Browse Source

testing token exp and session destroying

master
Rich Brown 11 months ago
parent
commit
0ba43077d5
1 changed files with 10 additions and 3 deletions
  1. +10
    -3
      src/funcs.js

+ 10
- 3
src/funcs.js View File

@@ -4,7 +4,11 @@ import Micropub from 'micropub-helper';
// eslint-disable-next-line import/prefer-default-export
export const isMicropubTokenAuthed = (req, res, next) => {
const { token } = req.session;
if (!token) return res.status(401).json({ error: "no token, foo'" });
if (!token) {
// TODO: testing
req.session.destroy();
return res.status(401).json({ error: "no token, foo'. destroying session." });
}

const base64Url = token.split('.')[1];
const decodedValue = JSON.parse(atob(base64Url));
@@ -13,12 +17,15 @@ export const isMicropubTokenAuthed = (req, res, next) => {
const { issued_at } = decodedValue;
const now = Date.now() / 1000;
const twoHours = 60 * 120; // TODO: keep an eye out; is 2 hours enough/okay?
const tenMinutes = 60 * 10; // TODO: testing

// eslint-disable-next-line camelcase
if (now - twoHours > issued_at) {
if (now - tenMinutes > issued_at) {
req.session.token = null;
// TODO: destroy session?
return res.status(401).json({ error: "old token, foo'" });
// TODO: testing
req.session.destroy();
return res.status(401).json({ error: "old token, foo'. destroying session too." });
}
return req.session.token ? next() : res.status(403).json({ error: 'NAUGHTY' });
};


Loading…
Cancel
Save