starred/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2026-06-06 10:42:44 +02:00
Code Issues 1.0k Packages Projects Releases 10 Wiki Activity

Update:JWT signing

Browse Source
This commit is contained in:
advplyr
2022-07-18 17:19:16 -05:00
parent 86ee4dcff2
commit 9e7b84f289
9 changed files with 76 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/Auth.js
+24 -4
View File
@@ -31,6 +31,26 @@ class Auth {
}
}
async initTokenSecret() {
if (process.env.TOKEN_SECRET) { // User can supply their own token secret
Logger.debug(`[Auth] Setting token secret - using user passed in TOKEN_SECRET env var`)
this.db.serverSettings.tokenSecret = process.env.TOKEN_SECRET
} else {
Logger.debug(`[Auth] Setting token secret - using random bytes`)
this.db.serverSettings.tokenSecret = require('crypto').randomBytes(256).toString('base64')
}
await this.db.updateServerSettings()
// New token secret creation added in v2.1.0 so generate new API tokens for each user
if (this.db.users.length) {
for (const user of this.db.users) {
user.token = await this.generateAccessToken({ userId: user.id, username: user.username })
Logger.warn(`[Auth] User ${user.username} api token has been updated using new token secret`)
}
await this.db.updateEntities('user', this.db.users)
}
}
async authMiddleware(req, res, next) {
var token = null
@@ -74,7 +94,7 @@ class Auth {
}
generateAccessToken(payload) {
return jwt.sign(payload, process.env.TOKEN_SECRET);
return jwt.sign(payload, global.ServerSettings.tokenSecret);
}
authenticateUser(token) {
@@ -83,12 +103,12 @@ class Auth {
verifyToken(token) {
return new Promise((resolve) => {
jwt.verify(token, process.env.TOKEN_SECRET, (err, payload) => {
jwt.verify(token, global.ServerSettings.tokenSecret, (err, payload) => {
if (!payload || err) {
Logger.error('JWT Verify Token Failed', err)
return resolve(null)
}
var user = this.users.find(u => u.id === payload.userId)
var user = this.users.find(u => u.id === payload.userId && u.username === payload.username)
resolve(user || null)
})
})
@@ -98,7 +118,7 @@ class Auth {
return {
user: user.toJSONForBrowser(),
userDefaultLibraryId: user.getDefaultLibraryId(this.db.libraries),
serverSettings: this.db.serverSettings.toJSON(),
serverSettings: this.db.serverSettings.toJSONForBrowser(),
Source: global.Source
}
}