Added session length option for session tokens to server configuration

2016-04-02 11:36:47 -04:00
parent 51664c8f33
commit f99b5588ab
10 changed files with 188 additions and 15 deletions
--- a/src/Auth.js
+++ b/src/Auth.js
@@ -62,6 +62,13 @@ var getAuthForSessionToken = function({ config, sessionToken, installationId } =
    if (results.length !== 1 || !results[0]['user']) {
      return nobody(config);
    }
+
+    var now = new Date(), 
+        expiresAt = new Date(results[0].expiresAt.iso);
+    if(expiresAt < now) {
+      throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN,
+            'Session token is expired.');
+    }
    var obj = results[0]['user'];
    delete obj.password;
    obj['className'] = '_User';
--- a/src/Config.js
+++ b/src/Config.js
@@ -47,17 +47,21 @@ export class Config {
    this.customPages = cacheInfo.customPages || {};
    this.mount = removeTrailingSlash(mount);
    this.liveQueryController = cacheInfo.liveQueryController;
+    this.sessionLength = cacheInfo.sessionLength;
+    this.generateSessionExpiresAt = this.generateSessionExpiresAt.bind(this);
  }

  static validate(options) {
-    this.validateEmailConfiguration({verifyUserEmails: options.verifyUserEmails,
-                                appName: options.appName,
+    this.validateEmailConfiguration({verifyUserEmails: options.verifyUserEmails, 
+                                appName: options.appName, 
                                publicServerURL: options.publicServerURL})
    if (options.publicServerURL) {
      if (!options.publicServerURL.startsWith("http://") && !options.publicServerURL.startsWith("https://")) {
        throw "publicServerURL should be a valid HTTPS URL starting with https://"
      }
    }
+
+    this.validateSessionLength(options.sessionLength);
  }

  static validateEmailConfiguration({verifyUserEmails, appName, publicServerURL}) {
@@ -83,6 +87,20 @@ export class Config {
    this._mount = newValue;
  }

+  static validateSessionLength(sessionLength) {
+    if(isNaN(sessionLength)) {
+      throw 'Session length must be a valid number.';
+    }
+    else if(sessionLength <= 0) {
+      throw 'Session length must be a value greater than 0.'
+    }
+  }
+
+  generateSessionExpiresAt() {
+    var now = new Date();
+    return new Date(now.getTime() + (this.sessionLength*1000));
+  }
+
  get invalidLinkURL() {
    return this.customPages.invalidLink || `${this.publicServerURL}/apps/invalid_link.html`;
  }
--- a/src/ParseServer.js
+++ b/src/ParseServer.js
@@ -75,6 +75,7 @@ addParseCloud();
 // "restAPIKey": optional key from Parse dashboard
 // "javascriptKey": optional key from Parse dashboard
 // "push": optional key from configure push
+// "sessionLength": optional length in seconds for how long Sessions should be valid for

 class ParseServer {

@@ -111,7 +112,8 @@ class ParseServer {
      choosePassword: undefined,
      passwordResetSuccess: undefined
    },
-    liveQuery = {}
+    liveQuery = {},
+    sessionLength = 31536000, // 1 Year in seconds
  }) {
    // Initialize the node client SDK automatically
    Parse.initialize(appId, javascriptKey || 'unused', masterKey);
@@ -185,7 +187,8 @@ class ParseServer {
      publicServerURL: publicServerURL,
      customPages: customPages,
      maxUploadSize: maxUploadSize,
-      liveQueryController: liveQueryController
+      liveQueryController: liveQueryController,
+      sessionLength : Number(sessionLength),
    });

    // To maintain compatibility. TODO: Remove in some version that breaks backwards compatability
--- a/src/RestWrite.js
+++ b/src/RestWrite.js
@@ -319,8 +319,7 @@ RestWrite.prototype.transformUser = function() {
    var token = 'r:' + cryptoUtils.newToken();
    this.storage['token'] = token;
    promise = promise.then(() => {
-      var expiresAt = new Date();
-      expiresAt.setFullYear(expiresAt.getFullYear() + 1);
+      var expiresAt = this.config.generateSessionExpiresAt();
      var sessionData = {
        sessionToken: token,
        user: {
@@ -474,8 +473,7 @@ RestWrite.prototype.handleSession = function() {

  if (!this.query && !this.auth.isMaster) {
    var token = 'r:' + cryptoUtils.newToken();
-    var expiresAt = new Date();
-    expiresAt.setFullYear(expiresAt.getFullYear() + 1);
+    var expiresAt = this.config.generateSessionExpiresAt();
    var sessionData = {
      sessionToken: token,
      user: {
@@ -739,6 +737,7 @@ RestWrite.prototype.runDatabaseOperation = function() {
      ACL['*'] = { read: true, write: false };
      this.data.ACL = ACL;
    }
+
    // Run a create
    return this.config.database.create(this.className, this.data, this.runOptions)
      .then((resp) => {
--- a/src/Routers/UsersRouter.js
+++ b/src/Routers/UsersRouter.js
@@ -108,9 +108,7 @@ export class UsersRouter extends ClassesRouter {

        req.config.filesController.expandFilesInObject(req.config, user);

-        let expiresAt = new Date();
-        expiresAt.setFullYear(expiresAt.getFullYear() + 1);
-
+        let expiresAt = req.config.generateSessionExpiresAt();
        let sessionData = {
          sessionToken: token,
          user: {
--- a/src/middlewares.js
+++ b/src/middlewares.js
@@ -128,9 +128,15 @@ function handleParseHeaders(req, res, next) {
      }
    })
    .catch((error) => {
-      // TODO: Determine the correct error scenario.
-      log.error('error getting auth for sessionToken', error);
-      throw new Parse.Error(Parse.Error.UNKNOWN_ERROR, error);
+      if(error instanceof Parse.Error) {
+        next(error);
+        return;
+      }
+      else {
+        // TODO: Determine the correct error scenario.
+        log.error('error getting auth for sessionToken', error);
+        throw new Parse.Error(Parse.Error.UNKNOWN_ERROR, error);
+      }
    });
 }