Refresh the JWT on websocket connect.

git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@3993 ed5197a5-7fde-0310-b194-c3ffbd925b24
This commit is contained in:
2022-10-05 01:20:47 +00:00
parent 3cdfc7af2b
commit 5e72b111d9
3 changed files with 26 additions and 13 deletions

View File

@ -5,13 +5,7 @@ import * as form from './form.js';
var gTokens = {};
var gDatabase = new Database("auth");
const kRefreshInterval =
1 /* w */ *
7 /* d */ *
24 /* h */ *
60 /* m */ *
60 /* s */ *
1000 /* ms */;
const kRefreshInterval = 1 * 7 * 24 * 60 * 60 * 1000;
function b64url(value) {
value = value.replaceAll('+', '-').replaceAll('/', '_');
@ -59,10 +53,12 @@ function readSession(session) {
let id = ssb.getIdentities(':auth');
if (id?.length && ssb.hmacsha256verify(id[0], payload, signature)) {
let result = JSON.parse(base64Decode(unb64url(payload)));
if ((new Date()).valueOf() < result.exp) {
let now = new Date().valueOf()
if (now < result.exp) {
print(`JWT valid for another ${(result.exp - now) / 1000} seconds.`);
return result;
} else {
print('JWT expired.');
print(`JWT expired by ${(now - result.exp) / 1000} seconds.`);
}
} else {
print('JWT verification failed.');
@ -70,6 +66,8 @@ function readSession(session) {
} else {
print('Invalid JWT header.');
}
} else {
print('No session JWT.');
}
}
@ -174,7 +172,7 @@ function handler(request, response) {
}
}
var cookie = "session=" + session + "; path=/; Max-Age=604800; Secure; SameSite=Strict";
var cookie = `session=${session}; path=/; Max-Age=${kRefreshInterval}; Secure; SameSite=Strict`;
var entry = readSession(session);
if (entry && formData.return) {
response.writeHead(303, {"Location": formData.return, "Set-Cookie": cookie});
@ -257,7 +255,14 @@ function query(headers) {
var entry;
var autologin = tildefriends.args.autologin;
if (entry = autologin ? {name: autologin} : readSession(session)) {
return {session: entry, permissions: autologin ? getPermissionsForUser(autologin) : getPermissions(session)};
return {
session: entry,
permissions: autologin ? getPermissionsForUser(autologin) : getPermissions(session),
refresh: {
token: makeJwt({name: entry.name}),
interval: kRefreshInterval,
},
};
}
}