This commit is contained in:
mike12345567 2021-07-07 23:30:14 +01:00
parent cc67e2caa6
commit 2fc606f5b5
5 changed files with 25 additions and 15 deletions

View File

@ -64,10 +64,13 @@ async function authenticate(token, tokenSecret, profile, done) {
const sessionId = newid() const sessionId = newid()
await createASession(dbUser._id, sessionId) await createASession(dbUser._id, sessionId)
dbUser.token = jwt.sign({ dbUser.token = jwt.sign(
userId: dbUser._id, {
sessionId, userId: dbUser._id,
}, env.JWT_SECRET) sessionId,
},
env.JWT_SECRET
)
return done(null, dbUser) return done(null, dbUser)
} }

View File

@ -36,10 +36,13 @@ exports.authenticate = async function (email, password, done) {
const sessionId = newid() const sessionId = newid()
await createASession(dbUser._id, sessionId) await createASession(dbUser._id, sessionId)
dbUser.token = jwt.sign({ dbUser.token = jwt.sign(
userId: dbUser._id, {
sessionId, userId: dbUser._id,
}, env.JWT_SECRET) sessionId,
},
env.JWT_SECRET
)
// Remove users password in payload // Remove users password in payload
delete dbUser.password delete dbUser.password

View File

@ -15,8 +15,8 @@ function makeSessionID(userId, sessionId) {
exports.createASession = async (userId, sessionId) => { exports.createASession = async (userId, sessionId) => {
const client = await redis.getSessionClient() const client = await redis.getSessionClient()
const session = { const session = {
createdAt: (new Date()).toISOString(), createdAt: new Date().toISOString(),
lastAccessedAt: (new Date()).toISOString(), lastAccessedAt: new Date().toISOString(),
sessionId, sessionId,
userId, userId,
} }
@ -41,7 +41,7 @@ exports.invalidateSessions = async (userId, sessionId = null) => {
exports.updateSessionTTL = async session => { exports.updateSessionTTL = async session => {
const client = await redis.getSessionClient() const client = await redis.getSessionClient()
const key = makeSessionID(session.userId, session.sessionId) const key = makeSessionID(session.userId, session.sessionId)
session.lastAccessedAt = (new Date()).toISOString() session.lastAccessedAt = new Date().toISOString()
await client.store(key, session, EXPIRY_SECONDS) await client.store(key, session, EXPIRY_SECONDS)
} }

View File

@ -1,4 +1,8 @@
const { getAllSessions, getUserSessions, invalidateSessions } = require("@budibase/auth/sessions") const {
getAllSessions,
getUserSessions,
invalidateSessions,
} = require("@budibase/auth/sessions")
exports.fetch = async ctx => { exports.fetch = async ctx => {
ctx.body = await getAllSessions() ctx.body = await getAllSessions()
@ -14,7 +18,7 @@ exports.invalidateUser = async ctx => {
const { userId } = ctx.params const { userId } = ctx.params
await invalidateSessions(userId) await invalidateSessions(userId)
ctx.body = { ctx.body = {
message: "User sessions invalidated" message: "User sessions invalidated",
} }
} }
@ -28,6 +32,6 @@ exports.invalidateSession = async ctx => {
const { sessionId } = ctx.params const { sessionId } = ctx.params
await invalidateSessions(userId, sessionId) await invalidateSessions(userId, sessionId)
ctx.body = { ctx.body = {
message: "Session invalidated successfully." message: "Session invalidated successfully.",
} }
} }

View File

@ -11,4 +11,4 @@ router
.delete("/api/admin/sessions/:userId", adminOnly, controller.invalidateUser) .delete("/api/admin/sessions/:userId", adminOnly, controller.invalidateUser)
.delete("/api/admin/sessions/self/:sessionId", controller.invalidateSession) .delete("/api/admin/sessions/self/:sessionId", controller.invalidateSession)
module.exports = router module.exports = router