@nocobase/plugin-auth 0.10.0-alpha.5 → 0.11.0-alpha.1

package/client.d.ts

@@ -1,3 +1,2 @@
-// @ts-nocheck
-export * from './lib/client';
-export { default } from './lib/client';
+export * from './src/client';
+export { default } from './src/client';

package/lib/client/AuthProvider.d.ts

@@ -0,0 +1,2 @@
+import { FC } from 'react';
+export declare const AuthProvider: FC;

package/lib/client/AuthProvider.js

@@ -0,0 +1,56 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.AuthProvider = void 0;
+function _client() {
+  const data = require("@nocobase/client");
+  _client = function _client() {
+    return data;
+  };
+  return data;
+}
+function _react() {
+  const data = _interopRequireDefault(require("react"));
+  _react = function _react() {
+    return data;
+  };
+  return data;
+}
+var _Authenticator = require("./settings/Authenticator");
+var _SigninPage = _interopRequireDefault(require("./basic/SigninPage"));
+var _preset = require("../preset");
+var _SignupPage = _interopRequireDefault(require("./basic/SignupPage"));
+var _locale = require("./locale");
+var _Options = require("./basic/Options");
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+const AuthProvider = props => {
+  const _useAuthTranslation = (0, _locale.useAuthTranslation)(),
+    t = _useAuthTranslation.t;
+  return _react().default.createElement(_client().SettingsCenterProvider, {
+    settings: {
+      auth: {
+        title: t('Authentication'),
+        icon: 'LoginOutlined',
+        tabs: {
+          authenticators: {
+            title: t('Authenticators'),
+            component: () => _react().default.createElement(_Authenticator.Authenticator, null)
+          }
+        }
+      }
+    }
+  }, _react().default.createElement(_client().OptionsComponentProvider, {
+    authType: _preset.presetAuthType,
+    component: _Options.Options
+  }, _react().default.createElement(_client().SigninPageProvider, {
+    authType: _preset.presetAuthType,
+    tabTitle: t('Sign in via email'),
+    component: _SigninPage.default
+  }, _react().default.createElement(_client().SignupPageProvider, {
+    authType: _preset.presetAuthType,
+    component: _SignupPage.default
+  }, props.children))));
+};
+exports.AuthProvider = AuthProvider;

package/lib/client/index.d.ts

@@ -1,3 +1,5 @@
-import React from 'react';
-declare const _default: (props: any) => React.JSX.Element;
-export default _default;
+import { Plugin } from '@nocobase/client';
+export declare class AuthPlugin extends Plugin {
+    load(): Promise<void>;
+}
+export default AuthPlugin;

package/lib/client/index.js

@@ -3,7 +3,7 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.default = void 0;
+exports.default = exports.AuthPlugin = void 0;
 function _client() {
   const data = require("@nocobase/client");
   _client = function _client() {
@@ -11,46 +11,17 @@ function _client() {
   };
   return data;
 }
-function _react() {
-  const data = _interopRequireDefault(require("react"));
-  _react = function _react() {
-    return data;
-  };
-  return data;
+var _AuthProvider = require("./AuthProvider");
+function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { Promise.resolve(value).then(_next, _throw); } }
+function _asyncToGenerator(fn) { return function () { var self = this, args = arguments; return new Promise(function (resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; }
+class AuthPlugin extends _client().Plugin {
+  load() {
+    var _this = this;
+    return _asyncToGenerator(function* () {
+      _this.app.use(_AuthProvider.AuthProvider);
+    })();
+  }
 }
-var _Authenticator = require("./settings/Authenticator");
-var _SigninPage = _interopRequireDefault(require("./basic/SigninPage"));
-var _preset = require("../preset");
-var _SignupPage = _interopRequireDefault(require("./basic/SignupPage"));
-var _locale = require("./locale");
-var _Options = require("./basic/Options");
-function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
-var _default = props => {
-  const _useAuthTranslation = (0, _locale.useAuthTranslation)(),
-    t = _useAuthTranslation.t;
-  return _react().default.createElement(_client().SettingsCenterProvider, {
-    settings: {
-      auth: {
-        title: t('Authentication'),
-        icon: 'LoginOutlined',
-        tabs: {
-          authenticators: {
-            title: t('Authenticators'),
-            component: () => _react().default.createElement(_Authenticator.Authenticator, null)
-          }
-        }
-      }
-    }
-  }, _react().default.createElement(_client().OptionsComponentProvider, {
-    authType: _preset.presetAuthType,
-    component: _Options.Options
-  }, _react().default.createElement(_client().SigninPageProvider, {
-    authType: _preset.presetAuthType,
-    tabTitle: t('Sign in via email'),
-    component: _SigninPage.default
-  }, _react().default.createElement(_client().SignupPageProvider, {
-    authType: _preset.presetAuthType,
-    component: _SignupPage.default
-  }, props.children))));
-};
+exports.AuthPlugin = AuthPlugin;
+var _default = AuthPlugin;
 exports.default = _default;

package/lib/server/basic-auth.js

@@ -11,7 +11,6 @@ function _auth() {
   };
   return data;
 }
-var _preset = require("../preset");
 function _crypto() {
   const data = _interopRequireDefault(require("crypto"));
   _crypto = function _crypto() {
@@ -19,6 +18,7 @@ function _crypto() {
   };
   return data;
 }
+var _preset = require("../preset");
 function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
 function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { Promise.resolve(value).then(_next, _throw); } }
 function _asyncToGenerator(fn) { return function () { var self = this, args = arguments; return new Promise(function (resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; }
@@ -47,7 +47,7 @@ class BasicAuth extends _auth().BaseAuth {
           ns: _preset.namespace
         }));
       }
-      const user = yield _this.userCollection.repository.findOne({
+      const user = yield _this.userRepository.findOne({
         where: {
           [uniqueField]: values[uniqueField]
         }
@@ -96,7 +96,7 @@ class BasicAuth extends _auth().BaseAuth {
           ns: _preset.namespace
         }));
       }
-      const user = yield _this3.userCollection.repository.findOne({
+      const user = yield _this3.userRepository.findOne({
         where: {
           email
         }
@@ -119,7 +119,7 @@ class BasicAuth extends _auth().BaseAuth {
         email = _ctx$action$params$va.email,
         password = _ctx$action$params$va.password,
         resetToken = _ctx$action$params$va.resetToken;
-      const user = yield _this4.userCollection.repository.findOne({
+      const user = yield _this4.userRepository.findOne({
         where: {
           email,
           resetToken
@@ -140,7 +140,7 @@ class BasicAuth extends _auth().BaseAuth {
     return _asyncToGenerator(function* () {
       const ctx = _this5.ctx;
       const token = ctx.action.params.token;
-      const user = yield _this5.userCollection.repository.findOne({
+      const user = yield _this5.userRepository.findOne({
         where: {
           resetToken: token
         }
@@ -162,7 +162,7 @@ class BasicAuth extends _auth().BaseAuth {
       if (!currentUser) {
         ctx.throw(401);
       }
-      const user = yield _this6.userCollection.repository.findOne({
+      const user = yield _this6.userRepository.findOne({
         where: {
           email: currentUser.email
         }

package/lib/server/collections/authenticators.d.ts

@@ -1,6 +1,6 @@
 import { CollectionOptions } from '@nocobase/database';
-declare const _default: CollectionOptions;
 /**
  * Collection for extended authentication methods,
  */
+declare const _default: CollectionOptions;
 export default _default;

package/lib/server/collections/token-blacklist.d.ts

@@ -0,0 +1,3 @@
+import { CollectionOptions } from '@nocobase/client';
+declare const _default: CollectionOptions;
+export default _default;

package/lib/server/collections/token-blacklist.js

@@ -0,0 +1,21 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.default = void 0;
+var _default = {
+  namespace: 'auth.token-black',
+  duplicator: 'optional',
+  name: 'tokenBlacklist',
+  model: 'TokenBlacklistModel',
+  fields: [{
+    type: 'string',
+    name: 'token',
+    index: true
+  }, {
+    type: 'date',
+    name: 'expiration'
+  }]
+};
+exports.default = _default;

package/lib/server/collections/users-authenticators.d.ts

@@ -1,7 +1,7 @@
 import { CollectionOptions } from '@nocobase/database';
-declare const _default: CollectionOptions;
 /**
  * Collection for user information of extended authentication methods,
  * such as saml, oicd, oauth, sms, etc.
  */
+declare const _default: CollectionOptions;
 export default _default;

package/lib/server/plugin.d.ts

@@ -4,8 +4,6 @@ export declare class AuthPlugin extends Plugin {
     beforeLoad(): Promise<void>;
     load(): Promise<void>;
     install(options?: InstallOptions): Promise<void>;
-    afterEnable(): Promise<void>;
-    afterDisable(): Promise<void>;
     remove(): Promise<void>;
 }
 export default AuthPlugin;

package/lib/server/plugin.js

@@ -18,12 +18,13 @@ function _path() {
   };
   return data;
 }
-var _basicAuth = require("./basic-auth");
 var _preset = require("../preset");
 var _auth = _interopRequireDefault(require("./actions/auth"));
 var _authenticators = _interopRequireDefault(require("./actions/authenticators"));
+var _basicAuth = require("./basic-auth");
 var _locale = require("./locale");
 var _authenticator = require("./model/authenticator");
+var _tokenBlacklist = require("./token-blacklist");
 function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
 function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { Promise.resolve(value).then(_next, _throw); } }
 function _asyncToGenerator(fn) { return function () { var self = this, args = arguments; return new Promise(function (resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; }
@@ -72,6 +73,10 @@ class AuthPlugin extends _server().Plugin {
           return get;
         }()
       });
+      if (!_this2.app.authManager.jwt.blacklist) {
+        // If blacklist service is not set, should configure default blacklist service
+        _this2.app.authManager.setTokenBlacklistService(new _tokenBlacklist.TokenBlacklistService(_this2));
+      }
       _this2.app.authManager.registerTypes(_preset.presetAuthType, {
         auth: _basicAuth.BasicAuth
       });
@@ -115,12 +120,6 @@ class AuthPlugin extends _server().Plugin {
       });
     })();
   }
-  afterEnable() {
-    return _asyncToGenerator(function* () {})();
-  }
-  afterDisable() {
-    return _asyncToGenerator(function* () {})();
-  }
   remove() {
     return _asyncToGenerator(function* () {})();
   }

package/lib/server/token-blacklist.d.ts

@@ -0,0 +1,15 @@
+import { ITokenBlacklistService } from '@nocobase/auth';
+import { Repository } from '@nocobase/database';
+import { CronJob } from 'cron';
+import AuthPlugin from './plugin';
+export declare class TokenBlacklistService implements ITokenBlacklistService {
+    protected plugin: AuthPlugin;
+    repo: Repository;
+    cronJob: CronJob;
+    constructor(plugin: AuthPlugin);
+    get app(): import("@nocobase/server").default<import("@nocobase/server").DefaultState, import("@nocobase/server").DefaultContext>;
+    createCronJob(): CronJob;
+    has(token: string): Promise<boolean>;
+    add(values: any): Promise<[import("@nocobase/database").Model<any, any>, boolean]>;
+    deleteByExpiration(): Promise<any>;
+}

package/lib/server/token-blacklist.js

@@ -0,0 +1,82 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.TokenBlacklistService = void 0;
+function _cron() {
+  const data = require("cron");
+  _cron = function _cron() {
+    return data;
+  };
+  return data;
+}
+function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { Promise.resolve(value).then(_next, _throw); } }
+function _asyncToGenerator(fn) { return function () { var self = this, args = arguments; return new Promise(function (resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; }
+class TokenBlacklistService {
+  constructor(plugin) {
+    this.plugin = void 0;
+    this.repo = void 0;
+    this.cronJob = void 0;
+    this.plugin = plugin;
+    this.repo = plugin.db.getRepository('tokenBlacklist');
+    this.cronJob = this.createCronJob();
+  }
+  get app() {
+    return this.plugin.app;
+  }
+  createCronJob() {
+    var _this = this;
+    const cronJob = new (_cron().CronJob)(
+    // every day at 03:00
+    '0 3 * * *',
+    /*#__PURE__*/
+    //
+    _asyncToGenerator(function* () {
+      _this.app.logger.info(`${_this.plugin.name}: Start delete expired blacklist token`);
+      yield _this.deleteByExpiration();
+      _this.app.logger.info(`${_this.plugin.name}: End delete expired blacklist token`);
+    }), null);
+    this.app.once('beforeStart', () => {
+      cronJob.start();
+    });
+    this.app.once('beforeStop', () => {
+      cronJob.stop();
+    });
+    return cronJob;
+  }
+  has(token) {
+    var _this2 = this;
+    return _asyncToGenerator(function* () {
+      return !!(yield _this2.repo.findOne({
+        where: {
+          token
+        }
+      }));
+    })();
+  }
+  add(values) {
+    var _this3 = this;
+    return _asyncToGenerator(function* () {
+      return _this3.repo.model.findOrCreate({
+        defaults: values,
+        where: {
+          token: values.token
+        }
+      });
+    })();
+  }
+  deleteByExpiration() {
+    var _this4 = this;
+    return _asyncToGenerator(function* () {
+      return _this4.repo.destroy({
+        filter: {
+          expiration: {
+            $dateNotAfter: new Date()
+          }
+        }
+      });
+    })();
+  }
+}
+exports.TokenBlacklistService = TokenBlacklistService;

package/package.json

@@ -1,17 +1,39 @@
 {
   "name": "@nocobase/plugin-auth",
-  "version": "0.10.0-alpha.5",
-  "main": "lib/server/index.js",
+  "version": "0.11.0-alpha.1",
+  "main": "./lib/server/index.js",
+  "files": [
+    "lib",
+    "src",
+    "README.md",
+    "README.zh-CN.md",
+    "CHANGELOG.md",
+    "server.js",
+    "server.d.ts",
+    "client.js",
+    "client.d.ts"
+  ],
   "devDependencies": {
-    "@nocobase/actions": "0.10.0-alpha.5",
-    "@nocobase/client": "0.10.0-alpha.5",
-    "@nocobase/database": "0.10.0-alpha.5",
-    "@nocobase/server": "0.10.0-alpha.5",
-    "@nocobase/test": "0.10.0-alpha.5"
+    "@ant-design/icons": "^5.1.4",
+    "@formily/react": "2.2.26",
+    "@formily/shared": "2.2.26",
+    "@nocobase/auth": "0.11.0-alpha.1",
+    "@nocobase/test": "0.11.0-alpha.1",
+    "@types/cron": "^2.0.1",
+    "antd": "^5.6.4",
+    "react": "^18.2.0",
+    "react-i18next": "^11.15.1"
+  },
+  "dependencies": {
+    "@nocobase/actions": "0.11.0-alpha.1",
+    "@nocobase/client": "0.11.0-alpha.1",
+    "@nocobase/database": "0.11.0-alpha.1",
+    "@nocobase/server": "0.11.0-alpha.1",
+    "cron": "^2.3.1"
   },
   "displayName": "Authentication",
   "displayName.zh-CN": "用户认证",
   "description": "Basic authentication and authenticator management.",
   "description.zh-CN": "提供基础认证功能和扩展认证器管理功能。",
-  "gitHead": "1be8fcdad42688064460761cea22830cf392c7c0"
+  "gitHead": "7581b6d3a3a54f09f06a9effb7e3e65328281b2b"
 }

package/server.d.ts

@@ -1,3 +1,2 @@
-// @ts-nocheck
-export * from './lib/server';
-export { default } from './lib/server';
+export * from './src/server';
+export { default } from './src/server';

package/src/client/AuthProvider.tsx

@@ -0,0 +1,41 @@
+import {
+  OptionsComponentProvider,
+  SettingsCenterProvider,
+  SigninPageProvider,
+  SignupPageProvider,
+} from '@nocobase/client';
+import React, { FC } from 'react';
+import { Authenticator } from './settings/Authenticator';
+import SigninPage from './basic/SigninPage';
+import { presetAuthType } from '../preset';
+import SignupPage from './basic/SignupPage';
+import { useAuthTranslation } from './locale';
+import { Options } from './basic/Options';
+
+export const AuthProvider: FC = (props) => {
+  const { t } = useAuthTranslation();
+  return (
+    <SettingsCenterProvider
+      settings={{
+        auth: {
+          title: t('Authentication'),
+          icon: 'LoginOutlined',
+          tabs: {
+            authenticators: {
+              title: t('Authenticators'),
+              component: () => <Authenticator />,
+            },
+          },
+        },
+      }}
+    >
+      <OptionsComponentProvider authType={presetAuthType} component={Options}>
+        <SigninPageProvider authType={presetAuthType} tabTitle={t('Sign in via email')} component={SigninPage}>
+          <SignupPageProvider authType={presetAuthType} component={SignupPage}>
+            {props.children}
+          </SignupPageProvider>
+        </SigninPageProvider>
+      </OptionsComponentProvider>
+    </SettingsCenterProvider>
+  );
+};

package/src/client/index.tsx

@@ -1,41 +1,10 @@
-import {
-  OptionsComponentProvider,
-  SettingsCenterProvider,
-  SigninPageProvider,
-  SignupPageProvider,
-} from '@nocobase/client';
-import React from 'react';
-import { Authenticator } from './settings/Authenticator';
-import SigninPage from './basic/SigninPage';
-import { presetAuthType } from '../preset';
-import SignupPage from './basic/SignupPage';
-import { useAuthTranslation } from './locale';
-import { Options } from './basic/Options';
+import { Plugin } from '@nocobase/client';
+import { AuthProvider } from './AuthProvider';
 
-export default (props) => {
-  const { t } = useAuthTranslation();
-  return (
-    <SettingsCenterProvider
-      settings={{
-        auth: {
-          title: t('Authentication'),
-          icon: 'LoginOutlined',
-          tabs: {
-            authenticators: {
-              title: t('Authenticators'),
-              component: () => <Authenticator />,
-            },
-          },
-        },
-      }}
-    >
-      <OptionsComponentProvider authType={presetAuthType} component={Options}>
-        <SigninPageProvider authType={presetAuthType} tabTitle={t('Sign in via email')} component={SigninPage}>
-          <SignupPageProvider authType={presetAuthType} component={SignupPage}>
-            {props.children}
-          </SignupPageProvider>
-        </SigninPageProvider>
-      </OptionsComponentProvider>
-    </SettingsCenterProvider>
-  );
-};
+export class AuthPlugin extends Plugin {
+  async load() {
+    this.app.use(AuthProvider);
+  }
+}
+
+export default AuthPlugin;

package/src/server/__tests__/token-blacklist.test.ts

@@ -0,0 +1,73 @@
+import Database, { Repository } from '@nocobase/database';
+import { MockServer, mockServer } from '@nocobase/test';
+import { TokenBlacklistService } from '../token-blacklist';
+
+describe('token-blacklist', () => {
+  let app: MockServer;
+  let db: Database;
+  let repo: Repository;
+  let tokenBlacklist: TokenBlacklistService;
+
+  beforeAll(async () => {
+    app = mockServer({
+      plugins: ['auth'],
+    });
+    await app.loadAndInstall({ clean: true });
+    db = app.db;
+    repo = db.getRepository('tokenBlacklist');
+    tokenBlacklist = new TokenBlacklistService(app.getPlugin('auth'));
+  });
+
+  afterAll(async () => {
+    await db.close();
+  });
+
+  afterEach(async () => {
+    await repo.destroy({
+      truncate: true,
+    });
+  });
+
+  it('add and has correctly', async () => {
+    await tokenBlacklist.add({
+      token: 'test',
+      expiration: new Date(),
+    });
+
+    await tokenBlacklist.add({
+      token: 'test1',
+      expiration: new Date(),
+    });
+
+    expect(tokenBlacklist.has('test')).toBeTruthy();
+    expect(tokenBlacklist.has('test1')).toBeTruthy();
+  });
+
+  it('add same token correctly', async () => {
+    await tokenBlacklist.add({
+      token: 'test',
+      expiration: new Date(),
+    });
+
+    await tokenBlacklist.add({
+      token: 'test',
+      expiration: new Date(),
+    });
+
+    expect(tokenBlacklist.has('test')).toBeTruthy();
+  });
+
+  it('delete expired token correctly', async () => {
+    await tokenBlacklist.add({
+      token: 'should be deleted',
+      expiration: new Date('2020-01-01'),
+    });
+    await tokenBlacklist.add({
+      token: 'should not be deleted',
+      expiration: new Date('2100-01-01'),
+    });
+    await tokenBlacklist.deleteByExpiration();
+    expect(await tokenBlacklist.has('should be deleted')).not.toBeTruthy();
+    expect(await tokenBlacklist.has('should not be deleted')).toBeTruthy();
+  });
+});

package/src/server/basic-auth.ts

@@ -1,7 +1,7 @@
 import { AuthConfig, BaseAuth } from '@nocobase/auth';
-import { namespace } from '../preset';
 import { PasswordField } from '@nocobase/database';
 import crypto from 'crypto';
+import { namespace } from '../preset';
 
 export class BasicAuth extends BaseAuth {
   constructor(config: AuthConfig) {
@@ -16,7 +16,7 @@ export class BasicAuth extends BaseAuth {
     if (!values[uniqueField]) {
       ctx.throw(400, ctx.t('Please fill in your email address', { ns: namespace }));
     }
-    const user = await this.userCollection.repository.findOne({
+    const user = await this.userRepository.findOne({
       where: {
         [uniqueField]: values[uniqueField],
       },
@@ -54,7 +54,7 @@ export class BasicAuth extends BaseAuth {
     if (!email) {
       ctx.throw(400, ctx.t('Please fill in your email address', { ns: namespace }));
     }
-    const user = await this.userCollection.repository.findOne({
+    const user = await this.userRepository.findOne({
       where: {
         email,
       },
@@ -72,7 +72,7 @@ export class BasicAuth extends BaseAuth {
     const {
       values: { email, password, resetToken },
     } = ctx.action.params;
-    const user = await this.userCollection.repository.findOne({
+    const user = await this.userRepository.findOne({
       where: {
         email,
         resetToken,
@@ -91,7 +91,7 @@ export class BasicAuth extends BaseAuth {
   async getUserByResetToken() {
     const ctx = this.ctx;
     const { token } = ctx.action.params;
-    const user = await this.userCollection.repository.findOne({
+    const user = await this.userRepository.findOne({
       where: {
         resetToken: token,
       },
@@ -111,7 +111,7 @@ export class BasicAuth extends BaseAuth {
     if (!currentUser) {
       ctx.throw(401);
     }
-    const user = await this.userCollection.repository.findOne({
+    const user = await this.userRepository.findOne({
       where: {
         email: currentUser.email,
       },

package/src/server/collections/token-blacklist.ts

@@ -0,0 +1,19 @@
+import { CollectionOptions } from '@nocobase/client';
+
+export default {
+  namespace: 'auth.token-black',
+  duplicator: 'optional',
+  name: 'tokenBlacklist',
+  model: 'TokenBlacklistModel',
+  fields: [
+    {
+      type: 'string',
+      name: 'token',
+      index: true,
+    },
+    {
+      type: 'date',
+      name: 'expiration',
+    },
+  ],
+} as CollectionOptions;

package/src/server/plugin.ts

@@ -1,17 +1,16 @@
+import { Model } from '@nocobase/database';
 import { InstallOptions, Plugin } from '@nocobase/server';
 import { resolve } from 'path';
-import { BasicAuth } from './basic-auth';
-import { presetAuthType, presetAuthenticator } from '../preset';
+import { namespace, presetAuthenticator, presetAuthType } from '../preset';
 import authActions from './actions/auth';
 import authenticatorsActions from './actions/authenticators';
+import { BasicAuth } from './basic-auth';
 import { enUS, zhCN } from './locale';
-import { namespace } from '../preset';
 import { AuthModel } from './model/authenticator';
-import { Model } from '@nocobase/database';
+import { TokenBlacklistService } from './token-blacklist';
 
 export class AuthPlugin extends Plugin {
   afterAdd() {}
-
   async beforeLoad() {
     this.app.i18n.addResources('zh-CN', namespace, zhCN);
     this.app.i18n.addResources('en-US', namespace, enUS);
@@ -40,6 +39,12 @@ export class AuthPlugin extends Plugin {
         return authenticator || authenticators[0];
       },
     });
+
+    if (!this.app.authManager.jwt.blacklist) {
+      // If blacklist service is not set, should configure default blacklist service
+      this.app.authManager.setTokenBlacklistService(new TokenBlacklistService(this));
+    }
+
     this.app.authManager.registerTypes(presetAuthType, {
       auth: BasicAuth,
     });
@@ -81,11 +86,6 @@ export class AuthPlugin extends Plugin {
       },
     });
   }
-
-  async afterEnable() {}
-
-  async afterDisable() {}
-
   async remove() {}
 }
 

package/src/server/token-blacklist.ts

@@ -0,0 +1,66 @@
+import { ITokenBlacklistService } from '@nocobase/auth';
+import { Repository } from '@nocobase/database';
+import { CronJob } from 'cron';
+import AuthPlugin from './plugin';
+
+export class TokenBlacklistService implements ITokenBlacklistService {
+  repo: Repository;
+  cronJob: CronJob;
+
+  constructor(protected plugin: AuthPlugin) {
+    this.repo = plugin.db.getRepository('tokenBlacklist');
+    this.cronJob = this.createCronJob();
+  }
+
+  get app() {
+    return this.plugin.app;
+  }
+
+  createCronJob() {
+    const cronJob = new CronJob(
+      // every day at 03:00
+      '0 3 * * *', //
+      async () => {
+        this.app.logger.info(`${this.plugin.name}: Start delete expired blacklist token`);
+        await this.deleteByExpiration();
+        this.app.logger.info(`${this.plugin.name}: End delete expired blacklist token`);
+      },
+      null,
+    );
+
+    this.app.once('beforeStart', () => {
+      cronJob.start();
+    });
+
+    this.app.once('beforeStop', () => {
+      cronJob.stop();
+    });
+
+    return cronJob;
+  }
+
+  async has(token: string) {
+    return !!(await this.repo.findOne({
+      where: {
+        token,
+      },
+    }));
+  }
+  async add(values) {
+    return this.repo.model.findOrCreate({
+      defaults: values,
+      where: {
+        token: values.token,
+      },
+    });
+  }
+  async deleteByExpiration() {
+    return this.repo.destroy({
+      filter: {
+        expiration: {
+          $dateNotAfter: new Date(),
+        },
+      },
+    });
+  }
+}