ashe
/
sos-nextjs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Invalidate sessions upon logout

Browse Source
main
Ashelyn Dawn 5 years ago
parent 3140b5d315
commit 18f86ccc0c
6 changed files with 47 additions and 12 deletions
Show Stats Download Patch File Download Diff File

2
.vscode/launch.json vendored
Unescape Escape View File

@ -11,7 +11,7 @@
"skipFiles": [ "skipFiles": [
"<node_internals>/**" "<node_internals>/**"
], ],
"program": "${workspaceFolder}\\index.js" "program": "${workspaceFolder}/index.js"
} }
] ]
} }

5
api/auth.js
Unescape Escape View File

@ -46,8 +46,9 @@ router.get('/', async (req, res) => {
res.json(req.user) res.json(req.user)
}) })
// TODO: de-auth session router.get('/logout', async (req, res) => {
router.get('/logout', (req, res) => { await db.session.end(req.session.uuid);
req.session = null req.session = null
res.redirect('/') res.redirect('/')
}) })

14
db/models/session.js
Unescape Escape View File

@ -51,3 +51,17 @@ session.update = async (session_uuid) => {
const {rows} = await pg.query(query) const {rows} = await pg.query(query)
return joinjs.map(rows, mappings, 'sessionMap', 'session_')[0]; return joinjs.map(rows, mappings, 'sessionMap', 'session_')[0];
} }
session.end = async (session_uuid) => {
const query = {
text: 'select * from sos.end_session($1)',
values: [
session_uuid
]
}
debug(query);
const {rows} = await pg.query(query)
return joinjs.map(rows, mappings, 'sessionMap', 'session_')[0];
}

2
db/sql/1-tables.sql
Unescape Escape View File

@ -29,7 +29,7 @@ create table sos."session" (
session_uuid uuid primary key default uuid_generate_v4(), session_uuid uuid primary key default uuid_generate_v4(),
session_time_created timestamptz not null default now(), session_time_created timestamptz not null default now(),
session_time_last_active timestamptz not null default now(), session_time_last_active timestamptz not null default now(),
session_ended boolean not null default false, session_time_logged_out timestamptz null,
session_timeout_length interval not null, session_timeout_length interval not null,
session_ip_address varchar(50) not null, session_ip_address varchar(50) not null,
session_user_agent varchar(500) not null, session_user_agent varchar(500) not null,

16
db/sql/3-functions.sql
Unescape Escape View File

@ -23,6 +23,7 @@ as $function$
begin begin
return query select * from sos.v_session return query select * from sos.v_session
where session_uuid = _session_uuid where session_uuid = _session_uuid
and session_time_logged_out is null
and session_time_last_active + session_timeout_length > now(); and session_time_last_active + session_timeout_length > now();
end; $function$; end; $function$;
@ -34,6 +35,7 @@ begin
update sos."session" update sos."session"
set session_time_last_active = now() set session_time_last_active = now()
where session_uuid = _session_uuid where session_uuid = _session_uuid
and session_time_logged_out is null
and now() < (select session_time_last_active + session_timeout_length); and now() < (select session_time_last_active + session_timeout_length);
return query select * from sos.validate_session(_session_uuid); return query select * from sos.validate_session(_session_uuid);
@ -65,6 +67,20 @@ begin
return query select * from sos.validate_session(_session_uuid); return query select * from sos.validate_session(_session_uuid);
end; $function$; end; $function$;
create or replace function sos.end_session(_session_uuid uuid)
returns setof sos.v_session
language plpgsql
as $function$
begin
update sos."session"
set session_time_logged_out = now()
where session_uuid = _session_uuid
and session_time_logged_out is null
and now() < (select session_time_last_active + session_timeout_length);
return query select * from sos.validate_session(_session_uuid);
end; $function$;
create or replace function sos.create_item(_name text, _urlslug citext, _description text, _price_cents integer, _published boolean) create or replace function sos.create_item(_name text, _urlslug citext, _description text, _price_cents integer, _published boolean)
returns setof sos.v_item returns setof sos.v_item
language plpgsql language plpgsql

20
db/sql/setup.sh
Unescape Escape View File

@ -37,9 +37,12 @@ function handleError {
} }
function execFile { function execFile {
echo " $1" FILE=$1
PGPASSWORD=$PG_PASS psql -v ON_ERROR_STOP=1 -h $DB_HOST -U postgres -d "$DB_NAME" -f $1 > /dev/null USERNAME=$2
handleError "Could not execute file $1" PASSWORD=$3
echo " $FILE"
PGPASSWORD=$PASSWORD psql -v ON_ERROR_STOP=1 -h $DB_HOST -U $USERNAME -d "$DB_NAME" -f $FILE > /dev/null
handleError "Could not execute file $FILE"
} }
echo -e $RED"This will delete ALL DATA in the database $DB_NAME"$RESET echo -e $RED"This will delete ALL DATA in the database $DB_NAME"$RESET
@ -53,7 +56,7 @@ else
exit 1 exit 1
fi fi
read -s -p "Enter postgres Password: " PG_PASS read -s -p "Enter postgres password: " PG_PASS
echo echo
PGPASSWORD=$PG_PASS psql -v ON_ERROR_STOP=1 -h $DB_HOST -U postgres -c "drop database if exists $DB_NAME" > /dev/null PGPASSWORD=$PG_PASS psql -v ON_ERROR_STOP=1 -h $DB_HOST -U postgres -c "drop database if exists $DB_NAME" > /dev/null
@ -65,7 +68,8 @@ handleError "Could not create database $DB_NAME"
PGPASSWORD=$PG_PASS psql -v ON_ERROR_STOP=1 -h $DB_HOST -U postgres -c "drop user if exists $DB_USER" > /dev/null PGPASSWORD=$PG_PASS psql -v ON_ERROR_STOP=1 -h $DB_HOST -U postgres -c "drop user if exists $DB_USER" > /dev/null
PGPASSWORD=$PG_PASS psql -v ON_ERROR_STOP=1 -h $DB_HOST -U postgres -c "create user $DB_USER with encrypted password '$DB_PASS';" > /dev/null PGPASSWORD=$PG_PASS psql -v ON_ERROR_STOP=1 -h $DB_HOST -U postgres -c "create user $DB_USER with encrypted password '$DB_PASS';" > /dev/null
execFile $REPODIR/db/sql/0-setup.sql postgres $PG_PASS
for file in $REPODIR/db/sql/*.sql; do execFile $REPODIR/db/sql/1-tables.sql $DB_USER $DB_PASS
execFile $file execFile $REPODIR/db/sql/2-views.sql $DB_USER $DB_PASS
done execFile $REPODIR/db/sql/3-functions.sql $DB_USER $DB_PASS
execFile $REPODIR/db/sql/4-permissions.sql postgres $PG_PASS

Write Preview
Loading…
Cancel
Save