feat(token.create): expiresIn param (#611)

Fixes vatesfr/xo-web#1769

src/api/token.js

@@ -1,12 +1,21 @@
 // TODO: Prevent token connections from creating tokens.
 // TODO: Token permission.
-export async function create () {
+export async function create ({ expiresIn }) {
-  const userId = this.session.get('user_id')
+  return (await this.createAuthenticationToken({
-  return (await this.createAuthenticationToken({userId})).id
+    expiresIn,
+    userId: this.session.get('user_id')
+  })).id
 }
 
 create.description = 'create a new authentication token'
 
+create.params = {
+  expiresIn: {
+    optional: true,
+    type: [ 'number', 'string' ]
+  }
+}
+
 create.permission = '' // sign in
 
 // -------------------------------------------------------------------

src/xo-mixins/authentication.js

@@ -1,3 +1,4 @@
+import ms from 'ms'
 import { noSuchObject } from 'xo-common/api-errors'
 import { ignoreErrors } from 'promise-toolbox'
 
@@ -151,11 +152,18 @@ export default class {
 
   // -----------------------------------------------------------------
 
-  async createAuthenticationToken ({userId}) {
+  async createAuthenticationToken ({
+    expiresIn = ONE_MONTH,
+    userId
+  }) {
     const token = new Token({
       id: await generateToken(),
       user_id: userId,
-      expiration: Date.now() + ONE_MONTH
+      expiration: Date.now() + (
+        typeof expiresIn === 'string'
+          ? ms(expiresIn)
+          : expiresIn
+      )
     })
 
     await this._tokens.add(token)