feat: token refresh

This commit is contained in:
Nicolas Giard
2018-10-12 16:39:02 -04:00
parent 3abd2f917c
commit aa08459daf
6 changed files with 34 additions and 26 deletions

View File

@@ -1,5 +1,6 @@
const { SchemaDirectiveVisitor } = require('graphql-tools')
const { defaultFieldResolver } = require('graphql')
const _ = require('lodash')
class AuthDirective extends SchemaDirectiveVisitor {
visitObject(type) {
@@ -39,11 +40,13 @@ class AuthDirective extends SchemaDirectiveVisitor {
}
const context = args[2]
console.info(context.req.user)
// const user = await getUser(context.headers.authToken)
// if (!user.hasRole(requiredScopes)) {
// throw new Error('not authorized')
// }
if (!context.req.user) {
throw new Error('Unauthorized')
}
if (!_.some(context.req.user.permissions, pm => _.includes(requiredScopes, pm))) {
throw new Error('Forbidden')
}
return resolve.apply(this, args)
}

View File

@@ -24,16 +24,14 @@ module.exports = {
})
},
async extractJWT (req) {
return passportJWT.ExtractJwt.fromExtractors([
passportJWT.ExtractJwt.fromAuthHeaderAsBearerToken(),
(req) => {
let token = null
if (req && req.cookies) {
token = req.cookies['jwt']
}
return token
extractJWT: passportJWT.ExtractJwt.fromExtractors([
passportJWT.ExtractJwt.fromAuthHeaderAsBearerToken(),
(req) => {
let token = null
if (req && req.cookies) {
token = req.cookies['jwt']
}
])(req)
}
return token
}
])
}

View File

@@ -13,12 +13,9 @@ module.exports = {
WIKI.auth.passport.authenticate('jwt', {session: false}, async (err, user, info) => {
if (err) { return next() }
console.info(err, user, info)
// Expired but still valid within 7 days, just renew
if (info instanceof jwt.TokenExpiredError && moment().subtract(7, 'days').isBefore(info.expiredAt)) {
const jwtPayload = jwt.decode(securityHelper.extractJWT(req))
console.info(jwtPayload)
try {
const newToken = await WIKI.models.users.refreshToken(jwtPayload.id)
user = newToken.user

View File

@@ -252,9 +252,9 @@ module.exports = class User extends Model {
timezone: user.timezone,
localeCode: user.localeCode,
defaultEditor: user.defaultEditor,
permissions: []
permissions: ['manage:system']
}, WIKI.config.sessionSecret, {
expiresIn: '10s',
expiresIn: '30m',
audience: 'urn:wiki.js', // TODO: use value from admin
issuer: 'urn:wiki.js'
}),