Refresh the JWT on websocket connect.
git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@3993 ed5197a5-7fde-0310-b194-c3ffbd925b24
This commit is contained in:
@@ -61,6 +61,8 @@ function socket(request, response, client) {
|
||||
let process;
|
||||
let options = {};
|
||||
let credentials = auth.query(request.headers);
|
||||
let refresh_token = credentials?.refresh?.token;
|
||||
let refresh_interval = credentials?.refresh?.interval;
|
||||
|
||||
response.onClose = async function() {
|
||||
if (process && process.task) {
|
||||
@@ -190,6 +192,12 @@ function socket(request, response, client) {
|
||||
process.lastActive = Date.now();
|
||||
}
|
||||
}
|
||||
|
||||
if (refresh_token) {
|
||||
return {
|
||||
'Set-Cookie': `session=${refresh_token}; path=/; Max-Age=${refresh_interval}; Secure; SameSite=Strict`,
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
export { socket, App };
|
||||
|
||||
27
core/auth.js
27
core/auth.js
@@ -5,13 +5,7 @@ import * as form from './form.js';
|
||||
var gTokens = {};
|
||||
var gDatabase = new Database("auth");
|
||||
|
||||
const kRefreshInterval =
|
||||
1 /* w */ *
|
||||
7 /* d */ *
|
||||
24 /* h */ *
|
||||
60 /* m */ *
|
||||
60 /* s */ *
|
||||
1000 /* ms */;
|
||||
const kRefreshInterval = 1 * 7 * 24 * 60 * 60 * 1000;
|
||||
|
||||
function b64url(value) {
|
||||
value = value.replaceAll('+', '-').replaceAll('/', '_');
|
||||
@@ -59,10 +53,12 @@ function readSession(session) {
|
||||
let id = ssb.getIdentities(':auth');
|
||||
if (id?.length && ssb.hmacsha256verify(id[0], payload, signature)) {
|
||||
let result = JSON.parse(base64Decode(unb64url(payload)));
|
||||
if ((new Date()).valueOf() < result.exp) {
|
||||
let now = new Date().valueOf()
|
||||
if (now < result.exp) {
|
||||
print(`JWT valid for another ${(result.exp - now) / 1000} seconds.`);
|
||||
return result;
|
||||
} else {
|
||||
print('JWT expired.');
|
||||
print(`JWT expired by ${(now - result.exp) / 1000} seconds.`);
|
||||
}
|
||||
} else {
|
||||
print('JWT verification failed.');
|
||||
@@ -70,6 +66,8 @@ function readSession(session) {
|
||||
} else {
|
||||
print('Invalid JWT header.');
|
||||
}
|
||||
} else {
|
||||
print('No session JWT.');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -174,7 +172,7 @@ function handler(request, response) {
|
||||
}
|
||||
}
|
||||
|
||||
var cookie = "session=" + session + "; path=/; Max-Age=604800; Secure; SameSite=Strict";
|
||||
var cookie = `session=${session}; path=/; Max-Age=${kRefreshInterval}; Secure; SameSite=Strict`;
|
||||
var entry = readSession(session);
|
||||
if (entry && formData.return) {
|
||||
response.writeHead(303, {"Location": formData.return, "Set-Cookie": cookie});
|
||||
@@ -257,7 +255,14 @@ function query(headers) {
|
||||
var entry;
|
||||
var autologin = tildefriends.args.autologin;
|
||||
if (entry = autologin ? {name: autologin} : readSession(session)) {
|
||||
return {session: entry, permissions: autologin ? getPermissionsForUser(autologin) : getPermissions(session)};
|
||||
return {
|
||||
session: entry,
|
||||
permissions: autologin ? getPermissionsForUser(autologin) : getPermissions(session),
|
||||
refresh: {
|
||||
token: makeJwt({name: entry.name}),
|
||||
interval: kRefreshInterval,
|
||||
},
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -246,7 +246,7 @@ function handleWebSocketRequest(request, response, client) {
|
||||
}
|
||||
response.onMessage = null;
|
||||
|
||||
handler.invoke(request, response);
|
||||
let extra_headers = handler.invoke(request, response);
|
||||
|
||||
client.read(function(data) {
|
||||
if (data) {
|
||||
@@ -333,7 +333,7 @@ function handleWebSocketRequest(request, response, client) {
|
||||
if (request.headers["sec-websocket-version"] != "13") {
|
||||
headers["Sec-WebSocket-Version"] = "13";
|
||||
}
|
||||
response.writeHead(101, headers);
|
||||
response.writeHead(101, Object.assign({}, headers, extra_headers));
|
||||
}
|
||||
|
||||
function webSocketAcceptResponse(key) {
|
||||
|
||||
Reference in New Issue
Block a user