feat(server): move authentication to tokens stored in the database (#1381)

* chore: add typeorm commands to npm and set default database config values * feat: move to server side authentication tokens * fix: websocket should emit error and disconnect on error thrown by the server * refactor: rename cookie-auth-strategy to user-auth-strategy * feat: user tokens and API keys now use SHA256 hash for performance improvements * test: album e2e test remove unneeded module import * infra: truncate api key table as old keys will no longer work with new hash algorithm * fix(server): e2e tests (#1435) * fix: root module paths * chore: linting * chore: rename user-auth to strategy.ts and make validate return AuthUserDto * fix: we should always send HttpOnly for our auth cookies * chore: remove now unused crypto functions and jwt dependencies * fix: return the extra fields for AuthUserDto in auth service validate --------- Co-authored-by: Jason Rasmussen <jrasm91@gmail.com>
2025-12-20 09:15:35 +03:00 · 2023-01-27 20:50:07 +00:00
parent 9be71f603e
commit 3f2513a717
61 changed files with 373 additions and 517 deletions
--- a/server/libs/infra/src/db/repository/api-key.repository.ts
+++ b/server/libs/infra/src/db/repository/api-key.repository.ts
@@ -21,14 +21,14 @@ export class APIKeyRepository implements IKeyRepository {
    await this.repository.delete({ userId, id });
  }

-  getKey(id: number): Promise<APIKeyEntity | null> {
+  getKey(hashedToken: string): Promise<APIKeyEntity | null> {
    return this.repository.findOne({
      select: {
        id: true,
        key: true,
        userId: true,
      },
-      where: { id },
+      where: { key: hashedToken },
      relations: {
        user: true,
      },