Server now auto-magically nukes expired remember me tokens on startup and at midnight UTC.
This commit is contained in:
parent
57787f81e7
commit
aa32587259
|
|
@ -80,12 +80,6 @@ rememberMeToken.pre('save', async function (next){
|
|||
next();
|
||||
});
|
||||
|
||||
//Methods
|
||||
rememberMeToken.methods.checkToken = async function(token){
|
||||
//Compare ingested token to saved hash
|
||||
return await hashUtil.compareRememberMeToken(token, this.token);
|
||||
}
|
||||
|
||||
//statics
|
||||
rememberMeToken.statics.genToken = async function(userDB, pass){
|
||||
//Normally I'd use userModel auth, but this saves on DB calls and keeps us from having to refrence the userModel directly
|
||||
|
|
@ -154,4 +148,50 @@ rememberMeToken.statics.authenticate = async function(id, token, failLine = "Bad
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Schedulable function for processing expired remember me tokens
|
||||
*/
|
||||
rememberMeToken.statics.processExpiredTokens = async function(){
|
||||
//Pull all tokens from the DB
|
||||
//Tested finding request by date, but mongoose kept throwing casting errors.
|
||||
//This seems to be an intermittent issue online. Maybe it will work in a future version?
|
||||
const tokenDB = await this.find({});
|
||||
|
||||
//Fire em all off at once without waiting for the last one to complete since we don't fuckin' need to
|
||||
for(let tokenIndex in tokenDB){
|
||||
//pull token from tokenDB by index
|
||||
const token = tokenDB[tokenIndex];
|
||||
|
||||
//If the token hasn't been processed and it's been expired
|
||||
if(token.getDaysUntilExpiration() <= 0){
|
||||
//Delete the token
|
||||
await token.deleteOne();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//Methods
|
||||
/**
|
||||
* Intakes a plaintext token string and compares it to the hashed remember me token from the database
|
||||
* @param {String} token - Plaintext token retrieved from browser cookie
|
||||
* @returns {Boolean} Comparison result
|
||||
*/
|
||||
rememberMeToken.methods.checkToken = async function(token){
|
||||
//Compare ingested token to saved hash
|
||||
return await hashUtil.compareRememberMeToken(token, this.token);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns number of days until token expiration
|
||||
* @returns {Number} Number of days until token expiration
|
||||
*/
|
||||
rememberMeToken.methods.getDaysUntilExpiration = function(){
|
||||
//Get request date
|
||||
const expirationDate = new Date(this.date);
|
||||
//Get expiration days and calculate expiration date
|
||||
expirationDate.setDate(expirationDate.getDate() + daysToExpire);
|
||||
//Calculate and return days until request expiration
|
||||
return ((expirationDate - new Date()) / (1000 * 60 * 60 * 24)).toFixed(1);
|
||||
}
|
||||
|
||||
module.exports = mongoose.model("rememberMe", rememberMeToken);
|
||||
|
|
@ -22,9 +22,9 @@ const {userModel} = require('../schemas/user/userSchema');
|
|||
const userBanModel = require('../schemas/user/userBanSchema');
|
||||
const passwordResetModel = require('../schemas/user/passwordResetSchema');
|
||||
const emailChangeModel = require('../schemas/user/emailChangeSchema');
|
||||
const rememberMeModel = require('../schemas/user/rememberMeSchema');
|
||||
const channelModel = require('../schemas/channel/channelSchema');
|
||||
const sessionUtils = require('./sessionUtils');
|
||||
const { email } = require('../validators/accountValidator');
|
||||
|
||||
/**
|
||||
* Schedules all timed jobs accross the server
|
||||
|
|
@ -42,6 +42,8 @@ module.exports.schedule = function(){
|
|||
cron.schedule('0 0 * * *', ()=>{passwordResetModel.processExpiredRequests()},{scheduled: true, timezone: "UTC"});
|
||||
//Process expired email change requests every night at midnight
|
||||
cron.schedule('0 0 * * *', ()=>{emailChangeModel.processExpiredRequests()},{scheduled: true, timezone: "UTC"});
|
||||
//Process expired remember me tokens every night at midnight
|
||||
cron.schedule('0 0 * * *', ()=>{rememberMeModel.processExpiredTokens()},{scheduled: true, timezone: "UTC"});
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -58,6 +60,8 @@ module.exports.kickoff = function(){
|
|||
passwordResetModel.processExpiredRequests();
|
||||
//Process expired email change requests that may have expired since last restart
|
||||
emailChangeModel.processExpiredRequests();
|
||||
//Process expired remember me tokens that may have expired since last restart
|
||||
rememberMeModel.processExpiredTokens()
|
||||
|
||||
//Schedule jobs
|
||||
module.exports.schedule();
|
||||
|
|
|
|||
Loading…
Reference in a new issue