From cec30620ecbd5bef9b4cf550a5c7727f66836c19 Mon Sep 17 00:00:00 2001 From: Kayne Ruse Date: Thu, 1 Dec 2022 12:06:20 +0000 Subject: [PATCH] BUGFIX: clear out old refresh tokens --- server/server.js | 11 +++++++++++ tools/react/token-provider.jsx | 12 ++++++++++++ 2 files changed, 23 insertions(+) diff --git a/server/server.js b/server/server.js index 1927d24..c570a8b 100644 --- a/server/server.js +++ b/server/server.js @@ -36,6 +36,17 @@ app.get('*', (req, res) => { //startup server.listen(process.env.WEB_PORT || 3200, async (err) => { + //BUGFIX: clear out old refresh tokens + const { Op } = require('sequelize'); + const { tokens } = require('./database/models'); + tokens.destroy({ + where: { + createdAt: { + [Op.lt]: new Date(new Date().setDate(new Date().getDate() - 30)) + } + } + }); + await database.sync(); console.log(`listening to localhost:${process.env.WEB_PORT || 3200}`); }); diff --git a/tools/react/token-provider.jsx b/tools/react/token-provider.jsx index 6ad9614..135e8ff 100644 --- a/tools/react/token-provider.jsx +++ b/tools/react/token-provider.jsx @@ -9,6 +9,12 @@ const TokenProvider = props => { //state to be used const [accessToken, setAccessToken] = useState(''); + //force a logout under certain conditions + const forceLogout = () => { + localStorage.removeItem("accessToken"); + setAccessToken(""); + }; + //make the access token persist between reloads useEffect(() => { setAccessToken(localStorage.getItem("accessToken") || ''); @@ -47,6 +53,9 @@ const TokenProvider = props => { //any errors, throw them if (!response.ok) { + if (response.status == 403) { + forceLogout(); + } throw `${response.status}: ${await response.text()}`; } @@ -82,6 +91,9 @@ const TokenProvider = props => { //any errors, throw them if (!response.ok) { + if (response.status == 403) { + forceLogout(); + } throw `${response.status}: ${await response.text()}`; }