richard
/
wiki
mirror of https://github.com/Requarks/wiki.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

fix: revalidate tokens created prior to server startup

pull/2117/head
NGPixel 4 years ago
parent
92b29d1f06
commit
98f21b9f6a
2 changed files with 14 additions and 9 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 19
      server/core/auth.js
  2. 4
      server/index.js

19
server/core/auth.js
View File

@ -115,27 +115,30 @@ module.exports = {
let mustRevalidate = false
// Expired but still valid within N days, just renew
if (info instanceof Error && info.name === 'TokenExpiredError' && DateTime.utc().minus(ms(WIKI.config.auth.tokenRenewal)) < DateTime.fromSeconds(info.expiredAt)) {
if (info instanceof Error && info.name === 'TokenExpiredError' && DateTime.utc().minus(ms(WIKI.config.auth.tokenRenewal)) < DateTime.fromISO(info.expiredAt)) {
mustRevalidate = true
}
// Check if user / group is in revokation list
if (user) {
if (user && !mustRevalidate) {
const uRevalidate = WIKI.auth.revokationList.get(`u${_.toString(user.id)}`)
if (uRevalidate && user.iat < uRevalidate) {
mustRevalidate = true
}
for (const gid of user.groups) {
const gRevalidate = WIKI.auth.revokationList.get(`g${_.toString(gid)}`)
if (gRevalidate && user.iat < gRevalidate) {
mustRevalidate = true
} else if (DateTime.fromSeconds(user.iat) <= WIKI.startedAt) { // Prevent new / restarted instance from allowing revoked tokens
mustRevalidate = true
} else {
for (const gid of user.groups) {
const gRevalidate = WIKI.auth.revokationList.get(`g${_.toString(gid)}`)
if (gRevalidate && user.iat < gRevalidate) {
mustRevalidate = true
break
}
}
}
}
// Revalidate and renew token
if (mustRevalidate) {
console.info('MUST REVALIDATE')
const jwtPayload = jwt.decode(securityHelper.extractJWT(req))
try {
const newToken = await WIKI.models.users.refreshToken(jwtPayload.id)

4
server/index.js
View File

@ -5,6 +5,7 @@
const path = require('path')
const { nanoid } = require('nanoid')
const { DateTime } = require('luxon')
let WIKI = {
IS_DEBUG: process.env.NODE_ENV === 'development',
@ -14,7 +15,8 @@ let WIKI = {
SERVERPATH: path.join(process.cwd(), 'server'),
Error: require('./helpers/error'),
configSvc: require('./core/config'),
kernel: require('./core/kernel')
kernel: require('./core/kernel'),
startedAt: DateTime.utc()
}
global.WIKI = WIKI

Write Preview
Loading…
Cancel
Save