Jaki/SteamWar
1
0
Fork 0
forked from SteamWar/SteamWar
Code Pull Requests Activity

Reduce access token duration and enhance auth endpoints

Browse Source
This commit is contained in:
Chaoscaot
2025-02-17 18:28:43 +01:00
parent 8ec12603b6
commit 7f5b57516e
2 changed files with 17 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
WebsiteBackend/src/de/steamwar/routes/v2/Auth.kt
+16 -3
View File
@@ -115,7 +115,7 @@ fun Route.configureNewAuth() {
call.respond(HttpStatusCode.OK) call.respond(HttpStatusCode.OK)
} }
route("/state") { route("/state") {
post("/create") { post {
val request = call.receive<UsernamePassword>() val request = call.receive<UsernamePassword>()
val user = SteamwarUser.get(request.name) val user = SteamwarUser.get(request.name)
@@ -128,12 +128,12 @@ fun Route.configureNewAuth() {
call.respond(user.createAccessAndRefreshToken(request.keepLoggedIn)) call.respond(user.createAccessAndRefreshToken(request.keepLoggedIn))
} }
post("/refresh") { put {
val token = call.principal<SWAuthPrincipal>() val token = call.principal<SWAuthPrincipal>()
if (token == null || token.token.type != TokenType.REFRESH_TOKEN) { if (token == null || token.token.type != TokenType.REFRESH_TOKEN) {
call.respond(HttpStatusCode.Forbidden, ResponseError("Invalid token type", "invalid")) call.respond(HttpStatusCode.Forbidden, ResponseError("Invalid token type", "invalid"))
return@post return@put
} }
val code = token.token.name.substringAfterLast('-') val code = token.token.name.substringAfterLast('-')
@@ -145,6 +145,19 @@ fun Route.configureNewAuth() {
call.respond(token.user.createAccessAndRefreshToken(true)) call.respond(token.user.createAccessAndRefreshToken(true))
} }
delete {
val token = call.principal<SWAuthPrincipal>()
token?.let { t ->
t.token.delete()
val code = t.token.name.substringAfterLast('-')
Token.listUser(token.user)
.filter { it.type == TokenType.REFRESH_TOKEN }
.filter { it.name.endsWith(code) }
.forEach { it.delete() }
}
call.respond(HttpStatusCode.OK)
}
} }
} }
} }
WebsiteBackend/src/de/steamwar/util/TokenUtils.kt
+1 -2
View File
@@ -23,7 +23,6 @@ import de.steamwar.sql.Token
import java.time.LocalDateTime import java.time.LocalDateTime
import kotlin.time.Duration import kotlin.time.Duration
import kotlin.time.Duration.Companion.days import kotlin.time.Duration.Companion.days
import kotlin.time.Duration.Companion.hours
import kotlin.time.Duration.Companion.minutes import kotlin.time.Duration.Companion.minutes
import kotlin.time.toJavaDuration import kotlin.time.toJavaDuration
@@ -38,7 +37,7 @@ val Token.type: TokenType
val TokenType.lifetime: Duration val TokenType.lifetime: Duration
get() = when (this) { get() = when (this) {
TokenType.REFRESH_TOKEN -> 7.days TokenType.REFRESH_TOKEN -> 7.days
TokenType.ACCESS_TOKEN -> 1.hours TokenType.ACCESS_TOKEN -> 5.minutes
TokenType.RESET_PASSWORD -> 10.minutes TokenType.RESET_PASSWORD -> 10.minutes
TokenType.OLD_TOKEN -> 1.days TokenType.OLD_TOKEN -> 1.days
} }