starred/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-12-17 09:13:23 +03:00
Code Issues 418 Packages Projects Releases 12 Wiki Activity

feat: Invalidate access token on logout

Browse Source
This commit is contained in:
Maksim Eltyshev
2022-09-07 18:39:33 +05:00
parent f091de6827
commit 48ea62c0a0
26 changed files with 242 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
server/api/hooks/current-user/index.js
View File

@@ -17,6 +17,15 @@ module.exports = function defineCurrentUserHook(sails) {
return null;
}
const session = await Session.findOne({
accessToken,
deletedAt: null,
});
if (!session) {
return null;
}
const user = await sails.helpers.users.getOne(payload.subject);
if (user && user.passwordChangedAt > payload.issuedAt) {
@@ -43,8 +52,14 @@ module.exports = function defineCurrentUserHook(sails) {
if (authorizationHeader && TOKEN_PATTERN.test(authorizationHeader)) {
const accessToken = authorizationHeader.replace(TOKEN_PATTERN, '');
const currentUser = await getUser(accessToken);
req.currentUser = await getUser(accessToken);
if (currentUser) {
Object.assign(req, {
accessToken,
currentUser,
});
}
}
return next();
@@ -52,8 +67,17 @@ module.exports = function defineCurrentUserHook(sails) {
},
'/attachments/*': {
async fn(req, res, next) {
if (req.cookies.accessToken) {
req.currentUser = await getUser(req.cookies.accessToken);
const { accessToken } = req.cookies;
if (accessToken) {
const currentUser = await getUser(accessToken);
if (currentUser) {
Object.assign(req, {
accessToken,
currentUser,
});
}
}
return next();