Merge pull request #2423 from nocodb/fix/jwt-expiresIn

fix: expired jwt token still usable
2 years ago · f05e8dc3fe
2 changed files with 26 additions and 19 deletions
--- a/packages/nocodb/src/lib/Noco.ts
+++ b/packages/nocodb/src/lib/Noco.ts
@ -187,7 +187,7 @@ export default class Noco {
    }

    await Noco._ncMeta.metaInit();
-    await this.readOrGenJwtSecret();
+    await this.initJwt();
    await initAdminFromEnv();

    await NcUpgrader.upgrade({ ncMeta: Noco._ncMeta });
@ -489,20 +489,28 @@ export default class Noco {
    }
  }

-  private async readOrGenJwtSecret(): Promise<any> {
-    if (this.config?.auth?.jwt && !this.config.auth.jwt.secret) {
-      let secret = (
-        await Noco._ncMeta.metaGet('', '', 'nc_store', {
-          key: 'nc_auth_jwt_secret'
-        })
-      )?.value;
-      if (!secret) {
-        await Noco._ncMeta.metaInsert('', '', 'nc_store', {
-          key: 'nc_auth_jwt_secret',
-          value: secret = uuidv4()
-        });
+  private async initJwt(): Promise<any> {
+    if (this.config?.auth?.jwt) {
+      if (!this.config.auth.jwt.secret) {
+        let secret = (
+          await Noco._ncMeta.metaGet('', '', 'nc_store', {
+            key: 'nc_auth_jwt_secret'
+          })
+        )?.value;
+        if (!secret) {
+          await Noco._ncMeta.metaInsert('', '', 'nc_store', {
+            key: 'nc_auth_jwt_secret',
+            value: secret = uuidv4()
+          });
+        }
+        this.config.auth.jwt.secret = secret;
+      }
+
+      this.config.auth.jwt.options = this.config.auth.jwt.options || {};
+      if (!this.config.auth.jwt.options?.expiresIn) {
+        this.config.auth.jwt.options.expiresIn =
+          process.env.NC_JWT_EXPIRES_IN ?? '10h';
      }
-      this.config.auth.jwt.secret = secret;
    }
    let serverId = (
      await Noco._ncMeta.metaGet('', '', 'nc_store', {
--- a/packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts
+++ b/packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts
@ -2,18 +2,17 @@ import User from '../../../models/User';
 import ProjectUser from '../../../models/ProjectUser';
 import { promisify } from 'util';
 import { Strategy as CustomStrategy } from 'passport-custom';
-
-import { Strategy } from 'passport-jwt';
 import passport from 'passport';
-import { ExtractJwt } from 'passport-jwt';
+import passportJWT from 'passport-jwt';
 import { Strategy as AuthTokenStrategy } from 'passport-auth-token';
 import { Strategy as GoogleStrategy } from 'passport-google-oauth20';
 import { randomTokenString } from '../../helpers/stringHelpers';

 const PassportLocalStrategy = require('passport-local').Strategy;
+const ExtractJwt = passportJWT.ExtractJwt;
+const JwtStrategy = passportJWT.Strategy;

 const jwtOptions = {
-  expiresIn: process.env.NC_JWT_EXPIRES_IN ?? '10h',
  jwtFromRequest: ExtractJwt.fromHeader('xc-auth')
 };

@ -84,7 +83,7 @@ export function initStrategies(router): void {
  });

  passport.use(
-    new Strategy(
+    new JwtStrategy(
      {
        secretOrKey: Noco.getConfig().auth.jwt.secret,
        ...jwtOptions,