watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2025-12-08 05:12:36 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Changed JWT implementation.

Browse source
This commit is contained in:
Mike Cao 2020-07-22 21:33:17 -07:00
parent cb0c912c5b
commit f3f0ad15f2
6 changed files with 48 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

4
pages/api/auth.js
View file

@ -1,5 +1,5 @@
import { serialize } from 'cookie';
import { checkPassword, createToken, secret } from 'lib/crypto';
import { checkPassword, createSecureToken } from 'lib/crypto';
import { getAccount } from 'lib/db';
export default async (req, res) => {
@ -9,7 +9,7 @@ export default async (req, res) => {
if (account && (await checkPassword(password, account.password))) {
const { user_id, username, is_admin } = account;
const token = await createToken({ user_id, username, is_admin });
const token = await createSecureToken({ user_id, username, is_admin });
const expires = new Date(Date.now() + 31536000000);
const cookie = serialize('umami.auth', token, { expires, httpOnly: true });

12
pages/api/verify.js Normal file
View file

@ -0,0 +1,12 @@
import { verifySecureToken } from 'lib/crypto';
export default async (req, res) => {
const { token } = req.body;
try {
const payload = await verifySecureToken(token);
res.status(200).send(payload);
} catch {
res.status(400).send('');
}
};