Aaltronav/dougal-software
1
0
Fork 0
mirror of https://gitlab.com/wgp/dougal/software.git synced 2025-12-06 12:57:08 +00:00
Code Issues Packages Projects Releases Activity

Improve handling of JWT over websocket.

Browse Source 
When a valid `token` message is received from a client, the
socket server will automatically push refreshed tokens at
about half lifetime of the received JWT.

If an invalid token is received the connection is closed.

See #304.
This commit is contained in:
D. Berge
2025-08-06 10:26:53 +02:00
parent be5c6f1fa3
commit 9c38af4bc0
1 changed files with 48 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
lib/www/server/ws/index.js
View File

@@ -8,6 +8,48 @@ function start (server, pingInterval=30000) {
const wsServer = new ws.Server({ noServer: true }); const wsServer = new ws.Server({ noServer: true });
wsServer.on('connection', socket => { wsServer.on('connection', socket => {
function scheduleJwtRefresh (token) {
const decoded = jwt.decode(token);
console.log("scheduleJwtRefresh for token", token);
console.log("decoded as", decoded);
const exp = decoded?.exp;
if (exp) {
const timeout = (exp*1000 - Date.now()) / 2;
socket._jwtRefresh = setTimeout(() => refreshJwt(token), timeout);
console.log(`Scheduled JWT refresh in ${timeout/1000} seconds at time ${(new Date(Date.now() + timeout)).toISOString()}`);
} else {
console.log("Token has no exp claim. Refresh not scheduled");
}
}
function refreshJwt (token) {
console.log("refreshJwt called");
jwt.checkValidCredentials({jwt: token}).then( decoded => {
console.log("refreshJwt decoded JWT = ", decoded);
if (decoded) {
console.log("Renewing JWT via websocket");
delete decoded.exp;
const token = jwt.issue(decoded);
socket.send(JSON.stringify({
channel: ".jwt",
payload: {
token
}
}));
scheduleJwtRefresh(token);
} else {
console.warn("FAILED to decode JWT");
}
})
.catch( err => {
console.log("refreshJwt: Invalid credentials found");
console.error(err);
socket.close();
});
}
socket.alive = true; socket.alive = true;
socket.on('pong', function () { this.alive = true; }) socket.on('pong', function () { this.alive = true; })
socket.on('message', message => { socket.on('message', message => {
@@ -16,26 +58,18 @@ function start (server, pingInterval=30000) {
try { try {
const payload = JSON.parse(message); const payload = JSON.parse(message);
if (payload?.jwt) { if (payload?.jwt) {
jwt.checkValidCredentials({jwt: payload.jwt}).then( decoded => { refreshJwt(payload.jwt);
// console.log("Decoded", decoded);
if (decoded) {
console.log("Renewing JWT via websocket");
delete decoded.exp;
const token = jwt.issue(decoded);
socket.send(JSON.stringify({
channel: ".jwt",
payload: {
token
}
}));
}
});
} }
} catch (err) { } catch (err) {
console.warn("Websocket message decoding failed", err); console.warn("Websocket message decoding failed", err);
} }
}); });
socket.on('close', () => {
if (socket._jwtTimeout) {
clearTimeout(socket._jwtTimeout);
}
});
}); });
server.on('upgrade', (request, socket, head) => { server.on('upgrade', (request, socket, head) => {