Browse Source

fix: set refresh-token on login and correction in refresh-token based api

Signed-off-by: Pranav C <pranavxc@gmail.com>
pull/5764/head
Pranav C 2 years ago
parent
commit
215dea81c6
  1. 118
      packages/nocodb/src/controllers/users/users.controller.ts

118
packages/nocodb/src/controllers/users/users.controller.ts

@ -1,5 +1,3 @@
import { promisify } from 'util';
import { AuditOperationSubTypes, AuditOperationTypes } from 'nocodb-sdk';
import {
Body,
Controller,
@ -15,27 +13,18 @@ import * as ejs from 'ejs';
import { AuthGuard } from '@nestjs/passport';
import { GlobalGuard } from '../../guards/global/global.guard';
import { NcError } from '../../helpers/catchError';
import { Acl } from '../../middlewares/extract-project-id/extract-project-id.middleware';
import { User } from '../../models';
import {
Acl,
ExtractProjectIdMiddleware,
} from '../../middlewares/extract-project-id/extract-project-id.middleware';
import Noco from '../../Noco';
import { GoogleStrategy } from '../../strategies/google.strategy/google.strategy';
import extractRolesObj from '../../utils/extractRolesObj';
import { Audit, User } from '../../models';
import {
genJwt,
randomTokenString,
setTokenCookie,
} from '../../services/users/helpers';
import { UsersService } from '../../services/users/users.service';
import extractRolesObj from '../../utils/extractRolesObj';
@Controller()
export class UsersController {
constructor(
private readonly usersService: UsersService,
private googleStrategy: GoogleStrategy,
) {}
constructor(private readonly usersService: UsersService) {}
@Post([
'/auth/user/signup',
@ -59,56 +48,14 @@ export class UsersController {
'/api/v1/auth/token/refresh',
])
@HttpCode(200)
async refreshToken(@Request() req: any, @Request() res: any): Promise<any> {
return await this.usersService.refreshToken({
body: req.body,
req,
res,
});
}
async successfulSignIn({ user, err, info, req, res, auditDescription }) {
try {
if (!user || !user.email) {
if (err) {
return res.status(400).send(err);
}
if (info) {
return res.status(400).send(info);
}
return res.status(400).send({ msg: 'Your signin has failed' });
}
await promisify((req as any).login.bind(req))(user);
const refreshToken = randomTokenString();
if (!user.token_version) {
user.token_version = randomTokenString();
}
await User.update(user.id, {
refresh_token: refreshToken,
email: user.email,
token_version: user.token_version,
});
setTokenCookie(res, refreshToken);
await Audit.insert({
op_type: AuditOperationTypes.AUTHENTICATION,
op_sub_type: AuditOperationSubTypes.SIGNIN,
user: user.email,
ip: req.clientIp,
description: auditDescription,
});
res.json({
token: genJwt(user, Noco.getConfig()),
} as any);
} catch (e) {
console.log(e);
throw e;
}
async refreshToken(@Request() req: any, @Response() res: any): Promise<any> {
res.json(
await this.usersService.refreshToken({
body: req.body,
req,
res,
}),
);
}
@Post([
@ -118,8 +65,9 @@ export class UsersController {
])
@UseGuards(AuthGuard('local'))
@HttpCode(200)
async signin(@Request() req) {
return this.usersService.login(req.user);
async signin(@Request() req, @Response() res) {
await this.setRefreshToken({ req, res });
res.json(this.usersService.login(req.user));
}
@Post('/api/v1/auth/user/signout')
@ -136,22 +84,19 @@ export class UsersController {
@Post(`/auth/google/genTokenByCode`)
@HttpCode(200)
@UseGuards(AuthGuard('google'))
async googleSignin(@Request() req) {
return this.usersService.login(req.user);
async googleSignin(@Request() req, @Response() res) {
await this.setRefreshToken({ req, res });
res.json(this.usersService.login(req.user));
}
@Get('/auth/google')
@UseGuards(AuthGuard('google'))
googleAuthenticate(@Request() req) {
// this.googleStrategy.authenticate(req, {
// scope: ['profile', 'email'],
// state: req.query.state,
// callbackURL: req.ncSiteUrl + Noco.getConfig().dashboardPath,
// });
// google strategy will take care the request
}
@Get(['/auth/user/me', '/api/v1/db/auth/user/me', '/api/v1/auth/user/me'])
@UseGuards(ExtractProjectIdMiddleware, GlobalGuard)
@UseGuards(GlobalGuard)
async me(@Request() req) {
const user = {
...req.user,
@ -269,4 +214,27 @@ export class UsersController {
return res.status(400).json({ msg: e.message });
}
}
async setRefreshToken({ res, req }) {
const userId = req.user?.id;
if (!userId) return;
const user: any = await User.get(userId);
if (!user) return;
const refreshToken = randomTokenString();
if (!user.token_version) {
user.token_version = randomTokenString();
}
await User.update(user.id, {
refresh_token: refreshToken,
email: user.email,
token_version: user.token_version,
});
setTokenCookie(res, refreshToken);
}
}

Loading…
Cancel
Save