npm - @budibase/worker - Versions diffs - 3.12.12 → 3.12.14 - Mend

@budibase/worker 3.12.12 → 3.12.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/package.json +2 -2
package/src/api/controllers/global/auth.ts +11 -3
package/src/environment.ts +2 -0
package/src/sdk/auth/auth.ts +8 -2
package/src/sdk/auth/tests/auth.spec.ts +20 -0

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@budibase/worker",
   "email": "hi@budibase.com",
-  "version": "3.12.12",
+  "version": "3.12.14",
   "description": "Budibase background service",
   "main": "src/index.ts",
   "repository": {
@@ -113,5 +113,5 @@
       }
     }
   },
-  "gitHead": "77b10df86f5e46825b5e894f9eec9b8f401e4a45"
+  "gitHead": "dbe8dd62a6714a1bf0768542434fdeca2f81052b"
 }

package/src/api/controllers/global/auth.ts CHANGED Viewed

@@ -53,12 +53,20 @@ async function passportCallback(
     return ctx.throw(403, info ? info : "Unauthorized")
   }
-  const token = await authSdk.loginUser(user)
+  const loginResult = await authSdk.loginUser(user)
   // set a cookie for browser access
-  setCookie(ctx, token, Cookie.Auth, { sign: false })
+  setCookie(ctx, loginResult.token, Cookie.Auth, { sign: false })
   // set the token in a header as well for APIs
-  ctx.set(Header.TOKEN, token)
+  ctx.set(Header.TOKEN, loginResult.token)
+  // add session invalidation info to response headers for frontend to handle
+  if (loginResult.invalidatedSessionCount > 0) {
+    ctx.set(
+      "X-Session-Invalidated-Count",
+      loginResult.invalidatedSessionCount.toString()
+    )
+  }
 }
 export const login = async (

package/src/environment.ts CHANGED Viewed

@@ -38,6 +38,8 @@ const environment = {
   COUCH_DB_URL: process.env.COUCH_DB_URL,
   REDIS_URL: process.env.REDIS_URL,
   ACCOUNT_PORTAL_URL: process.env.ACCOUNT_PORTAL_URL,
+  INTERNAL_ACCOUNT_PORTAL_URL:
+    process.env.INTERNAL_ACCOUNT_PORTAL_URL || process.env.ACCOUNT_PORTAL_URL,
   PLATFORM_URL: process.env.PLATFORM_URL,
   APPS_URL: process.env.APPS_URL,
   // ports

package/src/sdk/auth/auth.ts CHANGED Viewed

@@ -18,12 +18,13 @@ import * as emails from "../../utilities/email"
 export async function loginUser(user: User) {
   const sessionId = coreUtils.newid()
   const tenantId = tenancy.getTenantId()
-  await sessions.createASession(user._id!, {
+  const sessionResult = await sessions.createASession(user._id!, {
     sessionId,
     tenantId,
     email: user.email,
   })
-  return jwt.sign(
+  const token = jwt.sign(
     {
       userId: user._id,
       sessionId,
@@ -32,6 +33,11 @@ export async function loginUser(user: User) {
     },
     coreEnv.JWT_SECRET!
   )
+  return {
+    token,
+    invalidatedSessionCount: sessionResult.invalidatedSessionCount,
+  }
 }
 export async function logout(opts: PlatformLogoutOpts) {

package/src/sdk/auth/tests/auth.spec.ts CHANGED Viewed

@@ -68,5 +68,25 @@ describe("auth", () => {
         expect(await sessions.getSessionsForUser(user._id!)).toHaveLength(0)
       })
     })
+    it("loginUser should return session invalidation count", async () => {
+      await context.doInTenant(structures.tenant.id(), async () => {
+        const user = await config.createUser()
+        const loginResult1 = await loginUser(user)
+        expect(loginResult1.invalidatedSessionCount).toBe(0)
+        const loginResult2 = await loginUser(user)
+        expect(loginResult2.invalidatedSessionCount).toBe(0)
+        const loginResult3 = await loginUser(user)
+        expect(loginResult3.invalidatedSessionCount).toBe(0)
+        const loginResult4 = await loginUser(user)
+        expect(loginResult4.invalidatedSessionCount).toBe(1)
+        expect(await sessions.getSessionsForUser(user._id!)).toHaveLength(3)
+      })
+    })
   })
 })