mirror of
https://github.com/toeverything/AFFiNE.git
synced 2024-12-24 08:52:54 +03:00
fix: use database session cookie for production (#4200)
This commit is contained in:
parent
8407b2dd7c
commit
1dc94277c2
@ -121,7 +121,7 @@ export const NextAuthOptionsProvider: FactoryProvider<NextAuthOptions> = {
|
||||
adapter: prismaAdapter,
|
||||
debug: !config.node.prod,
|
||||
session: {
|
||||
strategy: 'jwt',
|
||||
strategy: config.node.prod ? 'database' : 'jwt',
|
||||
},
|
||||
// @ts-expect-error Third part library type mismatch
|
||||
logger: console,
|
||||
|
@ -49,13 +49,18 @@ export class AuthResolver {
|
||||
|
||||
@Throttle(20, 60)
|
||||
@ResolveField(() => TokenType)
|
||||
token(@CurrentUser() currentUser: UserType, @Parent() user: UserType) {
|
||||
async token(@CurrentUser() currentUser: UserType, @Parent() user: UserType) {
|
||||
if (user.id !== currentUser.id) {
|
||||
throw new BadRequestException('Invalid user');
|
||||
}
|
||||
|
||||
// on production we use session token that is stored in database (strategy = 'database')
|
||||
const sessionToken = this.config.node.prod
|
||||
? await this.auth.getSessionToken(user.id)
|
||||
: this.auth.sign(user);
|
||||
|
||||
return {
|
||||
token: this.auth.sign(user),
|
||||
token: sessionToken,
|
||||
refresh: this.auth.refresh(user),
|
||||
};
|
||||
}
|
||||
|
@ -251,4 +251,17 @@ export class AuthService {
|
||||
async sendChangeEmail(email: string, callbackUrl: string) {
|
||||
return this.mailer.sendChangeEmail(email, callbackUrl);
|
||||
}
|
||||
async getSessionToken(userId: string) {
|
||||
const session = await this.prisma.session.findFirst({
|
||||
where: {
|
||||
userId: userId,
|
||||
},
|
||||
});
|
||||
|
||||
if (!session) {
|
||||
throw new BadRequestException(`No session found for user id ${userId}`);
|
||||
}
|
||||
|
||||
return session?.sessionToken;
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user