Added refresh tokens
This commit is contained in:
Johnathon Slightham
@@ -20,7 +20,8 @@ config.mail.from = "name";
|
||||
* Session purge settings
|
||||
*/
|
||||
// Maximum session length in days
|
||||
config.maxSessionLength = 30;
|
||||
config.maxSessionLength = 1;
|
||||
config.maxRefreshLength = 360;
|
||||
|
||||
/*
|
||||
* SSL settings
|
||||
|
||||
5
index.js
5
index.js
@@ -35,6 +35,11 @@ mongoose.connect(config.db.connection, { useNewUrlParser: true, useUnifiedTopolo
|
||||
app.use(cors());
|
||||
app.use(express.urlencoded({ extended: true }))
|
||||
app.use(express.json());
|
||||
app.use(function(req, res, next) {
|
||||
res.header("Access-Control-Allow-Origin", "*"); // update to match the domain you will make the request from
|
||||
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
|
||||
next();
|
||||
});
|
||||
|
||||
// Sanitize data to prevent NoSQL injections
|
||||
app.use(mongoSanitize());
|
||||
|
||||
@@ -235,6 +235,27 @@ userRoutes.route('/favorite/get').post((req, res) => {
|
||||
})
|
||||
})
|
||||
|
||||
userRoutes.route('/refresh').post((req, res) => {
|
||||
utils.account.checkRefresh(req.body.userId, req.body.refresh, valid => {
|
||||
if (valid) {
|
||||
let s = new Session();
|
||||
s.sessionId = generateSession();
|
||||
s.userId = u._id;
|
||||
s.date = new Date();
|
||||
|
||||
s.save()
|
||||
.then(() => {
|
||||
res.json(s);
|
||||
})
|
||||
.catch(() => {
|
||||
res.status(500).send("Error logging in user");
|
||||
});
|
||||
} else {
|
||||
res.status(401).send("Incorrect refresh token");
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
module.exports = userRoutes;
|
||||
|
||||
|
||||
@@ -11,6 +11,9 @@ let Session = new Schema({
|
||||
},
|
||||
date: {
|
||||
type: Date
|
||||
},
|
||||
type: {
|
||||
type: Number // 0 for sessionID, 1 for refresh token
|
||||
}
|
||||
}, {
|
||||
collection: 'sessions'
|
||||
|
||||
@@ -1,10 +1,22 @@
|
||||
let User = require('../schema/user.model');
|
||||
let Session = require('../schema/session.model');
|
||||
const bcrypt = require('bcrypt');
|
||||
|
||||
// checkSession(userId, sessionId) checks if the sessionId is valid for the user
|
||||
const checkSession = (userId, sessionId, f) => {
|
||||
Session.find({ userId: userId, sessionId: sessionId }, (err, res) => {
|
||||
if (res) {
|
||||
if (res && res.type == 0) {
|
||||
f(true);
|
||||
return;
|
||||
}
|
||||
f(false);
|
||||
});
|
||||
}
|
||||
|
||||
// checkRefresh(userId, sessionId) checks if the refresh token is valid for the user
|
||||
const checkRefresh = (userId, sessionId, f) => {
|
||||
Session.find({ userId: userId, sessionId: sessionId }, (err, res) => {
|
||||
if (res && res.type == 1) {
|
||||
f(true);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
const config = require('../config');
|
||||
let Session = require('../schema/session.model');
|
||||
const maxSessionLength = config.maxSessionLength;
|
||||
const maxRefreshLength = config.maxRefreshLength;
|
||||
|
||||
// purgeSessions() purge sessions that have existed for longer than maxSessionLength
|
||||
const purgeSessions = () => {
|
||||
@@ -9,7 +10,12 @@ const purgeSessions = () => {
|
||||
for (let i = 0; i < arr.length; i++) {
|
||||
let timeDifference = new Date().getTime() - arr[i].date;
|
||||
let dayDifference = timeDifference / (1000 * 3600 * 24);
|
||||
if (dayDifference > maxSessionLength) {
|
||||
if (arr[i].type == 0 && dayDifference > maxSessionLength) {
|
||||
arr[i].delete().catch(e => {
|
||||
console.log(e);
|
||||
});
|
||||
}
|
||||
if (arr[i].type == 1 && dayDifference > maxRefreshLength) {
|
||||
arr[i].delete().catch(e => {
|
||||
console.log(e);
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user