Browse Source

Merge pull request #2423 from nocodb/fix/jwt-expiresIn

fix: expired jwt token still usable
pull/2436/head
Pranav C 2 years ago committed by GitHub
parent
commit
f05e8dc3fe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 36
      packages/nocodb/src/lib/Noco.ts
  2. 9
      packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts

36
packages/nocodb/src/lib/Noco.ts

@ -187,7 +187,7 @@ export default class Noco {
} }
await Noco._ncMeta.metaInit(); await Noco._ncMeta.metaInit();
await this.readOrGenJwtSecret(); await this.initJwt();
await initAdminFromEnv(); await initAdminFromEnv();
await NcUpgrader.upgrade({ ncMeta: Noco._ncMeta }); await NcUpgrader.upgrade({ ncMeta: Noco._ncMeta });
@ -489,20 +489,28 @@ export default class Noco {
} }
} }
private async readOrGenJwtSecret(): Promise<any> { private async initJwt(): Promise<any> {
if (this.config?.auth?.jwt && !this.config.auth.jwt.secret) { if (this.config?.auth?.jwt) {
let secret = ( if (!this.config.auth.jwt.secret) {
await Noco._ncMeta.metaGet('', '', 'nc_store', { let secret = (
key: 'nc_auth_jwt_secret' await Noco._ncMeta.metaGet('', '', 'nc_store', {
}) key: 'nc_auth_jwt_secret'
)?.value; })
if (!secret) { )?.value;
await Noco._ncMeta.metaInsert('', '', 'nc_store', { if (!secret) {
key: 'nc_auth_jwt_secret', await Noco._ncMeta.metaInsert('', '', 'nc_store', {
value: secret = uuidv4() key: 'nc_auth_jwt_secret',
}); value: secret = uuidv4()
});
}
this.config.auth.jwt.secret = secret;
}
this.config.auth.jwt.options = this.config.auth.jwt.options || {};
if (!this.config.auth.jwt.options?.expiresIn) {
this.config.auth.jwt.options.expiresIn =
process.env.NC_JWT_EXPIRES_IN ?? '10h';
} }
this.config.auth.jwt.secret = secret;
} }
let serverId = ( let serverId = (
await Noco._ncMeta.metaGet('', '', 'nc_store', { await Noco._ncMeta.metaGet('', '', 'nc_store', {

9
packages/nocodb/src/lib/meta/api/userApi/initStrategies.ts

@ -2,18 +2,17 @@ import User from '../../../models/User';
import ProjectUser from '../../../models/ProjectUser'; import ProjectUser from '../../../models/ProjectUser';
import { promisify } from 'util'; import { promisify } from 'util';
import { Strategy as CustomStrategy } from 'passport-custom'; import { Strategy as CustomStrategy } from 'passport-custom';
import { Strategy } from 'passport-jwt';
import passport from 'passport'; import passport from 'passport';
import { ExtractJwt } from 'passport-jwt'; import passportJWT from 'passport-jwt';
import { Strategy as AuthTokenStrategy } from 'passport-auth-token'; import { Strategy as AuthTokenStrategy } from 'passport-auth-token';
import { Strategy as GoogleStrategy } from 'passport-google-oauth20'; import { Strategy as GoogleStrategy } from 'passport-google-oauth20';
import { randomTokenString } from '../../helpers/stringHelpers'; import { randomTokenString } from '../../helpers/stringHelpers';
const PassportLocalStrategy = require('passport-local').Strategy; const PassportLocalStrategy = require('passport-local').Strategy;
const ExtractJwt = passportJWT.ExtractJwt;
const JwtStrategy = passportJWT.Strategy;
const jwtOptions = { const jwtOptions = {
expiresIn: process.env.NC_JWT_EXPIRES_IN ?? '10h',
jwtFromRequest: ExtractJwt.fromHeader('xc-auth') jwtFromRequest: ExtractJwt.fromHeader('xc-auth')
}; };
@ -84,7 +83,7 @@ export function initStrategies(router): void {
}); });
passport.use( passport.use(
new Strategy( new JwtStrategy(
{ {
secretOrKey: Noco.getConfig().auth.jwt.secret, secretOrKey: Noco.getConfig().auth.jwt.secret,
...jwtOptions, ...jwtOptions,

Loading…
Cancel
Save