From f9c13353e23de3380323658ec120d9342fe3e87f Mon Sep 17 00:00:00 2001 From: Pranav C Date: Thu, 4 Apr 2024 09:45:34 +0000 Subject: [PATCH 1/3] fix: delete old token when generating new token --- packages/nocodb/src/models/UserRefreshToken.ts | 4 ++-- packages/nocodb/src/services/users/users.service.ts | 11 ++++------- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/packages/nocodb/src/models/UserRefreshToken.ts b/packages/nocodb/src/models/UserRefreshToken.ts index 5bd644d6bd..75214aface 100644 --- a/packages/nocodb/src/models/UserRefreshToken.ts +++ b/packages/nocodb/src/models/UserRefreshToken.ts @@ -68,11 +68,11 @@ export default class UserRefreshToken { null, MetaTable.USER_REFRESH_TOKENS, { - token: oldToken, + token: newToken, expires_at: dayjs().add(90, 'day').toDate(), }, { - token: newToken, + token: oldToken, }, ); } diff --git a/packages/nocodb/src/services/users/users.service.ts b/packages/nocodb/src/services/users/users.service.ts index c95fc3e565..4ccfbf14f9 100644 --- a/packages/nocodb/src/services/users/users.service.ts +++ b/packages/nocodb/src/services/users/users.service.ts @@ -370,9 +370,9 @@ export class UsersService { NcError.badRequest(`Missing refresh token`); } - const user = await User.getByRefreshToken( - param.req.cookies.refresh_token, - ); + const oldRefreshToken = param.req.cookies.refresh_token; + + const user = await User.getByRefreshToken(oldRefreshToken); if (!user) { NcError.badRequest(`Invalid refresh token`); @@ -380,10 +380,7 @@ export class UsersService { const refreshToken = randomTokenString(); - await UserRefreshToken.insert({ - token: refreshToken, - fk_user_id: user.id, - }); + await UserRefreshToken.updateOldToken(oldRefreshToken, refreshToken); setTokenCookie(param.res, refreshToken); From cbd331c39d8955c7c787b3898a091c4f62c135a3 Mon Sep 17 00:00:00 2001 From: Pranav C Date: Thu, 4 Apr 2024 09:45:35 +0000 Subject: [PATCH 2/3] refactor: introduce env variable --- packages/nocodb/src/models/UserRefreshToken.ts | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/packages/nocodb/src/models/UserRefreshToken.ts b/packages/nocodb/src/models/UserRefreshToken.ts index 75214aface..a349e71c15 100644 --- a/packages/nocodb/src/models/UserRefreshToken.ts +++ b/packages/nocodb/src/models/UserRefreshToken.ts @@ -1,9 +1,13 @@ +import process from 'process'; import dayjs from 'dayjs'; import Noco from '~/Noco'; import { extractProps } from '~/helpers/extractProps'; import { MetaTable } from '~/utils/globals'; import { parseMetaProp, stringifyMetaProp } from '~/utils/modelUtils'; +const NC_REFRESH_TOKEN_EXP_IN_DAYS = + +process.env.NC_REFRESH_TOKEN_EXP_IN_DAYS || 90; + export default class UserRefreshToken { fk_user_id: string; token: string; @@ -41,7 +45,9 @@ export default class UserRefreshToken { // set default expiry as 90 days if missing if (!('expires_at' in insertObj)) { - insertObj.expires_at = dayjs().add(90, 'day').toDate(); + insertObj.expires_at = dayjs() + .add(NC_REFRESH_TOKEN_EXP_IN_DAYS, 'day') + .toDate(); } if ('meta' in insertObj) { @@ -69,7 +75,7 @@ export default class UserRefreshToken { MetaTable.USER_REFRESH_TOKENS, { token: newToken, - expires_at: dayjs().add(90, 'day').toDate(), + expires_at: dayjs().add(NC_REFRESH_TOKEN_EXP_IN_DAYS, 'day').toDate(), }, { token: oldToken, From 0346534831a0c653ae6cbbe46187d74babce9bf3 Mon Sep 17 00:00:00 2001 From: Pranav C Date: Thu, 4 Apr 2024 17:06:28 +0530 Subject: [PATCH 3/3] refactor: suggested review changes Signed-off-by: Pranav C --- packages/nocodb/src/models/UserRefreshToken.ts | 9 +++++++-- packages/nocodb/src/services/users/users.service.ts | 7 ++++++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/packages/nocodb/src/models/UserRefreshToken.ts b/packages/nocodb/src/models/UserRefreshToken.ts index a349e71c15..ae4d805fd0 100644 --- a/packages/nocodb/src/models/UserRefreshToken.ts +++ b/packages/nocodb/src/models/UserRefreshToken.ts @@ -6,7 +6,12 @@ import { MetaTable } from '~/utils/globals'; import { parseMetaProp, stringifyMetaProp } from '~/utils/modelUtils'; const NC_REFRESH_TOKEN_EXP_IN_DAYS = - +process.env.NC_REFRESH_TOKEN_EXP_IN_DAYS || 90; + parseInt(process.env.NC_REFRESH_TOKEN_EXP_IN_DAYS, 10) || 90; + +// throw error if user provided invalid value +if (NC_REFRESH_TOKEN_EXP_IN_DAYS <= 0) { + throw new Error('NC_REFRESH_TOKEN_EXP_IN_DAYS must be a positive number'); +} export default class UserRefreshToken { fk_user_id: string; @@ -43,7 +48,7 @@ export default class UserRefreshToken { 'meta', ]); - // set default expiry as 90 days if missing + // set expiry based on the env or default value if (!('expires_at' in insertObj)) { insertObj.expires_at = dayjs() .add(NC_REFRESH_TOKEN_EXP_IN_DAYS, 'day') diff --git a/packages/nocodb/src/services/users/users.service.ts b/packages/nocodb/src/services/users/users.service.ts index 4ccfbf14f9..9010192250 100644 --- a/packages/nocodb/src/services/users/users.service.ts +++ b/packages/nocodb/src/services/users/users.service.ts @@ -380,7 +380,12 @@ export class UsersService { const refreshToken = randomTokenString(); - await UserRefreshToken.updateOldToken(oldRefreshToken, refreshToken); + try { + await UserRefreshToken.updateOldToken(oldRefreshToken, refreshToken); + } catch (error) { + console.error('Failed to update old refresh token:', error); + NcError.internalServerError('Failed to update refresh token'); + } setTokenCookie(param.res, refreshToken);