noby/workadventure
2
2
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #331 from thecodingmachine/verifyjwtserverside

Browse Source 
Adding a new endpoint to verify the JWT token server-side before connecting
This commit is contained in:
David Négrier 2020-10-15 17:02:41 +02:00 committed by GitHub
commit e7890907c1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 59 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
back/src/Controller/AuthenticateController.ts
View File

@ -3,6 +3,7 @@ import {HttpRequest, HttpResponse, TemplatedApp} from "uWebSockets.js";
import {BaseController} from "./BaseController"; import {BaseController} from "./BaseController";
import {adminApi} from "../Services/AdminApi"; import {adminApi} from "../Services/AdminApi";
import {jwtTokenManager} from "../Services/JWTTokenManager"; import {jwtTokenManager} from "../Services/JWTTokenManager";
import {parse} from "query-string";
export interface TokenInterface { export interface TokenInterface {
userUuid: string userUuid: string
@ -13,11 +14,12 @@ export class AuthenticateController extends BaseController {
constructor(private App : TemplatedApp) { constructor(private App : TemplatedApp) {
super(); super();
this.register(); this.register();
this.verify();
this.anonymLogin(); this.anonymLogin();
} }
//Try to login with an admin token //Try to login with an admin token
register(){ private register(){
this.App.options("/register", (res: HttpResponse, req: HttpRequest) => { this.App.options("/register", (res: HttpResponse, req: HttpRequest) => {
this.addCorsHeaders(res); this.addCorsHeaders(res);
@ -36,7 +38,7 @@ export class AuthenticateController extends BaseController {
//todo: what to do if the organizationMemberToken is already used? //todo: what to do if the organizationMemberToken is already used?
const organizationMemberToken:string|null = param.organizationMemberToken; const organizationMemberToken:string|null = param.organizationMemberToken;
try { try {
if (typeof organizationMemberToken != 'string') throw new Error('No organization token'); if (typeof organizationMemberToken != 'string') throw new Error('No organization token');
const data = await adminApi.fetchMemberDataByToken(organizationMemberToken); const data = await adminApi.fetchMemberDataByToken(organizationMemberToken);
@ -68,8 +70,41 @@ export class AuthenticateController extends BaseController {
} }
private verify(){
this.App.options("/verify", (res: HttpResponse, req: HttpRequest) => {
this.addCorsHeaders(res);
res.end();
});
this.App.get("/verify", (res: HttpResponse, req: HttpRequest) => {
(async () => {
this.addCorsHeaders(res);
const query = parse(req.getQuery());
res.onAborted(() => {
console.warn('verify request was aborted');
})
try {
await jwtTokenManager.getUserUuidFromToken(query.token as string);
} catch (e) {
res.writeStatus("400 Bad Request").end(JSON.stringify({
"success": false,
"message": "Invalid JWT token"
}));
}
res.writeStatus("200 OK").end(JSON.stringify({
"success": true
}));
})();
});
}
//permit to login on application. Return token to connect on Websocket IO. //permit to login on application. Return token to connect on Websocket IO.
anonymLogin(){ private anonymLogin(){
this.App.options("/anonymLogin", (res: HttpResponse, req: HttpRequest) => { this.App.options("/anonymLogin", (res: HttpResponse, req: HttpRequest) => {
this.addCorsHeaders(res); this.addCorsHeaders(res);

26
front/src/Connexion/ConnectionManager.ts
View File

@ -35,11 +35,16 @@ class ConnectionManager {
const localUser = localUserStore.getLocalUser(); const localUser = localUserStore.getLocalUser();
if (localUser && localUser.jwtToken && localUser.uuid) { if (localUser && localUser.jwtToken && localUser.uuid) {
this.localUser = localUser this.localUser = localUser;
try {
await this.verifyToken(localUser.jwtToken);
} catch(e) {
// If the token is invalid, let's generate an anonymous one.
console.error('JWT token invalid. Did it expire? Login anonymously instead.');
await this.anonymousLogin();
}
} else { } else {
const data = await Axios.post(`${API_URL}/anonymLogin`).then(res => res.data); await this.anonymousLogin();
this.localUser = new LocalUser(data.userUuid, data.authToken);
localUserStore.saveUser(this.localUser);
} }
let roomId: string let roomId: string
if (connexionType === GameConnexionTypes.empty) { if (connexionType === GameConnexionTypes.empty) {
@ -54,7 +59,8 @@ class ConnectionManager {
const localUser = localUserStore.getLocalUser(); const localUser = localUserStore.getLocalUser();
if (localUser) { if (localUser) {
this.localUser = localUser this.localUser = localUser;
await this.verifyToken(localUser.jwtToken);
const room = new Room(window.location.pathname + window.location.hash); const room = new Room(window.location.pathname + window.location.hash);
return Promise.resolve(room); return Promise.resolve(room);
} else { } else {
@ -66,6 +72,16 @@ class ConnectionManager {
return Promise.reject('Invalid URL'); return Promise.reject('Invalid URL');
} }
private async verifyToken(token: string): Promise<void> {
await Axios.get(`${API_URL}/verify`, {params: {token}});
}
private async anonymousLogin(): Promise<void> {
const data = await Axios.post(`${API_URL}/anonymLogin`).then(res => res.data);
this.localUser = new LocalUser(data.userUuid, data.authToken);
localUserStore.saveUser(this.localUser);
}
public initBenchmark(): void { public initBenchmark(): void {
this.localUser = new LocalUser('', 'test'); this.localUser = new LocalUser('', 'test');
} }