npm - @nocobase/auth - Versions diffs - 1.6.0-alpha.20 → 1.6.0-alpha.22 - Mend

@nocobase/auth 1.6.0-alpha.20 → 1.6.0-alpha.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/lib/auth.d.ts CHANGED Viewed

@@ -24,6 +24,7 @@ export declare const AuthErrorCode: {
     BLOCKED_TOKEN: "BLOCKED_TOKEN";
     EXPIRED_SESSION: "EXPIRED_SESSION";
     NOT_EXIST_USER: "NOT_EXIST_USER";
+    SKIP_TOKEN_RENEW: "SKIP_TOKEN_RENEW";
 };
 export type AuthErrorType = keyof typeof AuthErrorCode;
 export declare class AuthError extends Error {

package/lib/auth.js CHANGED Viewed

@@ -41,7 +41,8 @@ const AuthErrorCode = {
   TOKEN_RENEW_FAILED: "TOKEN_RENEW_FAILED",
   BLOCKED_TOKEN: "BLOCKED_TOKEN",
   EXPIRED_SESSION: "EXPIRED_SESSION",
-  NOT_EXIST_USER: "NOT_EXIST_USER"
+  NOT_EXIST_USER: "NOT_EXIST_USER",
+  SKIP_TOKEN_RENEW: "SKIP_TOKEN_RENEW"
 };
 const _AuthError = class _AuthError extends Error {
   code;

package/lib/base/auth.js CHANGED Viewed

@@ -81,6 +81,7 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
     return /^[^@.<>"'/]{1,50}$/.test(username);
   }
   async check() {
+    var _a, _b, _c, _d, _e, _f;
     const token = this.ctx.getBearerToken();
     if (!token) {
       this.ctx.throw(401, {
@@ -106,6 +107,16 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
       }
     }
     const { userId, roleName, iat, temp, jti, exp, signInTime } = payload ?? {};
+    const tokenPolicy = await this.tokenController.getConfig();
+    if (!signInTime || Date.now() - signInTime > tokenPolicy.sessionExpirationTime) {
+      this.ctx.throw(401, {
+        message: this.ctx.t("Your session has expired. Please sign in again.", { ns: localeNamespace }),
+        code: import_auth.AuthErrorCode.EXPIRED_SESSION
+      });
+    }
+    if (tokenStatus === "valid" && Date.now() - iat * 1e3 > tokenPolicy.tokenExpirationTime) {
+      tokenStatus = "expired";
+    }
     const blocked = await this.jwt.blacklist.has(jti ?? token);
     if (blocked) {
       this.ctx.throw(401, {
@@ -139,13 +150,6 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
       });
     }
     if (tokenStatus === "expired") {
-      const tokenPolicy = await this.tokenController.getConfig();
-      if (!signInTime || Date.now() - signInTime > tokenPolicy.sessionExpirationTime) {
-        this.ctx.throw(401, {
-          message: this.ctx.t("Your session has expired. Please sign in again.", { ns: localeNamespace }),
-          code: import_auth.AuthErrorCode.EXPIRED_SESSION
-        });
-      }
       if (tokenPolicy.expiredTokenRenewLimit > 0 && Date.now() - exp * 1e3 > tokenPolicy.expiredTokenRenewLimit) {
         this.ctx.throw(401, {
           message: this.ctx.t("Your session has expired. Please sign in again.", { ns: localeNamespace }),
@@ -153,16 +157,39 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
         });
       }
       try {
+        this.ctx.logger.info("token renewing", {
+          method: "auth.check",
+          url: this.ctx.originalUrl,
+          headers: JSON.stringify((_b = (_a = this.ctx) == null ? void 0 : _a.req) == null ? void 0 : _b.headers)
+        });
+        const isStreamRequest = this.ctx.req.headers["accept"] === "text/event-stream";
+        if (isStreamRequest) {
+          this.ctx.throw(401, {
+            message: "Stream api not allow renew token.",
+            code: import_auth.AuthErrorCode.SKIP_TOKEN_RENEW
+          });
+        }
         const renewedResult = await this.tokenController.renew(jti);
+        this.ctx.logger.info("token renewed", {
+          method: "auth.check",
+          url: this.ctx.originalUrl,
+          headers: JSON.stringify((_d = (_c = this.ctx) == null ? void 0 : _c.req) == null ? void 0 : _d.headers)
+        });
         const expiresIn = Math.floor(tokenPolicy.tokenExpirationTime / 1e3);
         const newToken = this.jwt.sign({ userId, roleName, temp, signInTime }, { jwtid: renewedResult.jti, expiresIn });
         this.ctx.res.setHeader("x-new-token", newToken);
         return user;
       } catch (err) {
-        const options = err instanceof import_auth.AuthError ? { type: err.code, message: err.message } : { message: err.message, type: import_auth.AuthErrorCode.INVALID_TOKEN };
+        this.ctx.logger.info("token renew failed", {
+          method: "auth.check",
+          url: this.ctx.originalUrl,
+          err,
+          headers: JSON.stringify((_f = (_e = this.ctx) == null ? void 0 : _e.req) == null ? void 0 : _f.headers)
+        });
+        const options = err instanceof import_auth.AuthError ? { code: err.code, message: err.message } : { message: err.message, code: err.code ?? import_auth.AuthErrorCode.INVALID_TOKEN };
         this.ctx.throw(401, {
           message: this.ctx.t(options.message, { ns: localeNamespace }),
-          code: options.type
+          code: options.code
         });
       }
     }

package/lib/client.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+export { AuthErrorCode } from './auth';

package/lib/client.js ADDED Viewed

@@ -0,0 +1,36 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var client_exports = {};
+__export(client_exports, {
+  AuthErrorCode: () => import_auth.AuthErrorCode
+});
+module.exports = __toCommonJS(client_exports);
+var import_auth = require("./auth");
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AuthErrorCode
+});

package/package.json CHANGED Viewed

@@ -1,16 +1,16 @@
 {
   "name": "@nocobase/auth",
-  "version": "1.6.0-alpha.20",
+  "version": "1.6.0-alpha.22",
   "description": "",
   "license": "AGPL-3.0",
   "main": "./lib/index.js",
   "types": "./lib/index.d.ts",
   "dependencies": {
-    "@nocobase/actions": "1.6.0-alpha.20",
-    "@nocobase/cache": "1.6.0-alpha.20",
-    "@nocobase/database": "1.6.0-alpha.20",
-    "@nocobase/resourcer": "1.6.0-alpha.20",
-    "@nocobase/utils": "1.6.0-alpha.20",
+    "@nocobase/actions": "1.6.0-alpha.22",
+    "@nocobase/cache": "1.6.0-alpha.22",
+    "@nocobase/database": "1.6.0-alpha.22",
+    "@nocobase/resourcer": "1.6.0-alpha.22",
+    "@nocobase/utils": "1.6.0-alpha.22",
     "@types/jsonwebtoken": "^8.5.8",
     "jsonwebtoken": "^8.5.1"
   },
@@ -19,5 +19,5 @@
     "url": "git+https://github.com/nocobase/nocobase.git",
     "directory": "packages/auth"
   },
-  "gitHead": "c127664eb2b900edd5c18c9344046cd663a06c3b"
+  "gitHead": "ff8764febe306023bd6d56f0d9612d7a03170006"
 }