notid/integreat
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Forces users to re login when there's a major update

Browse Source
This commit is contained in:
Bryce
2024-04-10 00:36:41 -07:00
parent ff2bf4c2b3
commit f12f8e14c2
6 changed files with 64 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/clj/auto_ap/handler.clj
View File

@@ -2,8 +2,7 @@
(:require [amazonica.core :refer [defcredential]]
[auto-ap.client-routes :as client-routes]
[auto-ap.datomic :refer [conn pull-many]]
[auto-ap.graphql.utils :refer [assert-can-see-client
limited-clients]]
[auto-ap.graphql.utils :refer [limited-clients]]
[auto-ap.logging :as alog]
[auto-ap.routes.auth :as auth]
[auto-ap.routes.exports :as exports]
@@ -13,6 +12,7 @@
[auto-ap.routes.invoices :as invoices]
[auto-ap.routes.queries :as queries]
[auto-ap.routes.yodlee2 :as yodlee2]
[auto-ap.session-version :as session-version]
[auto-ap.ssr-routes :as ssr-routes]
[auto-ap.ssr.core :as ssr]
[auto-ap.ssr.utils :refer [entity-id main-transformer]]
@@ -160,10 +160,12 @@
:exception e)
(throw e)))))))
(defn wrap-idle-session-timeout
[handler]
(fn [request]
(let [session (:session request {})
(let [session (:session request {:version session-version/current-session-version})
end-time (coerce/to-date-time (::idle-timeout session))]
(if (and end-time (time/before? end-time (time/now)))
(if (get (:headers request) "hx-request")
@@ -317,6 +319,8 @@
(dissoc auth :exp))}))
#_(wrap-pprint-session)
(session-version/wrap-session-version)
(wrap-idle-session-timeout)
(wrap-session {:store (cookie-store
{:key

6
src/clj/auto_ap/routes/auth.clj
View File

@@ -8,7 +8,8 @@
[config.core :refer [env]]
[com.brunobonacci.mulog :as mu]
[clojure.java.io :as io]
[clojure.edn :as edn]))
[clojure.edn :as edn]
[auto-ap.session-version :as session-version]))
(def google-client-id "264081895820-0nndcfo3pbtqf30sro82vgq5r27h8736.apps.googleusercontent.com")
(def google-client-secret "OC-WemHurPXYpuIw5cT-B90g")
@@ -94,7 +95,8 @@
(jwt/sign jwt
(:jwt-secret env)
{:alg :hs512}))}
:session {:identity (dissoc jwt :exp)}}
:session {:identity (dissoc jwt :exp)
:version session-version/current-session-version}}
{:status 401
:body "Couldn't authenticate"}))
(catch Exception e

36
src/clj/auto_ap/session_version.clj Normal file
View File

@@ -0,0 +1,36 @@
(ns auto-ap.session-version
(:require [bidi.bidi :as bidi]))
;; TODO this should only be done until SSR is complete
;; once it is, it should just use redirects based on headers
;; no header=use default, mismatch header=redirect to login
(def current-session-version 1)
(defn wrap-session-version
[handler]
(fn [request]
(let [session (:session request)
route (bidi/match-route @(resolve 'auto-ap.handler/all-routes)
(:uri request)
:request-method (:request-method request))
is-normal-route? (or (keyword? route)
(keyword? (:handler route)))] ;; TODO SSR icky
(if (and (not= (:version session) current-session-version)
(not= :login route)
(not= :oauth route)
(not= :oauth (:handler route))
(not= :login (:handler route))
is-normal-route?)
(cond
(or (= :graphql (:handler route))
(= :graphql route))
{:status 401}
(get (:headers request) "hx-request")
{:session nil
:status 200
:headers {"hx-redirect" "/login"}}
:else
{:session nil
:status 302
:headers {"Location" "/login"}})
(handler request)))))

6
src/clj/auto_ap/ssr/auth.clj
View File

@@ -1,5 +1,6 @@
(ns auto-ap.ssr.auth
(:require [buddy.sign.jwt :as jwt]
(:require [auto-ap.session-version :as session-version]
[buddy.sign.jwt :as jwt]
[config.core :refer [env]]))
(defn logout [request]
@@ -13,4 +14,5 @@
:session {:identity (dissoc (jwt/unsign (get-in request [:query-params "jwt"])
(:jwt-secret env)
{:alg :hs512})
:exp)}})
:exp)
:version session-version/current-session-version}})