+5
This commit is contained in:
Tobe O
parent
d95c89daae
commit
e6403375b4
4 changed files with 36 additions and 18 deletions
|
|
@ -1,3 +1,7 @@
|
|||
# 1.1.1+5
|
||||
* Prevent duplication of cookies.
|
||||
* Regenerate the JWT if `tokenCallback` is called.
|
||||
|
||||
# 1.1.1+4
|
||||
* Patched `logout` to properly erase cookies
|
||||
* Fixed checking of expired tokens.
|
||||
|
|
|
|||
|
|
@ -30,9 +30,14 @@ class AngelAuth<T> {
|
|||
|
||||
/// A domain to restrict emitted cookies to.
|
||||
///
|
||||
/// Only applies if [secureCookies] is `true`.
|
||||
/// Only applies if [allowCookie] is `true`.
|
||||
final String cookieDomain;
|
||||
|
||||
/// A path to restrict emitted cookies to.
|
||||
///
|
||||
/// Only applies if [allowCookie] is `true`.
|
||||
final String cookiePath;
|
||||
|
||||
/// The name to register [requireAuth] as. Default: `auth`.
|
||||
String middlewareName;
|
||||
|
||||
|
|
@ -79,6 +84,7 @@ class AngelAuth<T> {
|
|||
this.allowTokenInQuery: true,
|
||||
this.enforceIp: true,
|
||||
this.cookieDomain,
|
||||
this.cookiePath: '/',
|
||||
this.secureCookies: true,
|
||||
this.middlewareName: 'auth',
|
||||
this.reviveTokenEndpoint: "/auth/token"})
|
||||
|
|
@ -115,8 +121,7 @@ class AngelAuth<T> {
|
|||
..inject(user.runtimeType, req.properties["user"] = user);
|
||||
|
||||
if (allowCookie == true) {
|
||||
res.cookies
|
||||
.add(protectCookie(new Cookie('token', token.serialize(_hs256))));
|
||||
_addProtectedCookie(res, 'token', token.serialize(_hs256));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -170,12 +175,17 @@ class AngelAuth<T> {
|
|||
return null;
|
||||
}
|
||||
|
||||
void _addProtectedCookie(ResponseContext res, String name, String value) {
|
||||
if (!res.cookies.any((c) => c.name == name)) {
|
||||
res.cookies.add(protectCookie(new Cookie(name, value)));
|
||||
}
|
||||
}
|
||||
|
||||
/// Applies security protections to a [cookie].
|
||||
Cookie protectCookie(Cookie cookie) {
|
||||
if (secureCookies != false) {
|
||||
cookie.httpOnly = true;
|
||||
cookie.secure = true;
|
||||
cookie.domain ??= cookieDomain;
|
||||
}
|
||||
|
||||
if (_jwtLifeSpan > 0) {
|
||||
|
|
@ -186,6 +196,8 @@ class AngelAuth<T> {
|
|||
new DateTime.now().add(new Duration(milliseconds: _jwtLifeSpan));
|
||||
}
|
||||
|
||||
cookie.domain ??= cookieDomain;
|
||||
cookie.path ??= cookiePath;
|
||||
return cookie;
|
||||
}
|
||||
|
||||
|
|
@ -221,9 +233,9 @@ class AngelAuth<T> {
|
|||
}
|
||||
}
|
||||
|
||||
if (allowCookie)
|
||||
res.cookies
|
||||
.add(protectCookie(new Cookie('token', token.serialize(_hs256))));
|
||||
if (allowCookie) {
|
||||
_addProtectedCookie(res, 'token', token.serialize(_hs256));
|
||||
}
|
||||
|
||||
final data = await deserializer(token.userId);
|
||||
return {'data': data, 'token': token.serialize(_hs256)};
|
||||
|
|
@ -282,12 +294,14 @@ class AngelAuth<T> {
|
|||
var r = await options.tokenCallback(
|
||||
req, res, token, req.properties["user"] = result);
|
||||
if (r != null) return r;
|
||||
jwt = token.serialize(_hs256);
|
||||
}
|
||||
|
||||
_apply(req, res, token, result);
|
||||
|
||||
if (allowCookie)
|
||||
res.cookies.add(protectCookie(new Cookie("token", jwt)));
|
||||
if (allowCookie) {
|
||||
_addProtectedCookie(res, 'token', jwt);
|
||||
}
|
||||
|
||||
if (options?.callback != null) {
|
||||
return await options.callback(req, res, jwt);
|
||||
|
|
@ -326,9 +340,9 @@ class AngelAuth<T> {
|
|||
_apply(req, res, token, user);
|
||||
_onLogin.add(user);
|
||||
|
||||
if (allowCookie)
|
||||
res.cookies
|
||||
.add(protectCookie(new Cookie('token', token.serialize(_hs256))));
|
||||
if (allowCookie) {
|
||||
_addProtectedCookie(res, 'token', token.serialize(_hs256));
|
||||
}
|
||||
}
|
||||
|
||||
/// Log a user in on-demand.
|
||||
|
|
@ -339,9 +353,9 @@ class AngelAuth<T> {
|
|||
_apply(req, res, token, user);
|
||||
_onLogin.add(user);
|
||||
|
||||
if (allowCookie)
|
||||
res.cookies
|
||||
.add(protectCookie(new Cookie('token', token.serialize(_hs256))));
|
||||
if (allowCookie) {
|
||||
_addProtectedCookie(res, 'token', token.serialize(_hs256));
|
||||
}
|
||||
}
|
||||
|
||||
/// Log an authenticated user out.
|
||||
|
|
@ -367,7 +381,7 @@ class AngelAuth<T> {
|
|||
|
||||
if (allowCookie == true) {
|
||||
res.cookies.removeWhere((cookie) => cookie.name == "token");
|
||||
res.cookies.add(protectCookie(new Cookie('token', '')));
|
||||
_addProtectedCookie(res, 'token', '');
|
||||
}
|
||||
|
||||
if (options != null &&
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
name: angel_auth
|
||||
description: A complete authentication plugin for Angel.
|
||||
version: 1.1.1+4
|
||||
version: 1.1.1+5
|
||||
author: Tobe O <thosakwe@gmail.com>
|
||||
homepage: https://github.com/angel-dart/angel_auth
|
||||
environment:
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ main() {
|
|||
angelHttp = new AngelHttp(app, useZone: false);
|
||||
app.use('/users', new TypedService<User>(new MapService()));
|
||||
|
||||
User jdoe = await app
|
||||
await app
|
||||
.service('users')
|
||||
.create({'username': 'jdoe1', 'password': 'password'});
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue