fix: revalidate tokens created prior to server startup

pull/2117/head
NGPixel 5 years ago
parent 92b29d1f06
commit 98f21b9f6a

@ -115,27 +115,30 @@ module.exports = {
let mustRevalidate = false
// Expired but still valid within N days, just renew
if (info instanceof Error && info.name === 'TokenExpiredError' && DateTime.utc().minus(ms(WIKI.config.auth.tokenRenewal)) < DateTime.fromSeconds(info.expiredAt)) {
if (info instanceof Error && info.name === 'TokenExpiredError' && DateTime.utc().minus(ms(WIKI.config.auth.tokenRenewal)) < DateTime.fromISO(info.expiredAt)) {
mustRevalidate = true
}
// Check if user / group is in revokation list
if (user) {
if (user && !mustRevalidate) {
const uRevalidate = WIKI.auth.revokationList.get(`u${_.toString(user.id)}`)
if (uRevalidate && user.iat < uRevalidate) {
mustRevalidate = true
}
for (const gid of user.groups) {
const gRevalidate = WIKI.auth.revokationList.get(`g${_.toString(gid)}`)
if (gRevalidate && user.iat < gRevalidate) {
mustRevalidate = true
} else if (DateTime.fromSeconds(user.iat) <= WIKI.startedAt) { // Prevent new / restarted instance from allowing revoked tokens
mustRevalidate = true
} else {
for (const gid of user.groups) {
const gRevalidate = WIKI.auth.revokationList.get(`g${_.toString(gid)}`)
if (gRevalidate && user.iat < gRevalidate) {
mustRevalidate = true
break
}
}
}
}
// Revalidate and renew token
if (mustRevalidate) {
console.info('MUST REVALIDATE')
const jwtPayload = jwt.decode(securityHelper.extractJWT(req))
try {
const newToken = await WIKI.models.users.refreshToken(jwtPayload.id)

@ -5,6 +5,7 @@
const path = require('path')
const { nanoid } = require('nanoid')
const { DateTime } = require('luxon')
let WIKI = {
IS_DEBUG: process.env.NODE_ENV === 'development',
@ -14,7 +15,8 @@ let WIKI = {
SERVERPATH: path.join(process.cwd(), 'server'),
Error: require('./helpers/error'),
configSvc: require('./core/config'),
kernel: require('./core/kernel')
kernel: require('./core/kernel'),
startedAt: DateTime.utc()
}
global.WIKI = WIKI

Loading…
Cancel
Save