@nocobase/auth 1.6.0-alpha.29 → 1.6.0-alpha.30

package/lib/auth.d.ts

@@ -56,6 +56,14 @@ export declare abstract class Auth implements IAuth {
     constructor(config: AuthConfig);
     skipCheck(): Promise<any>;
     abstract check(): Promise<Model>;
+    abstract checkToken(): Promise<{
+        tokenStatus: 'valid' | 'expired' | 'invalid';
+        user: Awaited<ReturnType<Auth['check']>>;
+        jti?: string;
+        temp: any;
+        roleName?: any;
+        signInTime?: number;
+    }>;
     signIn(): Promise<any>;
     signUp(): Promise<any>;
     signOut(): Promise<any>;

package/lib/base/auth.d.ts

@@ -35,8 +35,17 @@ export declare class BaseAuth extends Auth {
      * @internal
      */
     validateUsername(username: string): boolean;
+    checkToken(): Promise<{
+        tokenStatus: 'valid' | 'expired' | 'invalid';
+        user: Awaited<ReturnType<Auth['check']>>;
+        jti?: string;
+        temp: any;
+        roleName?: any;
+        signInTime?: number;
+    }>;
     check(): ReturnType<Auth['check']>;
     validate(): Promise<Model>;
+    signNewToken(userId: number): Promise<string>;
     signIn(): Promise<{
         user: Model<any, any>;
         token: string;

package/lib/base/auth.js

@@ -80,10 +80,10 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
   validateUsername(username) {
     return /^[^@.<>"'/]{1,50}$/.test(username);
   }
-  async check() {
-    var _a, _b, _c, _d, _e, _f, _g, _h, _i;
-    const token = this.ctx.getBearerToken();
+  async checkToken() {
+    var _a, _b, _c;
     const cache = this.ctx.cache;
+    const token = this.ctx.getBearerToken();
     if (!token) {
       this.ctx.throw(401, {
         message: this.ctx.t("Unauthenticated. Please sign in to continue.", { ns: localeNamespace }),
@@ -129,7 +129,7 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
     }
     if (!temp) {
       if (tokenStatus === "valid") {
-        return user;
+        return { tokenStatus, user, temp };
       } else {
         this.ctx.throw(401, {
           message: this.ctx.t("Your session has expired. Please sign in again.", { ns: localeNamespace }),
@@ -160,13 +160,39 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
           code: import_auth.AuthErrorCode.EXPIRED_SESSION
         });
       }
+      this.ctx.logger.info("token renewing", {
+        method: "auth.check",
+        url: this.ctx.originalUrl,
+        currentJti: jti
+      });
+      const isStreamRequest = ((_c = (_b = (_a = this.ctx) == null ? void 0 : _a.req) == null ? void 0 : _b.headers) == null ? void 0 : _c.accept) === "text/event-stream";
+      if (isStreamRequest) {
+        this.ctx.throw(401, {
+          message: "Stream api not allow renew token.",
+          code: import_auth.AuthErrorCode.SKIP_TOKEN_RENEW
+        });
+      }
+      if (!jti) {
+        this.ctx.throw(401, {
+          message: this.ctx.t("Your session has expired. Please sign in again.", { ns: localeNamespace }),
+          code: import_auth.AuthErrorCode.INVALID_TOKEN
+        });
+      }
+      return { tokenStatus, user, jti, signInTime, temp };
+    }
+    return { tokenStatus, user, jti, signInTime, temp };
+  }
+  async check() {
+    var _a, _b, _c;
+    const { tokenStatus, user, jti, temp, signInTime, roleName } = await this.checkToken();
+    if (tokenStatus === "expired") {
+      const tokenPolicy = await this.tokenController.getConfig();
       try {
         this.ctx.logger.info("token renewing", {
           method: "auth.check",
-          url: this.ctx.originalUrl,
-          headers: JSON.stringify((_b = (_a = this.ctx) == null ? void 0 : _a.req) == null ? void 0 : _b.headers)
+          jti
         });
-        const isStreamRequest = ((_e = (_d = (_c = this.ctx) == null ? void 0 : _c.req) == null ? void 0 : _d.headers) == null ? void 0 : _e.accept) === "text/event-stream";
+        const isStreamRequest = ((_c = (_b = (_a = this.ctx) == null ? void 0 : _a.req) == null ? void 0 : _b.headers) == null ? void 0 : _c.accept) === "text/event-stream";
         if (isStreamRequest) {
           this.ctx.throw(401, {
             message: "Stream api not allow renew token.",
@@ -182,22 +208,19 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
         const renewedResult = await this.tokenController.renew(jti);
         this.ctx.logger.info("token renewed", {
           method: "auth.check",
-          url: this.ctx.originalUrl,
-          headers: JSON.stringify((_g = (_f = this.ctx) == null ? void 0 : _f.req) == null ? void 0 : _g.headers)
+          oldJti: jti,
+          newJti: renewedResult.jti
         });
         const expiresIn = Math.floor(tokenPolicy.tokenExpirationTime / 1e3);
         const newToken = this.jwt.sign(
-          { userId, roleName, temp, signInTime, iat: Math.floor(renewedResult.issuedTime / 1e3) },
+          { userId: user.id, roleName, temp, signInTime, iat: Math.floor(renewedResult.issuedTime / 1e3) },
           { jwtid: renewedResult.jti, expiresIn }
         );
         this.ctx.res.setHeader("x-new-token", newToken);
-        return user;
       } catch (err) {
-        this.ctx.logger.info("token renew failed", {
+        this.ctx.logger.error("token renew failed", {
           method: "auth.check",
-          url: this.ctx.originalUrl,
-          err,
-          headers: JSON.stringify((_i = (_h = this.ctx) == null ? void 0 : _h.req) == null ? void 0 : _i.headers)
+          jti
         });
         const options = err instanceof import_auth.AuthError ? { code: err.code, message: err.message } : { message: err.message, code: err.code ?? import_auth.AuthErrorCode.INVALID_TOKEN };
         this.ctx.throw(401, {
@@ -211,6 +234,23 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
   async validate() {
     return null;
   }
+  async signNewToken(userId) {
+    const tokenInfo = await this.tokenController.add({ userId });
+    const expiresIn = Math.floor((await this.tokenController.getConfig()).tokenExpirationTime / 1e3);
+    const token = this.jwt.sign(
+      {
+        userId,
+        temp: true,
+        iat: Math.floor(tokenInfo.issuedTime / 1e3),
+        signInTime: tokenInfo.signInTime
+      },
+      {
+        jwtid: tokenInfo.jti,
+        expiresIn
+      }
+    );
+    return token;
+  }
   async signIn() {
     let user;
     try {
@@ -226,20 +266,7 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
         code: import_auth.AuthErrorCode.NOT_EXIST_USER
       });
     }
-    const tokenInfo = await this.tokenController.add({ userId: user.id });
-    const expiresIn = Math.floor((await this.tokenController.getConfig()).tokenExpirationTime / 1e3);
-    const token = this.jwt.sign(
-      {
-        userId: user.id,
-        temp: true,
-        iat: Math.floor(tokenInfo.issuedTime / 1e3),
-        signInTime: tokenInfo.signInTime
-      },
-      {
-        jwtid: tokenInfo.jti,
-        expiresIn
-      }
-    );
+    const token = await this.signNewToken(user.id);
     return {
       user,
       token

package/package.json

@@ -1,16 +1,16 @@
 {
   "name": "@nocobase/auth",
-  "version": "1.6.0-alpha.29",
+  "version": "1.6.0-alpha.30",
   "description": "",
   "license": "AGPL-3.0",
   "main": "./lib/index.js",
   "types": "./lib/index.d.ts",
   "dependencies": {
-    "@nocobase/actions": "1.6.0-alpha.29",
-    "@nocobase/cache": "1.6.0-alpha.29",
-    "@nocobase/database": "1.6.0-alpha.29",
-    "@nocobase/resourcer": "1.6.0-alpha.29",
-    "@nocobase/utils": "1.6.0-alpha.29",
+    "@nocobase/actions": "1.6.0-alpha.30",
+    "@nocobase/cache": "1.6.0-alpha.30",
+    "@nocobase/database": "1.6.0-alpha.30",
+    "@nocobase/resourcer": "1.6.0-alpha.30",
+    "@nocobase/utils": "1.6.0-alpha.30",
     "@types/jsonwebtoken": "^8.5.8",
     "jsonwebtoken": "^8.5.1"
   },
@@ -19,5 +19,5 @@
     "url": "git+https://github.com/nocobase/nocobase.git",
     "directory": "packages/auth"
   },
-  "gitHead": "cf6045d1691f62f308607d6682ffd37c430f8f19"
+  "gitHead": "4d092cae372fada3df9b57c55705ea3b7dfa6786"
 }