Check session expiration and update if still valid
This commit is contained in:
parent
f5f4dbe7e1
commit
9bc86d620a
4 changed files with 21 additions and 17 deletions
|
@ -4,7 +4,7 @@
|
|||
|
||||
export const environment = {
|
||||
production: false,
|
||||
apiUrl: 'http://localhost:3000/api'
|
||||
apiUrl: '/api'
|
||||
};
|
||||
|
||||
/*
|
||||
|
|
|
@ -16,11 +16,6 @@ app.use(express.json());
|
|||
|
||||
app.use(express.static(__dirname + '/public'));
|
||||
|
||||
// app.get('/', (req, res) => {
|
||||
// console.log('hit: /');
|
||||
// res.send('test');
|
||||
// })
|
||||
|
||||
app.use('/api/budgets', budgetRouter);
|
||||
app.use('/api/categories', categoryRouter);
|
||||
app.use('/api/permissions', permissionsRouter);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
import { randomId } from '../utils';
|
||||
import { randomId, twoWeeksFromNow } from '../utils';
|
||||
|
||||
export class User {
|
||||
id: string = randomId();
|
||||
|
@ -19,12 +19,6 @@ export class User {
|
|||
}
|
||||
}
|
||||
|
||||
function twoWeeksFromNow(): Date {
|
||||
const date = new Date();
|
||||
date.setDate(date.getDate() + 14);
|
||||
return date;
|
||||
}
|
||||
|
||||
export class Session {
|
||||
id: string = randomId();
|
||||
userId: string;
|
||||
|
|
|
@ -11,6 +11,12 @@ export function randomId(length = 32): string {
|
|||
return Array.from(new Array(length), () => CHARACTERS[randomInt(CHARACTERS.length)]).join('');
|
||||
}
|
||||
|
||||
export function twoWeeksFromNow(): Date {
|
||||
const date = new Date();
|
||||
date.setDate(date.getDate() + 14);
|
||||
return date;
|
||||
}
|
||||
|
||||
export function authMiddleware(db: sqlite3.Database): (
|
||||
req: Request<ParamsDictionary, any, any, QueryString.ParsedQs, Record<string, any>>,
|
||||
res: Response<any, Record<string, any>>,
|
||||
|
@ -23,16 +29,25 @@ export function authMiddleware(db: sqlite3.Database): (
|
|||
return;
|
||||
}
|
||||
const token = auth.substring(7);
|
||||
db.prepare('SELECT U.id, U.username, U.email FROM user U INNER JOIN session S ON S.user_id = U.id WHERE S.token = ?')
|
||||
db.prepare('SELECT U.id, U.username, U.email, S.id as sessionId, S.expiration FROM user U INNER JOIN session S ON S.user_id = U.id WHERE S.token = ?')
|
||||
.get(token, (err, row) => {
|
||||
if (err) {
|
||||
console.error(`Auth error: ${err}`)
|
||||
res.status(401).send();
|
||||
res.status(500).send("Internal server error");
|
||||
} else if (!row) {
|
||||
console.log("Invalid session token")
|
||||
res.status(401).send("Invalid session token")
|
||||
} else {
|
||||
console.log(`Found user for token: ${row}`);
|
||||
let expiration = new Date(row.expiration);
|
||||
const now = new Date();
|
||||
if (expiration < now) {
|
||||
res.status(401).send("Session expired")
|
||||
return;
|
||||
}
|
||||
expiration = twoWeeksFromNow();
|
||||
db.prepare('UPDATE session SET expiration = ? WHERE id = ?')
|
||||
.run([expiration, row.sessionId])
|
||||
.finalize();
|
||||
req.user = new User(
|
||||
row.id,
|
||||
row.username,
|
||||
|
|
Loading…
Reference in a new issue