mirror of
https://github.com/wassname/talk.git
synced 2026-07-18 12:40:13 +08:00
@@ -14,6 +14,7 @@ client/coral-framework/graphql/introspection.json
|
||||
*.swp
|
||||
*.DS_STORE
|
||||
.prettierrc.json
|
||||
.vscode
|
||||
|
||||
coverage/
|
||||
test/e2e/reports/
|
||||
|
||||
@@ -4,6 +4,7 @@ const {
|
||||
HandleGenerateCredentials,
|
||||
HandleLogout,
|
||||
} = require('../../../services/passport');
|
||||
const authz = require('../../../middleware/authorization');
|
||||
const router = express.Router();
|
||||
|
||||
/**
|
||||
@@ -26,7 +27,7 @@ router.get('/', (req, res, next) => {
|
||||
/**
|
||||
* This blacklists the token used to authenticate.
|
||||
*/
|
||||
router.delete('/', HandleLogout);
|
||||
router.delete('/', authz.needed(), HandleLogout);
|
||||
|
||||
//==============================================================================
|
||||
// PASSPORT ROUTES
|
||||
|
||||
+13
-13
@@ -184,24 +184,24 @@ async function ValidateUserLogin(loginProfile, user, done) {
|
||||
* Revoke the token on the request.
|
||||
*/
|
||||
const HandleLogout = async (req, res, next) => {
|
||||
const { jwt } = req;
|
||||
|
||||
const now = new Date();
|
||||
const expiry = (jwt.exp - now.getTime() / 1000).toFixed(0);
|
||||
|
||||
try {
|
||||
const { jwt } = req;
|
||||
|
||||
const now = new Date();
|
||||
const expiry = (jwt.exp - now.getTime() / 1000).toFixed(0);
|
||||
|
||||
await client().set(`jtir[${jwt.jti}]`, now.toISOString(), 'EX', expiry);
|
||||
|
||||
// Only clear the cookie on logout if enabled.
|
||||
if (JWT_CLEAR_COOKIE_LOGOUT) {
|
||||
debug('clearing the login cookie');
|
||||
res.clearCookie(JWT_SIGNING_COOKIE_NAME);
|
||||
}
|
||||
|
||||
res.status(204).end();
|
||||
} catch (err) {
|
||||
return next(err);
|
||||
}
|
||||
|
||||
// Only clear the cookie on logout if enabled.
|
||||
if (JWT_CLEAR_COOKIE_LOGOUT) {
|
||||
debug('clearing the login cookie');
|
||||
res.clearCookie(JWT_SIGNING_COOKIE_NAME);
|
||||
}
|
||||
|
||||
res.status(204).end();
|
||||
};
|
||||
|
||||
const checkGeneralTokenBlacklist = jwt =>
|
||||
|
||||
Reference in New Issue
Block a user