mirror of
https://github.com/wkulhanek/bonob.git
synced 2025-12-21 17:33:29 +01:00
AccessToken last life of running bonob process rather than expiring
This commit is contained in:
simojenki
@@ -1,8 +1,10 @@
|
|||||||
import dayjs, { Dayjs } from 'dayjs';
|
import dayjs, { Dayjs } from "dayjs";
|
||||||
import { v4 as uuid } from 'uuid';
|
import { v4 as uuid } from "uuid";
|
||||||
|
import { Encryption } from "./encryption";
|
||||||
|
import logger from "./logger";
|
||||||
|
|
||||||
export interface Clock {
|
export interface Clock {
|
||||||
now(): Dayjs
|
now(): Dayjs;
|
||||||
}
|
}
|
||||||
|
|
||||||
type AccessToken = {
|
type AccessToken = {
|
||||||
@@ -21,7 +23,7 @@ export class ExpiringAccessTokens implements AccessTokens {
|
|||||||
clock: Clock;
|
clock: Clock;
|
||||||
|
|
||||||
constructor(clock: Clock = { now: () => dayjs() }) {
|
constructor(clock: Clock = { now: () => dayjs() }) {
|
||||||
this.clock = clock
|
this.clock = clock;
|
||||||
}
|
}
|
||||||
|
|
||||||
mint(authToken: string): string {
|
mint(authToken: string): string {
|
||||||
@@ -29,7 +31,7 @@ export class ExpiringAccessTokens implements AccessTokens {
|
|||||||
const accessToken = {
|
const accessToken = {
|
||||||
value: uuid(),
|
value: uuid(),
|
||||||
authToken,
|
authToken,
|
||||||
expiry: this.clock.now().add(12, 'hours')
|
expiry: this.clock.now().add(12, "hours"),
|
||||||
};
|
};
|
||||||
this.tokens.set(accessToken.value, accessToken);
|
this.tokens.set(accessToken.value, accessToken);
|
||||||
return accessToken.value;
|
return accessToken.value;
|
||||||
@@ -41,10 +43,36 @@ export class ExpiringAccessTokens implements AccessTokens {
|
|||||||
}
|
}
|
||||||
|
|
||||||
clearOutExpired() {
|
clearOutExpired() {
|
||||||
Array.from(this.tokens.values()).filter(it => it.expiry.isBefore(this.clock.now())).forEach(expired => {
|
Array.from(this.tokens.values())
|
||||||
|
.filter((it) => it.expiry.isBefore(this.clock.now()))
|
||||||
|
.forEach((expired) => {
|
||||||
this.tokens.delete(expired.value);
|
this.tokens.delete(expired.value);
|
||||||
})
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
count = () => this.tokens.size;
|
count = () => this.tokens.size;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
export class EncryptedAccessTokens implements AccessTokens {
|
||||||
|
encryption: Encryption;
|
||||||
|
|
||||||
|
constructor(encryption: Encryption) {
|
||||||
|
this.encryption = encryption;
|
||||||
|
}
|
||||||
|
|
||||||
|
mint = (authToken: string): string =>
|
||||||
|
Buffer.from(JSON.stringify(this.encryption.encrypt(authToken))).toString(
|
||||||
|
"base64"
|
||||||
|
);
|
||||||
|
|
||||||
|
authTokenFor(value: string): string | undefined {
|
||||||
|
try {
|
||||||
|
return this.encryption.decrypt(
|
||||||
|
JSON.parse(Buffer.from(value, "base64").toString("ascii"))
|
||||||
|
);
|
||||||
|
} catch {
|
||||||
|
logger.warn("Failed to decrypt access token...");
|
||||||
|
return undefined;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
@@ -13,7 +13,9 @@ import {
|
|||||||
import { LinkCodes, InMemoryLinkCodes } from "./link_codes";
|
import { LinkCodes, InMemoryLinkCodes } from "./link_codes";
|
||||||
import { MusicService, isSuccess } from "./music_service";
|
import { MusicService, isSuccess } from "./music_service";
|
||||||
import bindSmapiSoapServiceToExpress from "./smapi";
|
import bindSmapiSoapServiceToExpress from "./smapi";
|
||||||
import { AccessTokens, ExpiringAccessTokens } from "./access_tokens";
|
import { AccessTokens, EncryptedAccessTokens } from "./access_tokens";
|
||||||
|
import encryption from "./encryption";
|
||||||
|
import randomString from "./random_string";
|
||||||
|
|
||||||
export const BONOB_ACCESS_TOKEN_HEADER = "bonob-access-token";
|
export const BONOB_ACCESS_TOKEN_HEADER = "bonob-access-token";
|
||||||
|
|
||||||
@@ -23,7 +25,9 @@ function server(
|
|||||||
webAddress: string | "http://localhost:4534",
|
webAddress: string | "http://localhost:4534",
|
||||||
musicService: MusicService,
|
musicService: MusicService,
|
||||||
linkCodes: LinkCodes = new InMemoryLinkCodes(),
|
linkCodes: LinkCodes = new InMemoryLinkCodes(),
|
||||||
accessTokens: AccessTokens = new ExpiringAccessTokens()
|
accessTokens: AccessTokens = new EncryptedAccessTokens(
|
||||||
|
encryption(randomString())
|
||||||
|
)
|
||||||
): Express {
|
): Express {
|
||||||
const app = express();
|
const app = express();
|
||||||
|
|
||||||
@@ -163,13 +167,7 @@ function server(
|
|||||||
} else {
|
} else {
|
||||||
return musicService
|
return musicService
|
||||||
.login(authToken)
|
.login(authToken)
|
||||||
.then((it) =>
|
.then((it) => it.coverArt(id, type, size))
|
||||||
it.coverArt(
|
|
||||||
id,
|
|
||||||
type,
|
|
||||||
size
|
|
||||||
)
|
|
||||||
)
|
|
||||||
.then((coverArt) => {
|
.then((coverArt) => {
|
||||||
if (coverArt) {
|
if (coverArt) {
|
||||||
res.status(200);
|
res.status(200);
|
||||||
|
|||||||
@@ -1,16 +1,23 @@
|
|||||||
import { v4 as uuid } from 'uuid';
|
import { v4 as uuid } from "uuid";
|
||||||
import { ExpiringAccessTokens } from '../src/access_tokens';
|
import dayjs from "dayjs";
|
||||||
import dayjs from 'dayjs';
|
|
||||||
|
import {
|
||||||
|
EncryptedAccessTokens,
|
||||||
|
ExpiringAccessTokens,
|
||||||
|
} from "../src/access_tokens";
|
||||||
|
import { Encryption } from "../src/encryption";
|
||||||
|
|
||||||
describe("ExpiringAccessTokens", () => {
|
describe("ExpiringAccessTokens", () => {
|
||||||
let now = dayjs();
|
let now = dayjs();
|
||||||
|
|
||||||
const accessTokens = new ExpiringAccessTokens({ now: () => now })
|
const accessTokens = new ExpiringAccessTokens({ now: () => now });
|
||||||
|
|
||||||
describe("tokens", () => {
|
describe("tokens", () => {
|
||||||
it("they should be unique", () => {
|
it("they should be unique", () => {
|
||||||
const authToken = uuid();
|
const authToken = uuid();
|
||||||
expect(accessTokens.mint(authToken)).not.toEqual(accessTokens.mint(authToken));
|
expect(accessTokens.mint(authToken)).not.toEqual(
|
||||||
|
accessTokens.mint(authToken)
|
||||||
|
);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
@@ -35,13 +42,12 @@ describe("ExpiringAccessTokens", () => {
|
|||||||
const accessToken1 = accessTokens.mint(authToken);
|
const accessToken1 = accessTokens.mint(authToken);
|
||||||
const accessToken2 = accessTokens.mint(authToken);
|
const accessToken2 = accessTokens.mint(authToken);
|
||||||
|
|
||||||
|
|
||||||
expect(accessTokens.authTokenFor(accessToken1)).toEqual(authToken);
|
expect(accessTokens.authTokenFor(accessToken1)).toEqual(authToken);
|
||||||
expect(accessTokens.authTokenFor(accessToken2)).toEqual(authToken);
|
expect(accessTokens.authTokenFor(accessToken2)).toEqual(authToken);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
describe('tokens that have expired', () => {
|
describe("tokens that have expired", () => {
|
||||||
describe("retrieving it", () => {
|
describe("retrieving it", () => {
|
||||||
it("should return undefined", () => {
|
it("should return undefined", () => {
|
||||||
const authToken = uuid();
|
const authToken = uuid();
|
||||||
@@ -49,9 +55,9 @@ describe("ExpiringAccessTokens", () => {
|
|||||||
now = dayjs();
|
now = dayjs();
|
||||||
const accessToken = accessTokens.mint(authToken);
|
const accessToken = accessTokens.mint(authToken);
|
||||||
|
|
||||||
now = now.add(12, 'hours').add(1, 'second');
|
now = now.add(12, "hours").add(1, "second");
|
||||||
|
|
||||||
expect(accessTokens.authTokenFor(accessToken)).toBeUndefined()
|
expect(accessTokens.authTokenFor(accessToken)).toBeUndefined();
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
@@ -68,7 +74,7 @@ describe("ExpiringAccessTokens", () => {
|
|||||||
expect(accessTokens.authTokenFor(accessToken1_1)).toEqual(authToken1);
|
expect(accessTokens.authTokenFor(accessToken1_1)).toEqual(authToken1);
|
||||||
expect(accessTokens.authTokenFor(accessToken2_1)).toEqual(authToken2);
|
expect(accessTokens.authTokenFor(accessToken2_1)).toEqual(authToken2);
|
||||||
|
|
||||||
now = now.add(12, 'hours').add(1, 'second');
|
now = now.add(12, "hours").add(1, "second");
|
||||||
|
|
||||||
const accessToken1_2 = accessTokens.mint(authToken1);
|
const accessToken1_2 = accessTokens.mint(authToken1);
|
||||||
|
|
||||||
@@ -77,7 +83,7 @@ describe("ExpiringAccessTokens", () => {
|
|||||||
expect(accessTokens.authTokenFor(accessToken2_1)).toBeUndefined();
|
expect(accessTokens.authTokenFor(accessToken2_1)).toBeUndefined();
|
||||||
expect(accessTokens.authTokenFor(accessToken1_2)).toEqual(authToken1);
|
expect(accessTokens.authTokenFor(accessToken1_2)).toEqual(authToken1);
|
||||||
|
|
||||||
now = now.add(6, 'hours');
|
now = now.add(6, "hours");
|
||||||
|
|
||||||
const accessToken2_2 = accessTokens.mint(authToken2);
|
const accessToken2_2 = accessTokens.mint(authToken2);
|
||||||
|
|
||||||
@@ -87,7 +93,7 @@ describe("ExpiringAccessTokens", () => {
|
|||||||
expect(accessTokens.authTokenFor(accessToken1_2)).toEqual(authToken1);
|
expect(accessTokens.authTokenFor(accessToken1_2)).toEqual(authToken1);
|
||||||
expect(accessTokens.authTokenFor(accessToken2_2)).toEqual(authToken2);
|
expect(accessTokens.authTokenFor(accessToken2_2)).toEqual(authToken2);
|
||||||
|
|
||||||
now = now.add(6, 'hours').add(1, 'minute');
|
now = now.add(6, "hours").add(1, "minute");
|
||||||
|
|
||||||
expect(accessTokens.authTokenFor(accessToken1_1)).toBeUndefined();
|
expect(accessTokens.authTokenFor(accessToken1_1)).toBeUndefined();
|
||||||
expect(accessTokens.authTokenFor(accessToken2_1)).toBeUndefined();
|
expect(accessTokens.authTokenFor(accessToken2_1)).toBeUndefined();
|
||||||
@@ -95,7 +101,7 @@ describe("ExpiringAccessTokens", () => {
|
|||||||
expect(accessTokens.authTokenFor(accessToken2_2)).toEqual(authToken2);
|
expect(accessTokens.authTokenFor(accessToken2_2)).toEqual(authToken2);
|
||||||
expect(accessTokens.count()).toEqual(1);
|
expect(accessTokens.count()).toEqual(1);
|
||||||
|
|
||||||
now = now.add(6, 'hours').add(1, 'minute');
|
now = now.add(6, "hours").add(1, "minute");
|
||||||
|
|
||||||
expect(accessTokens.authTokenFor(accessToken1_1)).toBeUndefined();
|
expect(accessTokens.authTokenFor(accessToken1_1)).toBeUndefined();
|
||||||
expect(accessTokens.authTokenFor(accessToken2_1)).toBeUndefined();
|
expect(accessTokens.authTokenFor(accessToken2_1)).toBeUndefined();
|
||||||
@@ -103,5 +109,72 @@ describe("ExpiringAccessTokens", () => {
|
|||||||
expect(accessTokens.authTokenFor(accessToken2_2)).toBeUndefined();
|
expect(accessTokens.authTokenFor(accessToken2_2)).toBeUndefined();
|
||||||
expect(accessTokens.count()).toEqual(0);
|
expect(accessTokens.count()).toEqual(0);
|
||||||
});
|
});
|
||||||
})
|
});
|
||||||
})
|
});
|
||||||
|
|
||||||
|
describe("EncryptedAccessTokens", () => {
|
||||||
|
const encryption = {
|
||||||
|
encrypt: jest.fn(),
|
||||||
|
decrypt: jest.fn(),
|
||||||
|
};
|
||||||
|
|
||||||
|
const accessTokens = new EncryptedAccessTokens(
|
||||||
|
(encryption as unknown) as Encryption
|
||||||
|
);
|
||||||
|
|
||||||
|
beforeEach(() => {
|
||||||
|
jest.clearAllMocks();
|
||||||
|
jest.resetAllMocks();
|
||||||
|
});
|
||||||
|
|
||||||
|
describe("encrypt and decrypt", () => {
|
||||||
|
it("should be able to round trip the token", () => {
|
||||||
|
const authToken = `the token - ${uuid()}`;
|
||||||
|
const hash = {
|
||||||
|
encryptedData: "the encrypted token",
|
||||||
|
iv: "vi",
|
||||||
|
};
|
||||||
|
|
||||||
|
encryption.encrypt.mockReturnValue(hash);
|
||||||
|
encryption.decrypt.mockReturnValue(authToken);
|
||||||
|
|
||||||
|
const accessToken = accessTokens.mint(authToken);
|
||||||
|
|
||||||
|
expect(accessToken).not.toContain(authToken);
|
||||||
|
expect(accessToken).toEqual(
|
||||||
|
Buffer.from(JSON.stringify(hash)).toString("base64")
|
||||||
|
);
|
||||||
|
|
||||||
|
expect(accessTokens.authTokenFor(accessToken)).toEqual(authToken);
|
||||||
|
|
||||||
|
expect(encryption.encrypt).toHaveBeenCalledWith(authToken);
|
||||||
|
expect(encryption.decrypt).toHaveBeenCalledWith(hash);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
describe("when the token is a valid Hash but doesnt decrypt", () => {
|
||||||
|
it("should return undefined", () => {
|
||||||
|
const hash = {
|
||||||
|
encryptedData: "valid hash",
|
||||||
|
iv: "vi",
|
||||||
|
};
|
||||||
|
encryption.decrypt.mockImplementation(() => {
|
||||||
|
throw "Boooooom decryption failed!!!";
|
||||||
|
});
|
||||||
|
expect(
|
||||||
|
accessTokens.authTokenFor(
|
||||||
|
Buffer.from(JSON.stringify(hash)).toString("base64")
|
||||||
|
)
|
||||||
|
).toBeUndefined();
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
describe("when the token is not even a valid hash", () => {
|
||||||
|
it("should return undefined", () => {
|
||||||
|
encryption.decrypt.mockImplementation(() => {
|
||||||
|
throw "Boooooom decryption failed!!!";
|
||||||
|
});
|
||||||
|
expect(accessTokens.authTokenFor("some rubbish")).toBeUndefined();
|
||||||
|
});
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|||||||
Reference in New Issue
Block a user