destroy all user refresh tokens on logout
This commit is contained in:
parent
cc0f32a75f
commit
f00547de09
@ -12,7 +12,7 @@ export const useJwtRefresh = (authToken, setAuthToken) => {
|
|||||||
} else {
|
} else {
|
||||||
setAuthToken(null);
|
setAuthToken(null);
|
||||||
}
|
}
|
||||||
}, 60000 * 10); // 10 minutes
|
}, 60000 * 0.5); // 10 minutes
|
||||||
}
|
}
|
||||||
return () => clearTimeout(refreshTimer.current);
|
return () => clearTimeout(refreshTimer.current);
|
||||||
}, [authToken]);
|
}, [authToken]);
|
||||||
|
@ -25,14 +25,14 @@ export class RefreshTokensController {
|
|||||||
const tokenBody = this.jwtService.parseRefreshToken(refreshToken) as RefreshTokenBody;
|
const tokenBody = this.jwtService.parseRefreshToken(refreshToken) as RefreshTokenBody;
|
||||||
|
|
||||||
const user = await this.usersService.find(tokenBody.userId, ['refreshTokens', 'userRoles']);
|
const user = await this.usersService.find(tokenBody.userId, ['refreshTokens', 'userRoles']);
|
||||||
const userRoles = await this.rolesService.findByIds(user.userRoles.map((ur) => ur.roleId));
|
const roles = await this.rolesService.findByIds(user.userRoles.map((ur) => ur.roleId));
|
||||||
|
|
||||||
const userRefreshToken = user.refreshTokens.find((t) => t.id === tokenBody.id);
|
const userRefreshToken = user.refreshTokens.find((t) => t.id === tokenBody.id);
|
||||||
if (!userRefreshToken) {
|
if (!userRefreshToken) {
|
||||||
throw new HttpException('User refresh token not found', 401);
|
throw new HttpException('User refresh token not found', 401);
|
||||||
}
|
}
|
||||||
|
|
||||||
const token = this.jwtService.issueToken({ userId: user.id, roles: userRoles.map((r) => r.key) });
|
const token = this.jwtService.issueToken({ userId: user.id, roles: roles.map((r) => r.key) });
|
||||||
return { token };
|
return { token };
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -8,6 +8,8 @@ import { RefreshToken } from 'server/entities/refresh_token.entity';
|
|||||||
import { Skip } from 'server/decorators/skip.decorator';
|
import { Skip } from 'server/decorators/skip.decorator';
|
||||||
import { AuthGuard } from 'server/providers/guards/auth.guard';
|
import { AuthGuard } from 'server/providers/guards/auth.guard';
|
||||||
import { RolesService } from 'server/providers/services/roles.service';
|
import { RolesService } from 'server/providers/services/roles.service';
|
||||||
|
import { JwtBody } from 'server/decorators/jwt_body.decorator';
|
||||||
|
import { JwtBodyDto } from 'server/dto/jwt_body.dto';
|
||||||
|
|
||||||
// this is kind of a misnomer because we are doing token based auth
|
// this is kind of a misnomer because we are doing token based auth
|
||||||
// instead of session based auth
|
// instead of session based auth
|
||||||
@ -53,7 +55,9 @@ export class SessionsController {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Delete('/sessions')
|
@Delete('/sessions')
|
||||||
async destroy(@Res({ passthrough: true }) res: Response) {
|
async destroy(@Res({ passthrough: true }) res: Response, @JwtBody() jwtBody: JwtBodyDto) {
|
||||||
|
const user = await this.usersService.find(jwtBody.userId, ['refreshTokens']);
|
||||||
|
await this.refreshTokenService.destroy(...user.refreshTokens);
|
||||||
res.clearCookie('_refresh_token');
|
res.clearCookie('_refresh_token');
|
||||||
return { success: true };
|
return { success: true };
|
||||||
}
|
}
|
||||||
|
@ -14,7 +14,7 @@ export class RefreshTokensService {
|
|||||||
return this.refreshTokenRespository.save(refreshToken);
|
return this.refreshTokenRespository.save(refreshToken);
|
||||||
}
|
}
|
||||||
|
|
||||||
destroy(refreshToken: RefreshToken) {
|
destroy(...refreshTokens: RefreshToken[]) {
|
||||||
return this.refreshTokenRespository.remove(refreshToken);
|
return this.refreshTokenRespository.remove(refreshTokens);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user