token: signGuildAccessToken(userId, email, g.nodeId),
       tokenType: 'Bearer',
+      expiresIn: getAccessTokenExpiresInSeconds(),
     }));
 
     return { guilds, guildAccessTokens };
@@ -148,6 +153,7 @@ export class AuthService {
       accessToken,
       refreshToken,
       tokenType: 'Bearer',
+      expiresIn: getAccessTokenExpiresInSeconds(),
       user: {
         id: user.id,
         email: user.email,
@@ -237,6 +243,7 @@ export class AuthService {
       accessToken: newAccessToken,
       refreshToken: newRefreshToken,
       tokenType: 'Bearer',
+      expiresIn: getAccessTokenExpiresInSeconds(),
     };
   }