Merge pull request #102 from coder-mind-project/develop

Version 1.1.4 released!

Author: allanalves23

README.md

@@ -10,9 +10,9 @@ Owner: Coder Mind
 
 E-mail (Project owner): allan@codermind.com.br
 
-Stable release: http://master.codermind.com.br
+Stable release: https://master.codermind.com.br
 
-Latest release: http://master-homolog.codermind.com.br
+Latest release: https://master-homolog.codermind.com.br
 ___
 
 ## Docs:

api/auth/auth.js

@@ -1,6 +1,7 @@
 const jwt = require('jwt-simple')
 const { SECRET_AUTH_PACKAGE, issuer } = require('../../config/environment')
 const captcha = require('../../config/recaptcha/captcha.js')
+const { tokenDuration, tokenEmission, nowInSecs } = require('../../config/authentication/tokenrules')
 
 /**
  *  @function
@@ -82,12 +83,11 @@ module.exports = app => {
         user.password = null
 
         const now = Math.floor(Date.now() / 1000)
-        const tenDaysLater = 60 * 60 * 24 * 10
 
         const payload = {
           iss: issuer,
-          iat: now,
-          exp: now + tenDaysLater,
+          iat: tokenEmission,
+          exp: tokenDuration,
           user: {
             _id: user._id || user.id,
             name: user.name,
@@ -128,7 +128,7 @@ module.exports = app => {
       let token = { ...req.body }.token
       const { secret } = SECRET_AUTH_PACKAGE
 
-      const payload = token ? await jwt.decode(token, secret) : {}
+      const payload = token ? await jwt.decode(token, secret, true) : {}
 
       if (payload.iss !== issuer) {
         throw {
@@ -144,6 +144,13 @@ module.exports = app => {
         }
       }
 
+      if (!payload.exp || !payload.iat || nowInSecs() > payload.exp) {
+        throw {
+          name: 'expired',
+          description: 'Acesso não autorizado'
+        }
+      }
+
       let user = await User.findOne({ _id: payload.user._id, deletedAt: null })
 
       if (user && user._id) {

api/responses.js

@@ -180,7 +180,7 @@ module.exports = app => {
       msg: 'Ocorreu um erro desconhecido, se persistir reporte'
     }
 
-    const { name, description } = { ...stack }
+    const { name, description } = stack
 
     switch (description) {
       case 'Captcha inválido':
@@ -201,7 +201,8 @@ module.exports = app => {
     pending = name
     reformulatedError.msg = description
 
-    reformulatedError[pending] = 'pending'
+    reformulatedError[pending || 'InternalError'] = 'pending'
+
     return reformulatedError
   }
 

config/authentication/tokenrules.js

@@ -0,0 +1,7 @@
+const nowInSecs = () => Math.floor(Date.now() / 1000)
+
+module.exports = {
+  tokenEmission: nowInSecs(),
+  tokenDuration: nowInSecs() + 60 * 60 * 24 * 10, // 10 days
+  nowInSecs
+}

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "master-api",
-  "version": "1.1.3",
+  "version": "1.1.4",
   "description": "Master api for Coder Mind platform",
   "main": "index.js",
   "scripts": {
@@ -28,16 +28,16 @@
     "dotenv": "^8.2.0",
     "express": "^4.17.1",
     "jwt-simple": "^0.5.6",
-    "mongoose": "^5.7.5",
     "knex": "^0.19.5",
+    "mongoose": "^5.7.5",
     "mongoose-seed": "^0.6.0",
     "mongoose-unique-validator": "^2.0.3",
     "multer": "^1.4.2",
     "multer-s3": "^2.9.0",
     "mysql": "^2.17.1",
     "node-schedule": "^1.3.2",
     "nodemailer": "^6.3.0",
-    "passport": "^0.4.0",
+    "passport": "^0.4.1",
     "passport-jwt": "^4.0.0",
     "pm2": "^4.4.0"
   },