rainbownapkin/canopy
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions

Remember me tokens now nuked upon full account logout.

Browse source
This commit is contained in:
rainbow napkin 2025-10-21 07:59:15 -04:00
parent 3fb71ffb78
commit bc0657a702
5 changed files with 26 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/schemas/user/rememberMeSchema.js
View file

@ -27,7 +27,6 @@ const crypto = require("node:crypto");
const {mongoose} = require('mongoose');
//Local Imports
const {userModel} = require('./userSchema');
const hashUtil = require('../../utils/hashUtils');
const loggerUtils = require('../../utils/loggerUtils');
@ -88,9 +87,13 @@ rememberMeToken.methods.checkToken = async function(token){
}
//statics
rememberMeToken.statics.genToken = async function(user, pass){
//Authenticate user and pull document
const userDB = await userModel.authenticate(user, pass);
rememberMeToken.statics.genToken = async function(userDB, pass){
//Normally I'd use userModel auth, but this saves on DB calls and keeps us from having to refrence the userModel directly
//Saving us from circular depedency hell
//Plus this is only really getting called along-side other auth, theres already going to be an error message if this is wrong XP
if(!await userDB.checkPass(pass)){
return;
}
try{
//Generate a cryptographically secure string of 32 bytes in hexidecimal

4
src/schemas/user/userSchema.js
View file

@ -28,6 +28,7 @@ const permissionModel = require('../permissionSchema');
const emoteModel = require('../emoteSchema');
const emailChangeModel = require('./emailChangeSchema');
const playlistSchema = require('../channel/media/playlistSchema');
const rememberMeModel = require('./rememberMeSchema');
//Utils
const hashUtil = require('../../utils/hashUtils');
const mailUtil = require('../../utils/mailUtils');
@ -807,6 +808,9 @@ userSchema.methods.tattooIPRecord = async function(ip){
* @param {String} reason - Reason to kill user sessions
*/
userSchema.methods.killAllSessions = async function(reason = "A full log-out from all devices was requested for your account."){
//Nuke all related remember me tokens
await rememberMeModel.deleteMany({user: this._id});
//get authenticated sessions
var sessions = await this.getAuthenticatedSessions();