@nocobase/auth 1.3.38-beta → 1.4.0-alpha
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/auth-manager.js +4 -1
- package/lib/base/auth.js +9 -4
- package/package.json +7 -7
package/lib/auth-manager.js
CHANGED
|
@@ -100,7 +100,10 @@ const _AuthManager = class _AuthManager {
|
|
|
100
100
|
var _a;
|
|
101
101
|
const token = ctx.getBearerToken();
|
|
102
102
|
if (token && await ((_a = ctx.app.authManager.jwt.blacklist) == null ? void 0 : _a.has(token))) {
|
|
103
|
-
return ctx.throw(401,
|
|
103
|
+
return ctx.throw(401, {
|
|
104
|
+
code: "TOKEN_INVALID",
|
|
105
|
+
message: ctx.t("Token is invalid")
|
|
106
|
+
});
|
|
104
107
|
}
|
|
105
108
|
const name = ctx.get(this.options.authKey) || this.options.default;
|
|
106
109
|
let authenticator;
|
package/lib/base/auth.js
CHANGED
|
@@ -71,12 +71,12 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
|
|
|
71
71
|
return null;
|
|
72
72
|
}
|
|
73
73
|
try {
|
|
74
|
-
const { userId, roleName } = await this.jwt.decode(token);
|
|
74
|
+
const { userId, roleName, iat, temp } = await this.jwt.decode(token);
|
|
75
75
|
if (roleName) {
|
|
76
76
|
this.ctx.headers["x-role"] = roleName;
|
|
77
77
|
}
|
|
78
78
|
const cache = this.ctx.cache;
|
|
79
|
-
|
|
79
|
+
const user = await cache.wrap(
|
|
80
80
|
this.getCacheKey(userId),
|
|
81
81
|
() => this.userRepository.findOne({
|
|
82
82
|
filter: {
|
|
@@ -85,6 +85,10 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
|
|
|
85
85
|
raw: true
|
|
86
86
|
})
|
|
87
87
|
);
|
|
88
|
+
if (temp && user.passwordChangeTz && iat * 1e3 < user.passwordChangeTz) {
|
|
89
|
+
throw new Error("Token is invalid");
|
|
90
|
+
}
|
|
91
|
+
return user;
|
|
88
92
|
} catch (err) {
|
|
89
93
|
this.ctx.logger.error(err, { method: "check" });
|
|
90
94
|
return null;
|
|
@@ -104,7 +108,8 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
|
|
|
104
108
|
this.ctx.throw(401, "Unauthorized");
|
|
105
109
|
}
|
|
106
110
|
const token = this.jwt.sign({
|
|
107
|
-
userId: user.id
|
|
111
|
+
userId: user.id,
|
|
112
|
+
temp: true
|
|
108
113
|
});
|
|
109
114
|
return {
|
|
110
115
|
user,
|
|
@@ -117,7 +122,7 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
|
|
|
117
122
|
return;
|
|
118
123
|
}
|
|
119
124
|
const { userId } = await this.jwt.decode(token);
|
|
120
|
-
await this.ctx.app.emitAsync("
|
|
125
|
+
await this.ctx.app.emitAsync("cache:del:roles", { userId });
|
|
121
126
|
await this.ctx.cache.del(this.getCacheKey(userId));
|
|
122
127
|
return await this.jwt.block(token);
|
|
123
128
|
}
|
package/package.json
CHANGED
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@nocobase/auth",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.4.0-alpha",
|
|
4
4
|
"description": "",
|
|
5
5
|
"license": "AGPL-3.0",
|
|
6
6
|
"main": "./lib/index.js",
|
|
7
7
|
"types": "./lib/index.d.ts",
|
|
8
8
|
"dependencies": {
|
|
9
|
-
"@nocobase/actions": "1.
|
|
10
|
-
"@nocobase/cache": "1.
|
|
11
|
-
"@nocobase/database": "1.
|
|
12
|
-
"@nocobase/resourcer": "1.
|
|
13
|
-
"@nocobase/utils": "1.
|
|
9
|
+
"@nocobase/actions": "1.4.0-alpha",
|
|
10
|
+
"@nocobase/cache": "1.4.0-alpha",
|
|
11
|
+
"@nocobase/database": "1.4.0-alpha",
|
|
12
|
+
"@nocobase/resourcer": "1.4.0-alpha",
|
|
13
|
+
"@nocobase/utils": "1.4.0-alpha",
|
|
14
14
|
"@types/jsonwebtoken": "^8.5.8",
|
|
15
15
|
"jsonwebtoken": "^8.5.1"
|
|
16
16
|
},
|
|
@@ -19,5 +19,5 @@
|
|
|
19
19
|
"url": "git+https://github.com/nocobase/nocobase.git",
|
|
20
20
|
"directory": "packages/auth"
|
|
21
21
|
},
|
|
22
|
-
"gitHead": "
|
|
22
|
+
"gitHead": "f097a2bddec152522b5645bd5d451f4c866d2060"
|
|
23
23
|
}
|