fyindr
/
siimee
Observar 4
Favorito 3
Fork 1
Código Pull requests 1 Versões 4 Wiki Atividade
Ver código fonte

:construction: Set up first attempt at reissuing access token

juan_spike
tomit4 2 anos atrás
pai
425dfc91bd
commit
287ef56821
4 arquivos alterados com 56 adições e 12 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 1
    1
      backend/lib/routes/user/getaccess.js
  2. 1
    1
      backend/lib/routes/user/getsession.js
  3. 1
    0
      frontend/src/utils/db.js
  4. 53
    10
      frontend/src/views/OnboardingView.vue

+ 1
- 1
backend/lib/routes/user/getaccess.js Ver arquivo 

@@ -29,7 +29,7 @@ module.exports = {
29 29 
             const token = await userService.createToken({
30 30 
                 ...res,
31 31 
                 // NOTE: Set Expiration Time for Access Token Here
32 
-                expires: 60 * 2,
32 
+                expires: Math.floor(Date.now() / 1000) + 60 * 2,
33 33 
             })
34 34 
             try {
35 35 
                 const response = h.response({

+ 1
- 1
backend/lib/routes/user/getsession.js Ver arquivo 

@@ -29,7 +29,7 @@ module.exports = {
29 29 
             const token = await userService.createToken({
30 30 
                 ...res,
31 31 
                 // NOTE: Set Expiration Time for Session Token Here
32 
-                expires: 60 * 10,
32 
+                expires: Math.floor(Date.now() / 1000) + 60 * 10,
33 33 
             })
34 34 
             try {
35 35 
                 const response = h.response({

+ 1
- 0
frontend/src/utils/db.js Ver arquivo 

@@ -43,6 +43,7 @@ class Connector {
43 43 
             const res = await fetch(`${remote}${endpoint}`, header)
44 44 
             const jsonRes = await res.json()
45 45 
             if (!res.ok) {
46 
+                // NOTE: Somewhat hacky workaround here to get auth working
46 47 
                 if (res.status === 401) {
47 48 
                     return { ...jsonRes.data, status: res.status }
48 49 
                 } else {

+ 53
- 10
frontend/src/views/OnboardingView.vue Ver arquivo 

@@ -69,9 +69,12 @@ export default {
69 69 
         // since it has to be done on created() and every step after 6...
70 70 
         sessionToken = this.grabStoredCookie('siimee_session')
71 71 
         accessToken = this.grabStoredCookie('siimee_access')
72 
+        // TODO: More graceful way of throwing exceptions if sessionData is not defined??
72 73 
         try {
73 
-            await this.verifySessionToken(sessionToken)
74 
-            const sessionData = await this.verifyAccessToken(accessToken)
74 
+            const sessionData = await this.verifyBothTokens(
75 
+                sessionToken,
76 
+                accessToken,
77 
+            )
75 78 
             await this.isEmailInRegistry(sessionData.payload.email)
76 79 
             // TODO: Validate All routes hit by these methods using tokens in headers
77 80 
             const userId = await this.grabUserIdByEmail(
 
@@ -107,25 +110,59 @@ export default {
107 110 
                 cookieKey in cookies ? cookies[`${cookieKey}`] : undefined
108 111 
             return cookieVal
109 112 
         },
113 
+        async verifyBothTokens(sessionToken, accessToken) {
114 
+            const sessionTokenIsValid = await this.verifySessionToken(
115 
+                sessionToken,
116 
+            )
117 
+            const accessTokenIsValid = await this.verifyAccessToken(accessToken)
118 
+            if (
119 
+                accessTokenIsValid.status === 401 &&
120 
+                sessionTokenIsValid.status !== 401
121 
+            ) {
122 
+                console.warn(
123 
+                    'WARNING :=> Access Token Expired, but Session Token Is Still Valid, reissuing Access Token...',
124 
+                )
125 
+                // NOTE: Whether to implement newSessionToken is unclear in notes,
126 
+                // but without this, user session will expire in 10 minutes no matter what...
127 
+                const newSessionToken =
128 
+                    await this.authenticator.getSessionToken(
129 
+                        sessionTokenIsValid.payload,
130 
+                    )
131 
+                const newAccessToken = await this.authenticator.getAccessToken(
132 
+                    sessionTokenIsValid.payload,
133 
+                )
134 
+                sessionToken = newSessionToken
135 
+                accessToken = newAccessToken
136 
+                document.cookie = `siimee_access=${newSessionToken}; max-age=600; path=/; secure`
137 
+                document.cookie = `siimee_access=${newAccessToken}; max-age=600; path=/; secure`
138 
+                const newAccessTokenIsValid = await this.verifyAccessToken(
139 
+                    newAccessToken,
140 
+                )
141 
+                return newAccessTokenIsValid
142 
+            } else if (
143 
+                accessTokenIsValid.status === 401 &&
144 
+                sessionTokenIsValid.status === 401
145 
+            ) {
146 
+                sessionToken = null
147 
+                accessToken = null
148 
+                currentProfileId = null
149 
+                throw new Error('Both Session and Access Token Are Expired!!')
150 
+            } else return accessTokenIsValid
151 
+        },
110 152 
         async verifySessionToken(sessionToken) {
111 153 
             if (!sessionToken) {
112 
-                console.warn('WARNING :=> sessionToken is not defined')
154 
+                return console.warn('WARNING :=> sessionToken is not defined')
113 155 
             } else return await this.validateToken(sessionToken)
114 156 
         },
115 157 
         async verifyAccessToken(accessToken) {
116 158 
             if (!accessToken) {
117 
-                console.warn('WARNING :=> accessToken is not defined')
159 
+                return console.warn('WARNING :=> accessToken is not defined')
118 160 
             } else return await this.validateToken(accessToken)
119 161 
         },
120 162 
         async validateToken(token) {
121 163 
             const validatedToken = await this.authenticator.validateSession(
122 164 
                 token,
123 165 
             )
124 
-            // TODO: consolidate both verifyToken into verifyBothTokens() method
125 
-            // and utilize presence of status to determine auth status
126 
-            if (validatedToken.status) {
127 
-                console.log('validatedToken.status :=>', validatedToken.status)
128 
-            }
129 166 
             if (validatedToken.error) {
130 167 
                 throw new Error(validatedToken.error)
131 168 
             } else {
 
@@ -137,7 +174,7 @@ export default {
137 174 
                 await this.authenticator.checkIfEmailIsRegistered(email)
138 175 
             if (!emailIsInRegistry) {
139 176 
                 throw new Error('Email Is NOT in Registry!')
140 
-            } else return emailIsInRegistry // true
177 
+            } else return emailIsInRegistry
141 178 
         },
142 179 
         async grabUserIdByEmail(email) {
143 180 
             const user = await fetchUserByEmail(email)
 
@@ -207,6 +244,12 @@ export default {
207 244 
                         this.responses[this.responses.length - 1],
208 245 
                         currentProfileId,
209 246 
                     )
247 
+                    try {
248 
+                        this.verifyBothTokens(sessionToken, accessToken)
249 
+                    } catch (err) {
250 
+                        console.error('ERROR :=>', err)
251 
+                        this.goToStep(0)
252 
+                    }
210 253 
                 }
211 254 
                 if (k === 'aspects') return
212 255 
             }

Escrever Pré-visualização
Carregando…
Cancelar
Salvar