mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-26 12:21:36 +03:00
7fdddf34b3
closes https://github.com/TryGhost/Ghost/issues/12347 This change allows a token to be used multiple times for the first 10 seconds after its initial use, this will stop dynamic link checking software from invaliding magic links.
51 lines
1.4 KiB
JavaScript
51 lines
1.4 KiB
JavaScript
const ghostBookshelf = require('./base');
|
|
const crypto = require('crypto');
|
|
const logging = require('../../shared/logging');
|
|
|
|
const SingleUseToken = ghostBookshelf.Model.extend({
|
|
tableName: 'tokens',
|
|
|
|
defaults() {
|
|
return {
|
|
token: crypto
|
|
.randomBytes(192 / 8)
|
|
.toString('base64')
|
|
// base64url encoding means the tokens are URL safe
|
|
.replace(/\+/g, '-')
|
|
.replace(/\//g, '_')
|
|
};
|
|
}
|
|
}, {
|
|
async findOne(data, unfilteredOptions = {}) {
|
|
const model = await ghostBookshelf.Model.findOne.call(this, data, unfilteredOptions);
|
|
|
|
if (model) {
|
|
setTimeout(async () => {
|
|
try {
|
|
await this.destroy(Object.assign({
|
|
destroyBy: {
|
|
id: model.id
|
|
}
|
|
}, {
|
|
...unfilteredOptions,
|
|
transacting: null
|
|
}));
|
|
} catch (err) {
|
|
logging.error(err);
|
|
}
|
|
}, 10000);
|
|
}
|
|
|
|
return model;
|
|
}
|
|
});
|
|
|
|
const SingleUseTokens = ghostBookshelf.Collection.extend({
|
|
model: SingleUseToken
|
|
});
|
|
|
|
module.exports = {
|
|
SingleUseToken: ghostBookshelf.model('SingleUseToken', SingleUseToken),
|
|
SingleUseTokens: ghostBookshelf.collection('SingleUseTokens', SingleUseTokens)
|
|
};
|