@nocobase/auth 1.6.0-beta.15 → 1.6.0-beta.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/auth.d.ts +8 -0
- package/lib/base/auth.d.ts +8 -0
- package/lib/base/auth.js +38 -15
- package/package.json +7 -7
package/lib/auth.d.ts
CHANGED
|
@@ -56,6 +56,14 @@ export declare abstract class Auth implements IAuth {
|
|
|
56
56
|
constructor(config: AuthConfig);
|
|
57
57
|
skipCheck(): Promise<any>;
|
|
58
58
|
abstract check(): Promise<Model>;
|
|
59
|
+
abstract checkToken(): Promise<{
|
|
60
|
+
tokenStatus: 'valid' | 'expired' | 'invalid';
|
|
61
|
+
user: Awaited<ReturnType<Auth['check']>>;
|
|
62
|
+
jti?: string;
|
|
63
|
+
temp: any;
|
|
64
|
+
roleName?: any;
|
|
65
|
+
signInTime?: number;
|
|
66
|
+
}>;
|
|
59
67
|
signIn(): Promise<any>;
|
|
60
68
|
signUp(): Promise<any>;
|
|
61
69
|
signOut(): Promise<any>;
|
package/lib/base/auth.d.ts
CHANGED
|
@@ -35,6 +35,14 @@ export declare class BaseAuth extends Auth {
|
|
|
35
35
|
* @internal
|
|
36
36
|
*/
|
|
37
37
|
validateUsername(username: string): boolean;
|
|
38
|
+
checkToken(): Promise<{
|
|
39
|
+
tokenStatus: 'valid' | 'expired' | 'invalid';
|
|
40
|
+
user: Awaited<ReturnType<Auth['check']>>;
|
|
41
|
+
jti?: string;
|
|
42
|
+
temp: any;
|
|
43
|
+
roleName?: any;
|
|
44
|
+
signInTime?: number;
|
|
45
|
+
}>;
|
|
38
46
|
check(): ReturnType<Auth['check']>;
|
|
39
47
|
validate(): Promise<Model>;
|
|
40
48
|
signIn(): Promise<{
|
package/lib/base/auth.js
CHANGED
|
@@ -80,10 +80,10 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
|
|
|
80
80
|
validateUsername(username) {
|
|
81
81
|
return /^[^@.<>"'/]{1,50}$/.test(username);
|
|
82
82
|
}
|
|
83
|
-
async
|
|
84
|
-
var _a, _b, _c
|
|
85
|
-
const token = this.ctx.getBearerToken();
|
|
83
|
+
async checkToken() {
|
|
84
|
+
var _a, _b, _c;
|
|
86
85
|
const cache = this.ctx.cache;
|
|
86
|
+
const token = this.ctx.getBearerToken();
|
|
87
87
|
if (!token) {
|
|
88
88
|
this.ctx.throw(401, {
|
|
89
89
|
message: this.ctx.t("Unauthenticated. Please sign in to continue.", { ns: localeNamespace }),
|
|
@@ -129,7 +129,7 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
|
|
|
129
129
|
}
|
|
130
130
|
if (!temp) {
|
|
131
131
|
if (tokenStatus === "valid") {
|
|
132
|
-
return user;
|
|
132
|
+
return { tokenStatus, user, temp };
|
|
133
133
|
} else {
|
|
134
134
|
this.ctx.throw(401, {
|
|
135
135
|
message: this.ctx.t("Your session has expired. Please sign in again.", { ns: localeNamespace }),
|
|
@@ -160,13 +160,39 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
|
|
|
160
160
|
code: import_auth.AuthErrorCode.EXPIRED_SESSION
|
|
161
161
|
});
|
|
162
162
|
}
|
|
163
|
+
this.ctx.logger.info("token renewing", {
|
|
164
|
+
method: "auth.check",
|
|
165
|
+
url: this.ctx.originalUrl,
|
|
166
|
+
currentJti: jti
|
|
167
|
+
});
|
|
168
|
+
const isStreamRequest = ((_c = (_b = (_a = this.ctx) == null ? void 0 : _a.req) == null ? void 0 : _b.headers) == null ? void 0 : _c.accept) === "text/event-stream";
|
|
169
|
+
if (isStreamRequest) {
|
|
170
|
+
this.ctx.throw(401, {
|
|
171
|
+
message: "Stream api not allow renew token.",
|
|
172
|
+
code: import_auth.AuthErrorCode.SKIP_TOKEN_RENEW
|
|
173
|
+
});
|
|
174
|
+
}
|
|
175
|
+
if (!jti) {
|
|
176
|
+
this.ctx.throw(401, {
|
|
177
|
+
message: this.ctx.t("Your session has expired. Please sign in again.", { ns: localeNamespace }),
|
|
178
|
+
code: import_auth.AuthErrorCode.INVALID_TOKEN
|
|
179
|
+
});
|
|
180
|
+
}
|
|
181
|
+
return { tokenStatus, user, jti, signInTime, temp };
|
|
182
|
+
}
|
|
183
|
+
return { tokenStatus, user, jti, signInTime, temp };
|
|
184
|
+
}
|
|
185
|
+
async check() {
|
|
186
|
+
var _a, _b, _c;
|
|
187
|
+
const { tokenStatus, user, jti, temp, signInTime, roleName } = await this.checkToken();
|
|
188
|
+
if (tokenStatus === "expired") {
|
|
189
|
+
const tokenPolicy = await this.tokenController.getConfig();
|
|
163
190
|
try {
|
|
164
191
|
this.ctx.logger.info("token renewing", {
|
|
165
192
|
method: "auth.check",
|
|
166
|
-
|
|
167
|
-
headers: JSON.stringify((_b = (_a = this.ctx) == null ? void 0 : _a.req) == null ? void 0 : _b.headers)
|
|
193
|
+
jti
|
|
168
194
|
});
|
|
169
|
-
const isStreamRequest = ((
|
|
195
|
+
const isStreamRequest = ((_c = (_b = (_a = this.ctx) == null ? void 0 : _a.req) == null ? void 0 : _b.headers) == null ? void 0 : _c.accept) === "text/event-stream";
|
|
170
196
|
if (isStreamRequest) {
|
|
171
197
|
this.ctx.throw(401, {
|
|
172
198
|
message: "Stream api not allow renew token.",
|
|
@@ -182,22 +208,19 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
|
|
|
182
208
|
const renewedResult = await this.tokenController.renew(jti);
|
|
183
209
|
this.ctx.logger.info("token renewed", {
|
|
184
210
|
method: "auth.check",
|
|
185
|
-
|
|
186
|
-
|
|
211
|
+
oldJti: jti,
|
|
212
|
+
newJti: renewedResult.jti
|
|
187
213
|
});
|
|
188
214
|
const expiresIn = Math.floor(tokenPolicy.tokenExpirationTime / 1e3);
|
|
189
215
|
const newToken = this.jwt.sign(
|
|
190
|
-
{ userId, roleName, temp, signInTime, iat: Math.floor(renewedResult.issuedTime / 1e3) },
|
|
216
|
+
{ userId: user.id, roleName, temp, signInTime, iat: Math.floor(renewedResult.issuedTime / 1e3) },
|
|
191
217
|
{ jwtid: renewedResult.jti, expiresIn }
|
|
192
218
|
);
|
|
193
219
|
this.ctx.res.setHeader("x-new-token", newToken);
|
|
194
|
-
return user;
|
|
195
220
|
} catch (err) {
|
|
196
|
-
this.ctx.logger.
|
|
221
|
+
this.ctx.logger.error("token renew failed", {
|
|
197
222
|
method: "auth.check",
|
|
198
|
-
|
|
199
|
-
err,
|
|
200
|
-
headers: JSON.stringify((_i = (_h = this.ctx) == null ? void 0 : _h.req) == null ? void 0 : _i.headers)
|
|
223
|
+
jti
|
|
201
224
|
});
|
|
202
225
|
const options = err instanceof import_auth.AuthError ? { code: err.code, message: err.message } : { message: err.message, code: err.code ?? import_auth.AuthErrorCode.INVALID_TOKEN };
|
|
203
226
|
this.ctx.throw(401, {
|
package/package.json
CHANGED
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@nocobase/auth",
|
|
3
|
-
"version": "1.6.0-beta.
|
|
3
|
+
"version": "1.6.0-beta.17",
|
|
4
4
|
"description": "",
|
|
5
5
|
"license": "AGPL-3.0",
|
|
6
6
|
"main": "./lib/index.js",
|
|
7
7
|
"types": "./lib/index.d.ts",
|
|
8
8
|
"dependencies": {
|
|
9
|
-
"@nocobase/actions": "1.6.0-beta.
|
|
10
|
-
"@nocobase/cache": "1.6.0-beta.
|
|
11
|
-
"@nocobase/database": "1.6.0-beta.
|
|
12
|
-
"@nocobase/resourcer": "1.6.0-beta.
|
|
13
|
-
"@nocobase/utils": "1.6.0-beta.
|
|
9
|
+
"@nocobase/actions": "1.6.0-beta.17",
|
|
10
|
+
"@nocobase/cache": "1.6.0-beta.17",
|
|
11
|
+
"@nocobase/database": "1.6.0-beta.17",
|
|
12
|
+
"@nocobase/resourcer": "1.6.0-beta.17",
|
|
13
|
+
"@nocobase/utils": "1.6.0-beta.17",
|
|
14
14
|
"@types/jsonwebtoken": "^8.5.8",
|
|
15
15
|
"jsonwebtoken": "^8.5.1"
|
|
16
16
|
},
|
|
@@ -19,5 +19,5 @@
|
|
|
19
19
|
"url": "git+https://github.com/nocobase/nocobase.git",
|
|
20
20
|
"directory": "packages/auth"
|
|
21
21
|
},
|
|
22
|
-
"gitHead": "
|
|
22
|
+
"gitHead": "f431f7c589bcefd6dcda19a0119a85b0aa192b05"
|
|
23
23
|
}
|