wbrawner/twigs-web
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Check session expiration and update if still valid

Browse source
This commit is contained in:
William Brawner 2021-02-12 22:26:34 -07:00
parent f5f4dbe7e1
commit 9bc86d620a
4 changed files with 21 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/client/environments/environment.ts
View file

@ -4,7 +4,7 @@
export const environment = {
production: false,
apiUrl: 'http://localhost:3000/api'
apiUrl: '/api'
};
/*

5
src/server/index.ts
View file

@ -16,11 +16,6 @@ app.use(express.json());
app.use(express.static(__dirname + '/public'));
// app.get('/', (req, res) => {
// console.log('hit: /');
// res.send('test');
// })
app.use('/api/budgets', budgetRouter);
app.use('/api/categories', categoryRouter);
app.use('/api/permissions', permissionsRouter);

8
src/server/users/user.ts
View file

@ -1,4 +1,4 @@
import { randomId } from '../utils';
import { randomId, twoWeeksFromNow } from '../utils';
export class User {
id: string = randomId();
@ -19,12 +19,6 @@ export class User {
}
}
function twoWeeksFromNow(): Date {
const date = new Date();
date.setDate(date.getDate() + 14);
return date;
}
export class Session {
id: string = randomId();
userId: string;

23
src/server/utils.ts
View file

@ -11,6 +11,12 @@ export function randomId(length = 32): string {
return Array.from(new Array(length), () => CHARACTERS[randomInt(CHARACTERS.length)]).join('');
}
export function twoWeeksFromNow(): Date {
const date = new Date();
date.setDate(date.getDate() + 14);
return date;
}
export function authMiddleware(db: sqlite3.Database): (
req: Request<ParamsDictionary, any, any, QueryString.ParsedQs, Record<string, any>>,
res: Response<any, Record<string, any>>,
@ -23,21 +29,30 @@ export function authMiddleware(db: sqlite3.Database): (
return;
}
const token = auth.substring(7);
db.prepare('SELECT U.id, U.username, U.email FROM user U INNER JOIN session S ON S.user_id = U.id WHERE S.token = ?')
db.prepare('SELECT U.id, U.username, U.email, S.id as sessionId, S.expiration FROM user U INNER JOIN session S ON S.user_id = U.id WHERE S.token = ?')
.get(token, (err, row) => {
if (err) {
console.error(`Auth error: ${err}`)
res.status(401).send();
res.status(500).send("Internal server error");
} else if (!row) {
console.log("Invalid session token")
res.status(401).send("Invalid session token")
} else {
console.log(`Found user for token: ${row}`);
let expiration = new Date(row.expiration);
const now = new Date();
if (expiration < now) {
res.status(401).send("Session expired")
return;
}
expiration = twoWeeksFromNow();
db.prepare('UPDATE session SET expiration = ? WHERE id = ?')
.run([expiration, row.sessionId])
.finalize();
req.user = new User(
row.id,
row.username,
row.email
);
);
next();
}
});