Skip to content

W
wiki-js
Commit 98f21b9f authored by NGPixel's avatar NGPixel
Browse files
Options

fix: revalidate tokens created prior to server startup

parent 92b29d1f
Hide whitespace changes
Inline Side-by-side
Showing with 14 additions and 9 deletions
server/core/auth.js
View file @ 98f21b9f
......@@ -115,27 +115,30 @@ module.exports = {
let mustRevalidate = false
// Expired but still valid within N days, just renew
if (info instanceof Error && info.name === 'TokenExpiredError' && DateTime.utc().minus(ms(WIKI.config.auth.tokenRenewal)) < DateTime.fromSeconds(info.expiredAt)) {
if (info instanceof Error && info.name === 'TokenExpiredError' && DateTime.utc().minus(ms(WIKI.config.auth.tokenRenewal)) < DateTime.fromISO(info.expiredAt)) {
mustRevalidate = true
}
// Check if user / group is in revokation list
if (user) {
if (user && !mustRevalidate) {
const uRevalidate = WIKI.auth.revokationList.get(`u${_.toString(user.id)}`)
if (uRevalidate && user.iat < uRevalidate) {
mustRevalidate = true
}
for (const gid of user.groups) {
const gRevalidate = WIKI.auth.revokationList.get(`g${_.toString(gid)}`)
if (gRevalidate && user.iat < gRevalidate) {
mustRevalidate = true
} else if (DateTime.fromSeconds(user.iat) <= WIKI.startedAt) { // Prevent new / restarted instance from allowing revoked tokens
mustRevalidate = true
} else {
for (const gid of user.groups) {
const gRevalidate = WIKI.auth.revokationList.get(`g${_.toString(gid)}`)
if (gRevalidate && user.iat < gRevalidate) {
mustRevalidate = true
break
}
}
}
}
// Revalidate and renew token
if (mustRevalidate) {
console.info('MUST REVALIDATE')
const jwtPayload = jwt.decode(securityHelper.extractJWT(req))
try {
const newToken = await WIKI.models.users.refreshToken(jwtPayload.id)
......
server/index.js
View file @ 98f21b9f
......@@ -5,6 +5,7 @@
const path = require('path')
const { nanoid } = require('nanoid')
const { DateTime } = require('luxon')
let WIKI = {
IS_DEBUG: process.env.NODE_ENV === 'development',
......@@ -14,7 +15,8 @@ let WIKI = {
SERVERPATH: path.join(process.cwd(), 'server'),
Error: require('./helpers/error'),
configSvc: require('./core/config'),
kernel: require('./core/kernel')
kernel: require('./core/kernel'),
startedAt: DateTime.utc()
}
global.WIKI = WIKI
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment