Actively expire login sesssions and notify user

2025-03-01 10:36:34 +00:00 · 2018-12-11 11:32:12 +00:00
parent ea4d65ceee
commit 8c561e92c8
3 changed files with 67 additions and 25 deletions
--- a/packages/node_modules/@node-red/editor-api/lib/editor/comms.js
+++ b/packages/node_modules/@node-red/editor-api/lib/editor/comms.js
@@ -40,11 +40,19 @@ function init(_server,_settings,_runtimeAPI) {
    settings = _settings;
    runtimeAPI = _runtimeAPI;
    Tokens = require("../auth/tokens");
+    Tokens.onSessionExpiry(handleSessionExpiry);
    Users = require("../auth/users");
    Permissions = require("../auth/permissions");

 }
-
+function handleSessionExpiry(session) {
+    activeConnections.forEach(connection => {
+        if (connection.token === session.accessToken) {
+            connection.ws.send(JSON.stringify({auth:"fail"}));
+            connection.ws.close();
+        }
+    })
+}
 function generateSession(length) {
    var c = "ABCDEFGHIJKLMNOPQRSTUZWXYZabcdefghijklmnopqrstuvwxyz1234567890";
    var token = [];
@@ -88,7 +96,7 @@ function CommsConnection(ws) {
                // handleRemoteSubscription(ws,msg.subscribe);
            }
        } else {
-            var completeConnection = function(userScope,sendAck) {
+            var completeConnection = function(userScope,session,sendAck) {
                try {
                    if (!userScope || !Permissions.hasPermission(userScope,"status.read")) {
                        ws.send(JSON.stringify({auth:"fail"}));
@@ -96,6 +104,7 @@ function CommsConnection(ws) {
                    } else {
                        pendingAuth = false;
                        addActiveConnection(self);
+                        self.token = msg.auth;
                        if (sendAck) {
                            ws.send(JSON.stringify({auth:"ok"}));
                        }
@@ -113,29 +122,29 @@ function CommsConnection(ws) {
                            if (user) {
                                self.user = user;
                                log.audit({event: "comms.auth",user:self.user});
-                                completeConnection(client.scope,true);
+                                completeConnection(client.scope,msg.auth,true);
                            } else {
                                log.audit({event: "comms.auth.fail"});
-                                completeConnection(null,false);
+                                completeConnection(null,null,false);
                            }
                        });
                    } else {
                        log.audit({event: "comms.auth.fail"});
-                        completeConnection(null,false);
+                        completeConnection(null,null,false);
                    }
                });
            } else {
                if (anonymousUser) {
                    log.audit({event: "comms.auth",user:anonymousUser});
                    self.user = anonymousUser;
-                    completeConnection(anonymousUser.permissions,false);
+                    completeConnection(anonymousUser.permissions,null,false);
                    //TODO: duplicated code - pull non-auth message handling out
                    if (msg.subscribe) {
                        self.subscribe(msg.subscribe);
                    }
                } else {
                    log.audit({event: "comms.auth.fail"});
-                    completeConnection(null,false);
+                    completeConnection(null,null,false);
                }
            }
        }