Browse Source

fix: expired jwt token still usable

pull/2423/head
Wing-Kam Wong 3 years ago
parent
commit
284e2a69ea
  1. 36
      packages/nocodb/src/lib/Noco.ts
  2. 9
      packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts

36
packages/nocodb/src/lib/Noco.ts

@ -187,7 +187,7 @@ export default class Noco {
}
await Noco._ncMeta.metaInit();
await this.readOrGenJwtSecret();
await this.initJwt();
await initAdminFromEnv();
await NcUpgrader.upgrade({ ncMeta: Noco._ncMeta });
@ -489,20 +489,28 @@ export default class Noco {
}
}
private async readOrGenJwtSecret(): Promise<any> {
if (this.config?.auth?.jwt && !this.config.auth.jwt.secret) {
let secret = (
await Noco._ncMeta.metaGet('', '', 'nc_store', {
key: 'nc_auth_jwt_secret'
})
)?.value;
if (!secret) {
await Noco._ncMeta.metaInsert('', '', 'nc_store', {
key: 'nc_auth_jwt_secret',
value: secret = uuidv4()
});
private async initJwt(): Promise<any> {
if (this.config?.auth?.jwt) {
if (!this.config.auth.jwt.secret) {
let secret = (
await Noco._ncMeta.metaGet('', '', 'nc_store', {
key: 'nc_auth_jwt_secret'
})
)?.value;
if (!secret) {
await Noco._ncMeta.metaInsert('', '', 'nc_store', {
key: 'nc_auth_jwt_secret',
value: secret = uuidv4()
});
}
this.config.auth.jwt.secret = secret;
}
this.config.auth.jwt.options = this.config.auth.jwt.options || {};
if (!this.config.auth.jwt.options?.expiresIn) {
this.config.auth.jwt.options.expiresIn =
process.env.NC_JWT_EXPIRES_IN ?? '10h';
}
this.config.auth.jwt.secret = secret;
}
let serverId = (
await Noco._ncMeta.metaGet('', '', 'nc_store', {

9
packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts

@ -2,18 +2,17 @@ import User from '../../../models/User';
import ProjectUser from '../../../models/ProjectUser';
import { promisify } from 'util';
import { Strategy as CustomStrategy } from 'passport-custom';
import { Strategy } from 'passport-jwt';
import passport from 'passport';
import { ExtractJwt } from 'passport-jwt';
import passportJWT from 'passport-jwt';
import { Strategy as AuthTokenStrategy } from 'passport-auth-token';
import { Strategy as GoogleStrategy } from 'passport-google-oauth20';
import { randomTokenString } from '../../helpers/stringHelpers';
const PassportLocalStrategy = require('passport-local').Strategy;
const ExtractJwt = passportJWT.ExtractJwt;
const JwtStrategy = passportJWT.Strategy;
const jwtOptions = {
expiresIn: process.env.NC_JWT_EXPIRES_IN ?? '10h',
jwtFromRequest: ExtractJwt.fromHeader('xc-auth')
};
@ -84,7 +83,7 @@ export function initStrategies(router): void {
});
passport.use(
new Strategy(
new JwtStrategy(
{
secretOrKey: Noco.getConfig().auth.jwt.secret,
...jwtOptions,

Loading…
Cancel
Save