This commit is contained in:
mike12345567 2021-07-07 23:30:14 +01:00
parent cc67e2caa6
commit 2fc606f5b5
5 changed files with 25 additions and 15 deletions

View File

@ -64,10 +64,13 @@ async function authenticate(token, tokenSecret, profile, done) {
const sessionId = newid()
await createASession(dbUser._id, sessionId)
dbUser.token = jwt.sign({
userId: dbUser._id,
sessionId,
}, env.JWT_SECRET)
dbUser.token = jwt.sign(
{
userId: dbUser._id,
sessionId,
},
env.JWT_SECRET
)
return done(null, dbUser)
}

View File

@ -36,10 +36,13 @@ exports.authenticate = async function (email, password, done) {
const sessionId = newid()
await createASession(dbUser._id, sessionId)
dbUser.token = jwt.sign({
userId: dbUser._id,
sessionId,
}, env.JWT_SECRET)
dbUser.token = jwt.sign(
{
userId: dbUser._id,
sessionId,
},
env.JWT_SECRET
)
// Remove users password in payload
delete dbUser.password

View File

@ -15,8 +15,8 @@ function makeSessionID(userId, sessionId) {
exports.createASession = async (userId, sessionId) => {
const client = await redis.getSessionClient()
const session = {
createdAt: (new Date()).toISOString(),
lastAccessedAt: (new Date()).toISOString(),
createdAt: new Date().toISOString(),
lastAccessedAt: new Date().toISOString(),
sessionId,
userId,
}
@ -41,7 +41,7 @@ exports.invalidateSessions = async (userId, sessionId = null) => {
exports.updateSessionTTL = async session => {
const client = await redis.getSessionClient()
const key = makeSessionID(session.userId, session.sessionId)
session.lastAccessedAt = (new Date()).toISOString()
session.lastAccessedAt = new Date().toISOString()
await client.store(key, session, EXPIRY_SECONDS)
}

View File

@ -1,4 +1,8 @@
const { getAllSessions, getUserSessions, invalidateSessions } = require("@budibase/auth/sessions")
const {
getAllSessions,
getUserSessions,
invalidateSessions,
} = require("@budibase/auth/sessions")
exports.fetch = async ctx => {
ctx.body = await getAllSessions()
@ -14,7 +18,7 @@ exports.invalidateUser = async ctx => {
const { userId } = ctx.params
await invalidateSessions(userId)
ctx.body = {
message: "User sessions invalidated"
message: "User sessions invalidated",
}
}
@ -28,6 +32,6 @@ exports.invalidateSession = async ctx => {
const { sessionId } = ctx.params
await invalidateSessions(userId, sessionId)
ctx.body = {
message: "Session invalidated successfully."
message: "Session invalidated successfully.",
}
}

View File

@ -11,4 +11,4 @@ router
.delete("/api/admin/sessions/:userId", adminOnly, controller.invalidateUser)
.delete("/api/admin/sessions/self/:sessionId", controller.invalidateSession)
module.exports = router
module.exports = router