lfk/backend
2
0
Fork 0
Code Issues 1 Pull Requests Actions Projects Releases 40 Activity

note on refreshtokencount checking

Browse Source 
ref #12
This commit is contained in:
Philipp Dormann 2020-12-05 13:30:22 +01:00
parent 51addd4a31
commit e5f65d0b80
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/middlewares/jwtauth.ts
View File

@ -3,11 +3,15 @@ import {
ExpressMiddlewareInterface ExpressMiddlewareInterface
} from "routing-controllers"; } from "routing-controllers";
// @Middleware({ type: "before" })
export class JWTAuth implements ExpressMiddlewareInterface { export class JWTAuth implements ExpressMiddlewareInterface {
use(request: any, response: any, next?: (err?: any) => any): any { use(request: any, response: any, next?: (err?: any) => any): any {
const token = <string>request.headers["auth"]; const token = <string>request.headers["auth"];
try { try {
/**
TODO: idk if we should always check the db if refreshtokencount is valid?
seems like a lot of db overhead
at the same time it's basically our only option to support proper logouts
*/
const jwtPayload = <any>jwt.verify(token, "secretjwtsecret"); const jwtPayload = <any>jwt.verify(token, "secretjwtsecret");
// const jwtPayload = <any>jwt.verify(token, process.env.JWT_SECRET); // const jwtPayload = <any>jwt.verify(token, process.env.JWT_SECRET);
response.locals.jwtPayload = jwtPayload; response.locals.jwtPayload = jwtPayload;