UNPKG

@cocalc/server

Version:

CoCalc server functionality: functions used by either the hub and the next.js server

github.com/sagemathinc/cocalc/tree/master/src/packages/server

sagemathinc/cocalc

63 lines 3.13 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.getRememberMeHash = exports.deleteAllRememberMe = exports.deleteRememberMe = exports.createRememberMeCookie = exports.COOKIE_NAME = void 0; const base_path_1 = __importDefault(require("@cocalc/backend/base-path")); const uuid_1 = require("uuid"); const password_hash_1 = __importDefault(require("@cocalc/backend/auth/password-hash")); const pool_1 = __importDefault(require("@cocalc/database/pool")); const util_1 = require("@cocalc/database/pool/util"); const cookies_1 = __importDefault(require("cookies")); const hash_1 = __importDefault(require("@cocalc/server/auth/hash")); exports.COOKIE_NAME = `${base_path_1.default.length <= 1 ? "" : encodeURIComponent(base_path_1.default)}remember_me`; // Create a remember me cookie for the given account_id and store // it in the database. The cookie is similar to using a server // assigned random uuid-v4 as a password. The user knows the // uuid-v4, and we only store what it hashes to, so even if // somebody gets our database, they can't make fake cookies and use // them to sign in. async function createRememberMeCookie(account_id, arg_ttl_s) { // compute the value and ttl_s: const session_id = (0, uuid_1.v4)(); const hash_session_id = (0, password_hash_1.default)(session_id); const x = hash_session_id.split("$"); const value = [x[0], x[1], x[2], session_id].join("$"); const ttl_s = arg_ttl_s ?? 24 * 3600 * 30; // 30 days -- seems to work well, but this could be per user configurable, etc. // store the cookie in the database const pool = (0, pool_1.default)(); await pool.query("INSERT INTO remember_me (hash, expire, account_id) VALUES($1::TEXT, $2::TIMESTAMP, $3::UUID)", [hash_session_id.slice(0, 127), (0, util_1.expireTime)(ttl_s), account_id]); return { value, ttl_s }; } exports.createRememberMeCookie = createRememberMeCookie; // delete the remember me database entry for the given hash async function deleteRememberMe(hash) { const pool = (0, pool_1.default)(); await pool.query("DELETE FROM remember_me WHERE hash=$1::TEXT", [ hash.slice(0, 127), ]); } exports.deleteRememberMe = deleteRememberMe; // delete all remember me cookies for the account async function deleteAllRememberMe(account_id) { const pool = (0, pool_1.default)(); await pool.query("DELETE FROM remember_me WHERE account_id=$1::UUID", [ account_id, ]); } exports.deleteAllRememberMe = deleteAllRememberMe; function getRememberMeHash(req) { const cookies = new cookies_1.default(req); const rememberMe = cookies.get(exports.COOKIE_NAME); if (!rememberMe) { return; } const x = rememberMe.split("$"); if (x.length !== 4) { throw Error("badly formatted remember_me cookie"); } return (0, hash_1.default)(x[0], x[1], parseInt(x[2]), x[3]).slice(0, 127); } exports.getRememberMeHash = getRememberMeHash; //# sourceMappingURL=remember-me.js.map