private: Add until to token creation

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-11-23 10:16:32 -05:00 · 2021-01-21 12:33:45 +01:00 · 2021-01-21 12:33:45 +01:00 · 9a65a9bd29
commit 9a65a9bd29
parent e8cdbdd677
3 changed files with 20 additions and 8 deletions
--- a/src/api/private/tokens/tokens.controller.ts
+++ b/src/api/private/tokens/tokens.controller.ts
@ -37,12 +37,14 @@ export class TokensController {

  @Post()
  async postTokenRequest(
-    @Body() label: string,
+    @Body('label') label: string,
+    @Body('until') until: number,
  ): Promise<AuthTokenWithSecretDto> {
    // ToDo: Get real userName
    const authToken = await this.usersService.createTokenForUser(
      'hardcoded',
      label,
+      until,
    );
    return this.usersService.toAuthTokenWithSecretDto(authToken);
  }
--- a/src/users/auth-token.entity.ts
+++ b/src/users/auth-token.entity.ts
@ -6,7 +6,6 @@

 import { Column, CreateDateColumn, Entity, ManyToOne, PrimaryGeneratedColumn } from 'typeorm';
 import { User } from './user.entity';
-import { Type } from 'class-transformer';

@Entity()
 export class AuthToken {
@ -25,16 +24,21 @@ export class AuthToken {
  @Column({ unique: true })
  accessToken: string;

+  @Column({ type: 'date' })
+  validUntil: Date;
+
  public static create(
    user: User,
    identifier: string,
    accessToken: string,
+    validUntil: Date,
  ): Pick<AuthToken, 'user' | 'accessToken'> {
    const newToken = new AuthToken();
    newToken.user = user;
    newToken.identifier = identifier;
    newToken.accessToken = accessToken;
    newToken.createdAt = new Date();
+    newToken.validUntil = validUntil;
    return newToken;
  }
 }
--- a/src/users/users.service.ts
+++ b/src/users/users.service.ts
@ -12,7 +12,7 @@ import { ConsoleLoggerService } from '../logger/console-logger.service';
 import { UserInfoDto } from './user-info.dto';
 import { User } from './user.entity';
 import { AuthToken } from './auth-token.entity';
-import { hash } from 'bcrypt'
+import { hash, compare } from 'bcrypt'
 import crypt from 'crypto';
 import { AuthTokenDto } from './auth-token.dto';
 import { AuthTokenWithSecretDto } from './auth-token-with-secret.dto';
@ -36,12 +36,13 @@ export class UsersService {
  async createTokenForUser(
    userName: string,
    identifier: string,
+    until: number,
  ): Promise<AuthToken> {
    const user = await this.getUserByUsername(userName);
-    const randomString = crypt.randomBytes(64).toString('base64');
+    const randomString = crypt.randomBytes(64).toString('base64url');
    const accessToken = await this.hashPassword(randomString);
-    const token = AuthToken.create(user, identifier, accessToken);
-    const createdToken = this.authTokenRepository.save(token);
+    const token = AuthToken.create(user, identifier, accessToken, new Date(until));
+    const createdToken = await this.authTokenRepository.save(token);
    return {
      accessToken: randomString,
      ...createdToken,
@ -66,9 +67,14 @@ export class UsersService {
    return user;
  }

-  async hashPassword(password: string): Promise<string> {
+  async hashPassword(cleartext: string): Promise<string> {
    // hash the password with bcrypt and 2^16 iterations
-    return hash(password, 16)
+    return hash(cleartext, 16)
+  }
+
+  async checkPassword(cleartext: string, password: string): Promise<boolean> {
+    // hash the password with bcrypt and 2^16 iterations
+    return compare(cleartext, password)
  }

  async getUserByAuthToken(token: string): Promise<User> {