Browse Source

Merge pull request #8179 from nocodb/nc-fix/refresh-token-update

Nc fix/refresh token update
pull/8180/head
Mert E 9 months ago committed by GitHub
parent
commit
5c821bd354
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
  1. 21
      packages/nocodb/src/models/UserRefreshToken.ts
  2. 16
      packages/nocodb/src/services/users/users.service.ts

21
packages/nocodb/src/models/UserRefreshToken.ts

@ -1,9 +1,18 @@
import process from 'process';
import dayjs from 'dayjs';
import Noco from '~/Noco';
import { extractProps } from '~/helpers/extractProps';
import { MetaTable } from '~/utils/globals';
import { parseMetaProp, stringifyMetaProp } from '~/utils/modelUtils';
const NC_REFRESH_TOKEN_EXP_IN_DAYS =
parseInt(process.env.NC_REFRESH_TOKEN_EXP_IN_DAYS, 10) || 90;
// throw error if user provided invalid value
if (NC_REFRESH_TOKEN_EXP_IN_DAYS <= 0) {
throw new Error('NC_REFRESH_TOKEN_EXP_IN_DAYS must be a positive number');
}
export default class UserRefreshToken {
fk_user_id: string;
token: string;
@ -39,9 +48,11 @@ export default class UserRefreshToken {
'meta',
]);
// set default expiry as 90 days if missing
// set expiry based on the env or default value
if (!('expires_at' in insertObj)) {
insertObj.expires_at = dayjs().add(90, 'day').toDate();
insertObj.expires_at = dayjs()
.add(NC_REFRESH_TOKEN_EXP_IN_DAYS, 'day')
.toDate();
}
if ('meta' in insertObj) {
@ -68,11 +79,11 @@ export default class UserRefreshToken {
null,
MetaTable.USER_REFRESH_TOKENS,
{
token: oldToken,
expires_at: dayjs().add(90, 'day').toDate(),
token: newToken,
expires_at: dayjs().add(NC_REFRESH_TOKEN_EXP_IN_DAYS, 'day').toDate(),
},
{
token: newToken,
token: oldToken,
},
);
}

16
packages/nocodb/src/services/users/users.service.ts

@ -370,9 +370,9 @@ export class UsersService {
NcError.badRequest(`Missing refresh token`);
}
const user = await User.getByRefreshToken(
param.req.cookies.refresh_token,
);
const oldRefreshToken = param.req.cookies.refresh_token;
const user = await User.getByRefreshToken(oldRefreshToken);
if (!user) {
NcError.badRequest(`Invalid refresh token`);
@ -380,10 +380,12 @@ export class UsersService {
const refreshToken = randomTokenString();
await UserRefreshToken.insert({
token: refreshToken,
fk_user_id: user.id,
});
try {
await UserRefreshToken.updateOldToken(oldRefreshToken, refreshToken);
} catch (error) {
console.error('Failed to update old refresh token:', error);
NcError.internalServerError('Failed to update refresh token');
}
setTokenCookie(param.res, refreshToken);

Loading…
Cancel
Save