richard
/
wiki
mirror of https://github.com/Requarks/wiki.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

feat: token refresh

pull/664/head
Nicolas Giard 6 years ago
parent
3abd2f917c
commit
aa08459daf
6 changed files with 34 additions and 26 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      client/components/login.vue
  2. 14
      client/scss/layout/_md2.scss
  3. 13
      server/graph/directives/auth.js
  4. 20
      server/helpers/security.js
  5. 3
      server/middlewares/auth.js
  6. 4
      server/models/users.js

6
client/components/login.vue
View File

@ -11,7 +11,7 @@
offset-xl4, xl4
)
transition(name='zoom')
v-card.elevation-5.radius-7(v-show='isShown')
v-card.elevation-5.md2(v-show='isShown')
v-toolbar(color='primary', flat, dense, dark)
v-spacer
.subheading(v-if='screen === "tfa"') {{ $t('auth:tfa.subtitle') }}
@ -59,7 +59,7 @@
)
v-card-actions.pb-4
v-spacer
v-btn(
v-btn.md2(
v-if='screen === "login"'
block
large
@ -68,7 +68,7 @@
round
:loading='isLoading'
) {{ $t('auth:actions.login') }}
v-btn(
v-btn.md2(
v-if='screen === "tfa"'
block
large

14
client/scss/layout/_md2.scss
View File

@ -1,7 +1,17 @@
.md2 {
&.v-text-field .v-input__slot {
border-radius: 28px;
&.v-text-field {
.v-input__slot {
border-radius: 7px;
}
}
&.v-btn {
border-radius: 7px;
}
&.v-card {
border-radius: 7px;
}
}

13
server/graph/directives/auth.js
View File

@ -1,5 +1,6 @@
const { SchemaDirectiveVisitor } = require('graphql-tools')
const { defaultFieldResolver } = require('graphql')
const _ = require('lodash')
class AuthDirective extends SchemaDirectiveVisitor {
visitObject(type) {
@ -39,11 +40,13 @@ class AuthDirective extends SchemaDirectiveVisitor {
}
const context = args[2]
console.info(context.req.user)
// const user = await getUser(context.headers.authToken)
// if (!user.hasRole(requiredScopes)) {
// throw new Error('not authorized')
// }
if (!context.req.user) {
throw new Error('Unauthorized')
}
if (!_.some(context.req.user.permissions, pm => _.includes(requiredScopes, pm))) {
throw new Error('Forbidden')
}
return resolve.apply(this, args)
}

20
server/helpers/security.js
View File

@ -24,16 +24,14 @@ module.exports = {
})
},
async extractJWT (req) {
return passportJWT.ExtractJwt.fromExtractors([
passportJWT.ExtractJwt.fromAuthHeaderAsBearerToken(),
(req) => {
let token = null
if (req && req.cookies) {
token = req.cookies['jwt']
}
return token
extractJWT: passportJWT.ExtractJwt.fromExtractors([
passportJWT.ExtractJwt.fromAuthHeaderAsBearerToken(),
(req) => {
let token = null
if (req && req.cookies) {
token = req.cookies['jwt']
}
])(req)
}
return token
}
])
}

3
server/middlewares/auth.js
View File

@ -13,12 +13,9 @@ module.exports = {
WIKI.auth.passport.authenticate('jwt', {session: false}, async (err, user, info) => {
if (err) { return next() }
console.info(err, user, info)
// Expired but still valid within 7 days, just renew
if (info instanceof jwt.TokenExpiredError && moment().subtract(7, 'days').isBefore(info.expiredAt)) {
const jwtPayload = jwt.decode(securityHelper.extractJWT(req))
console.info(jwtPayload)
try {
const newToken = await WIKI.models.users.refreshToken(jwtPayload.id)
user = newToken.user

4
server/models/users.js
View File

@ -252,9 +252,9 @@ module.exports = class User extends Model {
timezone: user.timezone,
localeCode: user.localeCode,
defaultEditor: user.defaultEditor,
permissions: []
permissions: ['manage:system']
}, WIKI.config.sessionSecret, {
expiresIn: '10s',
expiresIn: '30m',
audience: 'urn:wiki.js', // TODO: use value from admin
issuer: 'urn:wiki.js'
}),

Write Preview
Loading…
Cancel
Save