mirror of
https://github.com/kremalicious/umami.git
synced 2024-11-15 09:45:04 +01:00
Added redis check to verify.
This commit is contained in:
parent
13fd3ccd16
commit
208fcb8418
@ -7,7 +7,7 @@ import { secret } from 'lib/crypto';
|
||||
const log = debug('umami:auth');
|
||||
|
||||
export function generateAuthToken() {
|
||||
return getRandomChars(32);
|
||||
return `auth:${getRandomChars(32)}`;
|
||||
}
|
||||
|
||||
export function getAuthToken(req) {
|
||||
|
@ -3,7 +3,6 @@ import debug from 'debug';
|
||||
import cors from 'cors';
|
||||
import { findSession } from 'lib/session';
|
||||
import { parseAuthToken, parseShareToken } from 'lib/auth';
|
||||
import redis from 'lib/redis';
|
||||
|
||||
const log = debug('umami:middleware');
|
||||
|
||||
@ -25,14 +24,11 @@ export const useAuth = createMiddleware(async (req, res, next) => {
|
||||
const token = await parseAuthToken(req);
|
||||
const shareToken = await parseShareToken(req);
|
||||
|
||||
const key = `auth:${token?.authKey}`;
|
||||
const data = redis.enabled ? await redis.get(key) : token;
|
||||
|
||||
if (!data && !shareToken) {
|
||||
if (!token && !shareToken) {
|
||||
log('useAuth:user-not-authorized');
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
req.auth = { ...data, shareToken };
|
||||
req.auth = { ...token, shareToken };
|
||||
next();
|
||||
});
|
||||
|
@ -14,14 +14,15 @@ export default async (req, res) => {
|
||||
const user = await getUser({ username });
|
||||
|
||||
if (user && checkPassword(password, user.password)) {
|
||||
const { id: userId, username, isAdmin } = user;
|
||||
|
||||
if (redis.enabled) {
|
||||
const token = `auth:${generateAuthToken()}`;
|
||||
const token = generateAuthToken();
|
||||
|
||||
await redis.set(token, user);
|
||||
|
||||
return ok(res, { token, user });
|
||||
}
|
||||
|
||||
const { id: userId, username, isAdmin } = user;
|
||||
const token = createSecureToken({ userId, username, isAdmin }, secret());
|
||||
|
||||
return ok(res, { token, user });
|
||||
|
@ -1,11 +1,21 @@
|
||||
import { useAuth } from 'lib/middleware';
|
||||
import { ok, unauthorized } from 'next-basics';
|
||||
import redis from 'lib/redis';
|
||||
import { secret } from 'lib/crypto';
|
||||
import { getAuthToken } from 'lib/auth';
|
||||
|
||||
export default async (req, res) => {
|
||||
await useAuth(req, res);
|
||||
if (redis.enabled) {
|
||||
const token = await getAuthToken(req, secret());
|
||||
const user = await redis.get(token);
|
||||
|
||||
if (req.auth) {
|
||||
return ok(res, req.auth);
|
||||
return ok(res, user);
|
||||
} else {
|
||||
await useAuth(req, res);
|
||||
|
||||
if (req.auth) {
|
||||
return ok(res, req.auth);
|
||||
}
|
||||
}
|
||||
|
||||
return unauthorized(res);
|
||||
|
Loading…
Reference in New Issue
Block a user