Refresh the JWT on websocket connect.

git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@3993 ed5197a5-7fde-0310-b194-c3ffbd925b24
This commit is contained in:
Cory McWilliams 2022-10-05 01:20:47 +00:00
parent 3cdfc7af2b
commit 5e72b111d9
3 changed files with 26 additions and 13 deletions

View File

@ -61,6 +61,8 @@ function socket(request, response, client) {
let process;
let options = {};
let credentials = auth.query(request.headers);
let refresh_token = credentials?.refresh?.token;
let refresh_interval = credentials?.refresh?.interval;
response.onClose = async function() {
if (process && process.task) {
@ -190,6 +192,12 @@ function socket(request, response, client) {
process.lastActive = Date.now();
}
}
if (refresh_token) {
return {
'Set-Cookie': `session=${refresh_token}; path=/; Max-Age=${refresh_interval}; Secure; SameSite=Strict`,
};
}
}
export { socket, App };

View File

@ -5,13 +5,7 @@ import * as form from './form.js';
var gTokens = {};
var gDatabase = new Database("auth");
const kRefreshInterval =
1 /* w */ *
7 /* d */ *
24 /* h */ *
60 /* m */ *
60 /* s */ *
1000 /* ms */;
const kRefreshInterval = 1 * 7 * 24 * 60 * 60 * 1000;
function b64url(value) {
value = value.replaceAll('+', '-').replaceAll('/', '_');
@ -59,10 +53,12 @@ function readSession(session) {
let id = ssb.getIdentities(':auth');
if (id?.length && ssb.hmacsha256verify(id[0], payload, signature)) {
let result = JSON.parse(base64Decode(unb64url(payload)));
if ((new Date()).valueOf() < result.exp) {
let now = new Date().valueOf()
if (now < result.exp) {
print(`JWT valid for another ${(result.exp - now) / 1000} seconds.`);
return result;
} else {
print('JWT expired.');
print(`JWT expired by ${(now - result.exp) / 1000} seconds.`);
}
} else {
print('JWT verification failed.');
@ -70,6 +66,8 @@ function readSession(session) {
} else {
print('Invalid JWT header.');
}
} else {
print('No session JWT.');
}
}
@ -174,7 +172,7 @@ function handler(request, response) {
}
}
var cookie = "session=" + session + "; path=/; Max-Age=604800; Secure; SameSite=Strict";
var cookie = `session=${session}; path=/; Max-Age=${kRefreshInterval}; Secure; SameSite=Strict`;
var entry = readSession(session);
if (entry && formData.return) {
response.writeHead(303, {"Location": formData.return, "Set-Cookie": cookie});
@ -257,7 +255,14 @@ function query(headers) {
var entry;
var autologin = tildefriends.args.autologin;
if (entry = autologin ? {name: autologin} : readSession(session)) {
return {session: entry, permissions: autologin ? getPermissionsForUser(autologin) : getPermissions(session)};
return {
session: entry,
permissions: autologin ? getPermissionsForUser(autologin) : getPermissions(session),
refresh: {
token: makeJwt({name: entry.name}),
interval: kRefreshInterval,
},
};
}
}

View File

@ -246,7 +246,7 @@ function handleWebSocketRequest(request, response, client) {
}
response.onMessage = null;
handler.invoke(request, response);
let extra_headers = handler.invoke(request, response);
client.read(function(data) {
if (data) {
@ -333,7 +333,7 @@ function handleWebSocketRequest(request, response, client) {
if (request.headers["sec-websocket-version"] != "13") {
headers["Sec-WebSocket-Version"] = "13";
}
response.writeHead(101, headers);
response.writeHead(101, Object.assign({}, headers, extra_headers));
}
function webSocketAcceptResponse(key) {