Add DragonflyDB integration for JWT revocation and implement rate limiting for authentication routes
All checks were successful
Build & Push Docker Image / build (push) Successful in 6m14s
All checks were successful
Build & Push Docker Image / build (push) Successful in 6m14s
This commit is contained in:
@@ -1,5 +1,7 @@
|
||||
import jwt from 'jsonwebtoken';
|
||||
import { v4 as uuidv4 } from 'uuid';
|
||||
import { getDb } from '../config/database.js';
|
||||
import redis from '../config/redis.js';
|
||||
|
||||
const JWT_SECRET = process.env.JWT_SECRET || 'fallback-secret-change-me';
|
||||
|
||||
@@ -13,6 +15,20 @@ export async function authenticateToken(req, res, next) {
|
||||
|
||||
try {
|
||||
const decoded = jwt.verify(token, JWT_SECRET);
|
||||
|
||||
// Check JWT blacklist in DragonflyDB (revoked tokens via logout)
|
||||
if (decoded.jti) {
|
||||
try {
|
||||
const revoked = await redis.get(`blacklist:${decoded.jti}`);
|
||||
if (revoked) {
|
||||
return res.status(401).json({ error: 'Token has been revoked' });
|
||||
}
|
||||
} catch (redisErr) {
|
||||
// Graceful degradation: if Redis is unavailable, allow the request
|
||||
console.warn('Redis blacklist check skipped:', redisErr.message);
|
||||
}
|
||||
}
|
||||
|
||||
const db = getDb();
|
||||
const user = await db.get('SELECT id, name, display_name, email, role, theme, language, avatar_color, avatar_image, email_verified FROM users WHERE id = ?', [decoded.userId]);
|
||||
if (!user) {
|
||||
@@ -33,5 +49,6 @@ export function requireAdmin(req, res, next) {
|
||||
}
|
||||
|
||||
export function generateToken(userId) {
|
||||
return jwt.sign({ userId }, JWT_SECRET, { expiresIn: '7d' });
|
||||
const jti = uuidv4();
|
||||
return jwt.sign({ userId, jti }, JWT_SECRET, { expiresIn: '7d' });
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user