CoastalCommits/CoastalCommitsPastes
CoastalCommits/CoastalCommitsPastes
2
1
Fork 0
forked from CoastalCommitsArchival/github.com-MaxLeiter-drift
Code Pull requests Activity Actions

code review: don't create auth token if using header auth

Browse source
This commit is contained in:
Max Leiter 2022-05-06 21:40:30 -07:00
parent 05cc23a144
commit f74f7b1f1a
No known key found for this signature in database
GPG key ID: A3512F2F2F17EBDA
3 changed files with 45 additions and 57 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

88
server/src/lib/middleware/is-signed-in.ts
View file

@ -12,7 +12,7 @@ export interface UserJwtRequest extends Request {
user?: User user?: User
} }
export default async function authenticateToken( export default async function isSignedIn(
req: UserJwtRequest, req: UserJwtRequest,
res: Response, res: Response,
next: NextFunction next: NextFunction
@ -35,59 +35,51 @@ export default async function authenticateToken(
await user.save() await user.save()
} }
if (!token) { req.user = user
const token = jwt.sign({ id: user.id }, config.jwt_secret, { next()
expiresIn: "2d" } else {
}) if (token == null) return res.sendStatus(401)
const authToken = new AuthToken({
userId: user.id, const authToken = await AuthToken.findOne({ where: { token: token } })
token: token if (authToken == null) {
}) return res.sendStatus(401)
await authToken.save()
} }
}
if (token == null) return res.sendStatus(401) if (authToken.deletedAt) {
return res.sendStatus(401).json({
message: "Token is no longer valid"
})
}
const authToken = await AuthToken.findOne({ where: { token: token } }) jwt.verify(token, config.jwt_secret, async (err: any, user: any) => {
if (authToken == null) { if (err) {
return res.sendStatus(401) if (config.header_auth) {
} // if the token has expired or is invalid, we need to delete it and generate a new one
authToken.destroy()
const token = jwt.sign({ id: user.id }, config.jwt_secret, {
expiresIn: "2d"
})
const newToken = new AuthToken({
userId: user.id,
token: token
})
await newToken.save()
} else {
return res.sendStatus(403)
}
}
if (authToken.deletedAt) { const userObj = await UserModel.findByPk(user.id, {
return res.sendStatus(401).json({ attributes: {
message: "Token is no longer valid" exclude: ["password"]
}) }
} })
if (!userObj) {
jwt.verify(token, config.jwt_secret, async (err: any, user: any) => {
if (err) {
if (config.header_auth) {
// if the token has expired or is invalid, we need to delete it and generate a new one
authToken.destroy()
const token = jwt.sign({ id: user.id }, config.jwt_secret, {
expiresIn: "2d"
})
const newToken = new AuthToken({
userId: user.id,
token: token
})
await newToken.save()
} else {
return res.sendStatus(403) return res.sendStatus(403)
} }
} req.user = user
const userObj = await UserModel.findByPk(user.id, { next()
attributes: {
exclude: ["password"]
}
}) })
if (!userObj) { }
return res.sendStatus(403)
}
req.user = user
next()
})
} }

2
server/src/lib/middleware/secret-key.ts
View file

@ -1,7 +1,7 @@
import config from "@lib/config" import config from "@lib/config"
import { NextFunction, Request, Response } from "express" import { NextFunction, Request, Response } from "express"
export default function authenticateToken( export default function secretKey(
req: Request, req: Request,
res: Response, res: Response,
next: NextFunction next: NextFunction

4
server/src/routes/auth.ts
View file

@ -95,10 +95,6 @@ auth.post(
} }
}), }),
async (req, res) => { async (req, res) => {
if (config.header_auth) {
}
const error = "User does not exist or password is incorrect" const error = "User does not exist or password is incorrect"
const errorToThrow = new Error(error) const errorToThrow = new Error(error)
try { try {