Skip to content

Commit

Permalink
misc: do not save user name in db (#70)
Browse files Browse the repository at this point in the history
* misc: do not save user name in db

* chore: remove test host
  • Loading branch information
embbnux authored Jul 19, 2024
1 parent 63ad100 commit 047bdc0
Show file tree
Hide file tree
Showing 6 changed files with 33 additions and 8 deletions.
3 changes: 2 additions & 1 deletion src/refreshSubscriptionCron.js
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ async function refreshSubscription() {
const currentTime = new Date();
const expiredIn3Day = new Date(currentTime);
expiredIn3Day.setDate(currentTime.getDate() + 3);
const subscriptions = await Subscription.findAll();
const subscriptions = await Subscription.findAll(); // TODO: add lastKey
const users = {};
for (const subscription of subscriptions) {
if (subscription.watchExpiredAt < currentTime) {
Expand Down Expand Up @@ -37,6 +37,7 @@ async function refreshSubscription() {
} catch (e) {
if (e.response && e.response.status === 401) {
user.accessToken = '';
user.name = '';
await user.save();
console.log('refreshing subscription failed: access token expired: ', user.id);
return;
Expand Down
2 changes: 1 addition & 1 deletion src/server/handlers/authorizationHandler.js
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ async function onAuthorize(accessToken, refreshToken, expires) {
accessToken: accessToken,
refreshToken: refreshToken,
tokenExpiredAt: expires,
name: userInfoResponse.name,
name: '',
subscriptions: [],
});
}
Expand Down
1 change: 1 addition & 0 deletions src/server/lib/oauth.js
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ async function checkAndRefreshAccessToken(user) {
expires.setSeconds(expires.getSeconds() + response.expires_in);
user.accessToken = accessToken;
user.tokenExpiredAt = expires;
user.name = ''; // clear user name
await user.save();
}
}
Expand Down
5 changes: 1 addition & 4 deletions src/server/models/userModel.js
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,9 @@ const User = sequelize.define('users', {
tokenExpiredAt:{
type: Sequelize.DATE
},
email: {
type: Sequelize.STRING,
},
name: {
type: Sequelize.STRING,
},
}, // name is not saved in DB. Keep this for backward compatibility
rcUserId: {
type: Sequelize.STRING,
},
Expand Down
7 changes: 6 additions & 1 deletion src/server/routes/authorization.js
Original file line number Diff line number Diff line change
Expand Up @@ -27,14 +27,18 @@ async function getUserInfo(req, res) {
res.send('Token invalid.');
return;
}
let userInfo;
try {
// check token refresh condition
await checkAndRefreshAccessToken(user);
const googleClient = new GoogleClient({ token: user.accessToken });
userInfo = await googleClient.getUserInfo();
// console.log('accessToken: ', user.accessToken);
} catch (e) {
if (e.response && e.response.status === 401) {
user.accessToken = '';
user.refreshToken = '';
user.name = '';
await user.save();
res.status(401);
res.send('Unauthorized.');
Expand All @@ -50,7 +54,7 @@ async function getUserInfo(req, res) {
);
res.json({
user: {
name: user.name,
name: userInfo && userInfo.name,
},
formIds: subscriptions.map(subscription => subscription.formId),
});
Expand Down Expand Up @@ -133,6 +137,7 @@ async function revokeToken(req, res) {
if (e.response && e.response.status === 401) {
user.accessToken = '';
user.refreshToken = '';
user.name = '';
await user.save();
res.status(200);
res.json({
Expand Down
23 changes: 22 additions & 1 deletion tests/authorization.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -508,7 +508,7 @@ describe('Authorization', () => {
refreshToken: 'knownRefreshToken',
tokenExpiredAt: new Date(Date.now() + 3600 * 1000),
subscriptions: [],
name: 'test user',
name: '',
});
});

Expand Down Expand Up @@ -597,13 +597,20 @@ describe('Authorization', () => {
const jwtToken = jwt.generateJwt({
id: user.id,
});
const googleUserScope = nock('https://www.googleapis.com')
.get('/oauth2/v3/userinfo')
.reply(200, {
sub: 'testGoogleUserId',
name: 'test user',
});
const res = await request(server)
.get(`/get-user-info?rcWebhookUri=${mockRCWebhookUri}`)
.set('Referer', process.env.APP_SERVER)
.set('x-access-token', jwtToken);
expect(res.status).toEqual(200);
expect(JSON.parse(res.text).user.name).toEqual('test user');
expect(JSON.parse(res.text).formIds.length).toEqual(0);
googleUserScope.done();
});

it('should return 403 invalid referer', async () => {
Expand Down Expand Up @@ -640,6 +647,12 @@ describe('Authorization', () => {
const jwtToken = jwt.generateJwt({
id: user.id,
});
const googleUserScope = nock('https://www.googleapis.com')
.get('/oauth2/v3/userinfo')
.reply(200, {
sub: 'testGoogleUserId',
name: 'test user',
});
const res = await request(server)
.get(`/get-user-info?rcWebhookUri=${mockRCWebhookUri}`)
.set('Referer', process.env.APP_SERVER)
Expand All @@ -648,6 +661,7 @@ describe('Authorization', () => {
expect(JSON.parse(res.text).user.name).toEqual('test user');
expect(JSON.parse(res.text).formIds.length).toEqual(1);
expect(JSON.parse(res.text).formIds[0]).toEqual('test_formId');
googleUserScope.done();
});

it('should refresh token and get user info successfully', async () => {
Expand All @@ -656,6 +670,12 @@ describe('Authorization', () => {
const jwtToken = jwt.generateJwt({
id: user.id,
});
const googleUserScope = nock('https://www.googleapis.com')
.get('/oauth2/v3/userinfo')
.reply(200, {
sub: 'testGoogleUserId',
name: 'test user',
});
const googleRefreshAuthScope = nock(googleTokenDomain)
.post(googleTokenPath)
.reply(200, {
Expand All @@ -674,6 +694,7 @@ describe('Authorization', () => {
const newUser = await User.findByPk(user.id);
expect(newUser.accessToken).toEqual('newAccessToken1');
googleRefreshAuthScope.done();
googleUserScope.done();
});

it('should return 401 when refresh token with 401', async () => {
Expand Down

0 comments on commit 047bdc0

Please sign in to comment.