MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5294 from Budibase/fix/invalidate-sessions 

Refactored the invalidate session functionality.
This commit is contained in:
deanhannigan 2022-04-07 14:20:30 +01:00 committed by GitHub
parent 50729710c5 352c021955
commit f90f78d1f7
1 changed files with 22 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
packages/backend-core/src/security/sessions.js
View File

@ -14,25 +14,7 @@ function makeSessionID(userId, sessionId) {
return `${userId}/${sessionId}` return `${userId}/${sessionId}`
} }
exports.createASession = async (userId, session) => { async function invalidateSessions(userId, sessionIds = null) {
// invalidate all other sessions
await this.invalidateSessions(userId)
const client = await redis.getSessionClient()
const sessionId = session.sessionId
if (!session.csrfToken) {
session.csrfToken = uuidv4()
}
session = {
createdAt: new Date().toISOString(),
lastAccessedAt: new Date().toISOString(),
...session,
userId,
}
await client.store(makeSessionID(userId, sessionId), session, EXPIRY_SECONDS)
}
exports.invalidateSessions = async (userId, sessionIds = null) => {
let sessions = [] let sessions = []
// If no sessionIds, get all the sessions for the user // If no sessionIds, get all the sessions for the user
@ -58,6 +40,24 @@ exports.invalidateSessions = async (userId, sessionIds = null) => {
await Promise.all(promises) await Promise.all(promises)
} }
exports.createASession = async (userId, session) => {
// invalidate all other sessions
await invalidateSessions(userId)
const client = await redis.getSessionClient()
const sessionId = session.sessionId
if (!session.csrfToken) {
session.csrfToken = uuidv4()
}
session = {
createdAt: new Date().toISOString(),
lastAccessedAt: new Date().toISOString(),
...session,
userId,
}
await client.store(makeSessionID(userId, sessionId), session, EXPIRY_SECONDS)
}
exports.updateSessionTTL = async session => { exports.updateSessionTTL = async session => {
const client = await redis.getSessionClient() const client = await redis.getSessionClient()
const key = makeSessionID(session.userId, session.sessionId) const key = makeSessionID(session.userId, session.sessionId)
@ -70,8 +70,6 @@ exports.endSession = async (userId, sessionId) => {
await client.delete(makeSessionID(userId, sessionId)) await client.delete(makeSessionID(userId, sessionId))
} }
exports.getUserSessions = getSessionsForUser
exports.getSession = async (userId, sessionId) => { exports.getSession = async (userId, sessionId) => {
try { try {
const client = await redis.getSessionClient() const client = await redis.getSessionClient()
@ -87,3 +85,6 @@ exports.getAllSessions = async () => {
const sessions = await client.scan() const sessions = await client.scan()
return sessions.map(session => session.value) return sessions.map(session => session.value)
} }
exports.getUserSessions = getSessionsForUser
exports.invalidateSessions = invalidateSessions