Merge pull request #331 from thecodingmachine/verifyjwtserverside

Adding a new endpoint to verify the JWT token server-side before connecting
This commit is contained in:
David Négrier 2020-10-15 17:02:41 +02:00 committed by GitHub
commit e7890907c1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 59 additions and 8 deletions

View File

@ -3,6 +3,7 @@ import {HttpRequest, HttpResponse, TemplatedApp} from "uWebSockets.js";
import {BaseController} from "./BaseController";
import {adminApi} from "../Services/AdminApi";
import {jwtTokenManager} from "../Services/JWTTokenManager";
import {parse} from "query-string";
export interface TokenInterface {
userUuid: string
@ -13,11 +14,12 @@ export class AuthenticateController extends BaseController {
constructor(private App : TemplatedApp) {
super();
this.register();
this.verify();
this.anonymLogin();
}
//Try to login with an admin token
register(){
private register(){
this.App.options("/register", (res: HttpResponse, req: HttpRequest) => {
this.addCorsHeaders(res);
@ -68,8 +70,41 @@ export class AuthenticateController extends BaseController {
}
private verify(){
this.App.options("/verify", (res: HttpResponse, req: HttpRequest) => {
this.addCorsHeaders(res);
res.end();
});
this.App.get("/verify", (res: HttpResponse, req: HttpRequest) => {
(async () => {
this.addCorsHeaders(res);
const query = parse(req.getQuery());
res.onAborted(() => {
console.warn('verify request was aborted');
})
try {
await jwtTokenManager.getUserUuidFromToken(query.token as string);
} catch (e) {
res.writeStatus("400 Bad Request").end(JSON.stringify({
"success": false,
"message": "Invalid JWT token"
}));
}
res.writeStatus("200 OK").end(JSON.stringify({
"success": true
}));
})();
});
}
//permit to login on application. Return token to connect on Websocket IO.
anonymLogin(){
private anonymLogin(){
this.App.options("/anonymLogin", (res: HttpResponse, req: HttpRequest) => {
this.addCorsHeaders(res);

View File

@ -35,11 +35,16 @@ class ConnectionManager {
const localUser = localUserStore.getLocalUser();
if (localUser && localUser.jwtToken && localUser.uuid) {
this.localUser = localUser
this.localUser = localUser;
try {
await this.verifyToken(localUser.jwtToken);
} catch(e) {
// If the token is invalid, let's generate an anonymous one.
console.error('JWT token invalid. Did it expire? Login anonymously instead.');
await this.anonymousLogin();
}
} else {
const data = await Axios.post(`${API_URL}/anonymLogin`).then(res => res.data);
this.localUser = new LocalUser(data.userUuid, data.authToken);
localUserStore.saveUser(this.localUser);
await this.anonymousLogin();
}
let roomId: string
if (connexionType === GameConnexionTypes.empty) {
@ -54,7 +59,8 @@ class ConnectionManager {
const localUser = localUserStore.getLocalUser();
if (localUser) {
this.localUser = localUser
this.localUser = localUser;
await this.verifyToken(localUser.jwtToken);
const room = new Room(window.location.pathname + window.location.hash);
return Promise.resolve(room);
} else {
@ -66,6 +72,16 @@ class ConnectionManager {
return Promise.reject('Invalid URL');
}
private async verifyToken(token: string): Promise<void> {
await Axios.get(`${API_URL}/verify`, {params: {token}});
}
private async anonymousLogin(): Promise<void> {
const data = await Axios.post(`${API_URL}/anonymLogin`).then(res => res.data);
this.localUser = new LocalUser(data.userUuid, data.authToken);
localUserStore.saveUser(this.localUser);
}
public initBenchmark(): void {
this.localUser = new LocalUser('', 'test');
}