Refresh the JWT on websocket connect.
git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@3993 ed5197a5-7fde-0310-b194-c3ffbd925b24
This commit is contained in:
27
core/auth.js
27
core/auth.js
@ -5,13 +5,7 @@ import * as form from './form.js';
|
||||
var gTokens = {};
|
||||
var gDatabase = new Database("auth");
|
||||
|
||||
const kRefreshInterval =
|
||||
1 /* w */ *
|
||||
7 /* d */ *
|
||||
24 /* h */ *
|
||||
60 /* m */ *
|
||||
60 /* s */ *
|
||||
1000 /* ms */;
|
||||
const kRefreshInterval = 1 * 7 * 24 * 60 * 60 * 1000;
|
||||
|
||||
function b64url(value) {
|
||||
value = value.replaceAll('+', '-').replaceAll('/', '_');
|
||||
@ -59,10 +53,12 @@ function readSession(session) {
|
||||
let id = ssb.getIdentities(':auth');
|
||||
if (id?.length && ssb.hmacsha256verify(id[0], payload, signature)) {
|
||||
let result = JSON.parse(base64Decode(unb64url(payload)));
|
||||
if ((new Date()).valueOf() < result.exp) {
|
||||
let now = new Date().valueOf()
|
||||
if (now < result.exp) {
|
||||
print(`JWT valid for another ${(result.exp - now) / 1000} seconds.`);
|
||||
return result;
|
||||
} else {
|
||||
print('JWT expired.');
|
||||
print(`JWT expired by ${(now - result.exp) / 1000} seconds.`);
|
||||
}
|
||||
} else {
|
||||
print('JWT verification failed.');
|
||||
@ -70,6 +66,8 @@ function readSession(session) {
|
||||
} else {
|
||||
print('Invalid JWT header.');
|
||||
}
|
||||
} else {
|
||||
print('No session JWT.');
|
||||
}
|
||||
}
|
||||
|
||||
@ -174,7 +172,7 @@ function handler(request, response) {
|
||||
}
|
||||
}
|
||||
|
||||
var cookie = "session=" + session + "; path=/; Max-Age=604800; Secure; SameSite=Strict";
|
||||
var cookie = `session=${session}; path=/; Max-Age=${kRefreshInterval}; Secure; SameSite=Strict`;
|
||||
var entry = readSession(session);
|
||||
if (entry && formData.return) {
|
||||
response.writeHead(303, {"Location": formData.return, "Set-Cookie": cookie});
|
||||
@ -257,7 +255,14 @@ function query(headers) {
|
||||
var entry;
|
||||
var autologin = tildefriends.args.autologin;
|
||||
if (entry = autologin ? {name: autologin} : readSession(session)) {
|
||||
return {session: entry, permissions: autologin ? getPermissionsForUser(autologin) : getPermissions(session)};
|
||||
return {
|
||||
session: entry,
|
||||
permissions: autologin ? getPermissionsForUser(autologin) : getPermissions(session),
|
||||
refresh: {
|
||||
token: makeJwt({name: entry.name}),
|
||||
interval: kRefreshInterval,
|
||||
},
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user