From 047bdc0c4827507c6bb360c2a0d4cfd7d38ad425 Mon Sep 17 00:00:00 2001 From: Embbnux Ji Date: Fri, 19 Jul 2024 09:22:04 +0800 Subject: [PATCH] misc: do not save user name in db (#70) * misc: do not save user name in db * chore: remove test host --- src/refreshSubscriptionCron.js | 3 ++- src/server/handlers/authorizationHandler.js | 2 +- src/server/lib/oauth.js | 1 + src/server/models/userModel.js | 5 +---- src/server/routes/authorization.js | 7 ++++++- tests/authorization.test.js | 23 ++++++++++++++++++++- 6 files changed, 33 insertions(+), 8 deletions(-) diff --git a/src/refreshSubscriptionCron.js b/src/refreshSubscriptionCron.js index d687315..b8c290a 100644 --- a/src/refreshSubscriptionCron.js +++ b/src/refreshSubscriptionCron.js @@ -9,7 +9,7 @@ async function refreshSubscription() { const currentTime = new Date(); const expiredIn3Day = new Date(currentTime); expiredIn3Day.setDate(currentTime.getDate() + 3); - const subscriptions = await Subscription.findAll(); + const subscriptions = await Subscription.findAll(); // TODO: add lastKey const users = {}; for (const subscription of subscriptions) { if (subscription.watchExpiredAt < currentTime) { @@ -37,6 +37,7 @@ async function refreshSubscription() { } catch (e) { if (e.response && e.response.status === 401) { user.accessToken = ''; + user.name = ''; await user.save(); console.log('refreshing subscription failed: access token expired: ', user.id); return; diff --git a/src/server/handlers/authorizationHandler.js b/src/server/handlers/authorizationHandler.js index 607a51c..5fe5ae5 100644 --- a/src/server/handlers/authorizationHandler.js +++ b/src/server/handlers/authorizationHandler.js @@ -15,7 +15,7 @@ async function onAuthorize(accessToken, refreshToken, expires) { accessToken: accessToken, refreshToken: refreshToken, tokenExpiredAt: expires, - name: userInfoResponse.name, + name: '', subscriptions: [], }); } diff --git a/src/server/lib/oauth.js b/src/server/lib/oauth.js index 7c98d59..2ebbf53 100644 --- a/src/server/lib/oauth.js +++ b/src/server/lib/oauth.js @@ -10,6 +10,7 @@ async function checkAndRefreshAccessToken(user) { expires.setSeconds(expires.getSeconds() + response.expires_in); user.accessToken = accessToken; user.tokenExpiredAt = expires; + user.name = ''; // clear user name await user.save(); } } diff --git a/src/server/models/userModel.js b/src/server/models/userModel.js index d555f91..2c0f103 100644 --- a/src/server/models/userModel.js +++ b/src/server/models/userModel.js @@ -13,12 +13,9 @@ const User = sequelize.define('users', { tokenExpiredAt:{ type: Sequelize.DATE }, - email: { - type: Sequelize.STRING, - }, name: { type: Sequelize.STRING, - }, + }, // name is not saved in DB. Keep this for backward compatibility rcUserId: { type: Sequelize.STRING, }, diff --git a/src/server/routes/authorization.js b/src/server/routes/authorization.js index 54048c5..0577781 100644 --- a/src/server/routes/authorization.js +++ b/src/server/routes/authorization.js @@ -27,14 +27,18 @@ async function getUserInfo(req, res) { res.send('Token invalid.'); return; } + let userInfo; try { // check token refresh condition await checkAndRefreshAccessToken(user); + const googleClient = new GoogleClient({ token: user.accessToken }); + userInfo = await googleClient.getUserInfo(); // console.log('accessToken: ', user.accessToken); } catch (e) { if (e.response && e.response.status === 401) { user.accessToken = ''; user.refreshToken = ''; + user.name = ''; await user.save(); res.status(401); res.send('Unauthorized.'); @@ -50,7 +54,7 @@ async function getUserInfo(req, res) { ); res.json({ user: { - name: user.name, + name: userInfo && userInfo.name, }, formIds: subscriptions.map(subscription => subscription.formId), }); @@ -133,6 +137,7 @@ async function revokeToken(req, res) { if (e.response && e.response.status === 401) { user.accessToken = ''; user.refreshToken = ''; + user.name = ''; await user.save(); res.status(200); res.json({ diff --git a/tests/authorization.test.js b/tests/authorization.test.js index 7e75e98..b288552 100644 --- a/tests/authorization.test.js +++ b/tests/authorization.test.js @@ -508,7 +508,7 @@ describe('Authorization', () => { refreshToken: 'knownRefreshToken', tokenExpiredAt: new Date(Date.now() + 3600 * 1000), subscriptions: [], - name: 'test user', + name: '', }); }); @@ -597,6 +597,12 @@ describe('Authorization', () => { const jwtToken = jwt.generateJwt({ id: user.id, }); + const googleUserScope = nock('https://www.googleapis.com') + .get('/oauth2/v3/userinfo') + .reply(200, { + sub: 'testGoogleUserId', + name: 'test user', + }); const res = await request(server) .get(`/get-user-info?rcWebhookUri=${mockRCWebhookUri}`) .set('Referer', process.env.APP_SERVER) @@ -604,6 +610,7 @@ describe('Authorization', () => { expect(res.status).toEqual(200); expect(JSON.parse(res.text).user.name).toEqual('test user'); expect(JSON.parse(res.text).formIds.length).toEqual(0); + googleUserScope.done(); }); it('should return 403 invalid referer', async () => { @@ -640,6 +647,12 @@ describe('Authorization', () => { const jwtToken = jwt.generateJwt({ id: user.id, }); + const googleUserScope = nock('https://www.googleapis.com') + .get('/oauth2/v3/userinfo') + .reply(200, { + sub: 'testGoogleUserId', + name: 'test user', + }); const res = await request(server) .get(`/get-user-info?rcWebhookUri=${mockRCWebhookUri}`) .set('Referer', process.env.APP_SERVER) @@ -648,6 +661,7 @@ describe('Authorization', () => { expect(JSON.parse(res.text).user.name).toEqual('test user'); expect(JSON.parse(res.text).formIds.length).toEqual(1); expect(JSON.parse(res.text).formIds[0]).toEqual('test_formId'); + googleUserScope.done(); }); it('should refresh token and get user info successfully', async () => { @@ -656,6 +670,12 @@ describe('Authorization', () => { const jwtToken = jwt.generateJwt({ id: user.id, }); + const googleUserScope = nock('https://www.googleapis.com') + .get('/oauth2/v3/userinfo') + .reply(200, { + sub: 'testGoogleUserId', + name: 'test user', + }); const googleRefreshAuthScope = nock(googleTokenDomain) .post(googleTokenPath) .reply(200, { @@ -674,6 +694,7 @@ describe('Authorization', () => { const newUser = await User.findByPk(user.id); expect(newUser.accessToken).toEqual('newAccessToken1'); googleRefreshAuthScope.done(); + googleUserScope.done(); }); it('should return 401 when refresh token with 401', async () => {