@nocobase/auth 1.3.44-beta → 1.4.0-alpha.0

package/lib/auth-manager.js

@@ -96,13 +96,17 @@ const _AuthManager = class _AuthManager {
    * @description Auth middleware, used to check the authentication status.
    */
   middleware() {
-    return async (ctx, next) => {
+    const self = this;
+    return /* @__PURE__ */ __name(async function AuthManagerMiddleware(ctx, next) {
       var _a;
       const token = ctx.getBearerToken();
       if (token && await ((_a = ctx.app.authManager.jwt.blacklist) == null ? void 0 : _a.has(token))) {
-        return ctx.throw(401, ctx.t("token is not available"));
+        return ctx.throw(401, {
+          code: "TOKEN_INVALID",
+          message: ctx.t("Token is invalid")
+        });
       }
-      const name = ctx.get(this.options.authKey) || this.options.default;
+      const name = ctx.get(self.options.authKey) || self.options.default;
       let authenticator;
       try {
         authenticator = await ctx.app.authManager.get(name, ctx);
@@ -119,7 +123,7 @@ const _AuthManager = class _AuthManager {
         }
       }
       await next();
-    };
+    }, "AuthManagerMiddleware");
   }
 };
 __name(_AuthManager, "AuthManager");

package/lib/base/auth.js

@@ -71,12 +71,12 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
       return null;
     }
     try {
-      const { userId, roleName } = await this.jwt.decode(token);
+      const { userId, roleName, iat, temp } = await this.jwt.decode(token);
       if (roleName) {
         this.ctx.headers["x-role"] = roleName;
       }
       const cache = this.ctx.cache;
-      return await cache.wrap(
+      const user = await cache.wrap(
         this.getCacheKey(userId),
         () => this.userRepository.findOne({
           filter: {
@@ -85,6 +85,10 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
           raw: true
         })
       );
+      if (temp && user.passwordChangeTz && iat * 1e3 < user.passwordChangeTz) {
+        throw new Error("Token is invalid");
+      }
+      return user;
     } catch (err) {
       this.ctx.logger.error(err, { method: "check" });
       return null;
@@ -104,7 +108,8 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
       this.ctx.throw(401, "Unauthorized");
     }
     const token = this.jwt.sign({
-      userId: user.id
+      userId: user.id,
+      temp: true
     });
     return {
       user,
@@ -117,7 +122,7 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
       return;
     }
     const { userId } = await this.jwt.decode(token);
-    await this.ctx.app.emitAsync("beforeSignOut", { userId });
+    await this.ctx.app.emitAsync("cache:del:roles", { userId });
     await this.ctx.cache.del(this.getCacheKey(userId));
     return await this.jwt.block(token);
   }

package/package.json

@@ -1,16 +1,16 @@
 {
   "name": "@nocobase/auth",
-  "version": "1.3.44-beta",
+  "version": "1.4.0-alpha.0",
   "description": "",
   "license": "AGPL-3.0",
   "main": "./lib/index.js",
   "types": "./lib/index.d.ts",
   "dependencies": {
-    "@nocobase/actions": "1.3.44-beta",
-    "@nocobase/cache": "1.3.44-beta",
-    "@nocobase/database": "1.3.44-beta",
-    "@nocobase/resourcer": "1.3.44-beta",
-    "@nocobase/utils": "1.3.44-beta",
+    "@nocobase/actions": "1.4.0-alpha.0",
+    "@nocobase/cache": "1.4.0-alpha.0",
+    "@nocobase/database": "1.4.0-alpha.0",
+    "@nocobase/resourcer": "1.4.0-alpha.0",
+    "@nocobase/utils": "1.4.0-alpha.0",
     "@types/jsonwebtoken": "^8.5.8",
     "jsonwebtoken": "^8.5.1"
   },
@@ -19,5 +19,5 @@
     "url": "git+https://github.com/nocobase/nocobase.git",
     "directory": "packages/auth"
   },
-  "gitHead": "1d5666123ac1e2997e434e38defef963ba0d9f90"
+  "gitHead": "8ffa7b54bbaf720c0c9857da4b19a99110dffc4b"
 }