Buriburizaemon/nodewarden
1
0
Fork 0
mirror of https://github.com/shuaiplus/nodewarden.git synced 2026-06-20 21:00:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: improve device validation logic in refresh token handling

Browse Source
This commit is contained in:
shuaiplus
2026-05-23 02:00:41 +08:00
parent 56185ecb69
commit 385a873e65
1 changed files with 14 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/services/auth.ts
+14 -11
View File
@@ -254,19 +254,22 @@ export class AuthService {
} }
let device: { identifier: string; sessionStamp: string } | null = null; let device: { identifier: string; sessionStamp: string } | null = null;
if (record.deviceIdentifier) { if (!record.deviceIdentifier || !record.deviceSessionStamp) {
const boundDevice = await this.storage.getDevice(user.id, record.deviceIdentifier); await this.storage.deleteRefreshToken(refreshToken);
if (!boundDevice) { return { ok: false, reason: 'device_missing', userId: user.id, deviceIdentifier: record.deviceIdentifier };
await this.storage.deleteRefreshToken(refreshToken);
return { ok: false, reason: 'device_missing', userId: user.id, deviceIdentifier: record.deviceIdentifier };
}
if (!record.deviceSessionStamp || boundDevice.sessionStamp !== record.deviceSessionStamp) {
await this.storage.deleteRefreshToken(refreshToken);
return { ok: false, reason: 'device_session_mismatch', userId: user.id, deviceIdentifier: record.deviceIdentifier };
}
device = { identifier: boundDevice.deviceIdentifier, sessionStamp: boundDevice.sessionStamp };
} }
const boundDevice = await this.storage.getDevice(user.id, record.deviceIdentifier);
if (!boundDevice) {
await this.storage.deleteRefreshToken(refreshToken);
return { ok: false, reason: 'device_missing', userId: user.id, deviceIdentifier: record.deviceIdentifier };
}
if (boundDevice.sessionStamp !== record.deviceSessionStamp) {
await this.storage.deleteRefreshToken(refreshToken);
return { ok: false, reason: 'device_session_mismatch', userId: user.id, deviceIdentifier: record.deviceIdentifier };
}
device = { identifier: boundDevice.deviceIdentifier, sessionStamp: boundDevice.sessionStamp };
const accessToken = await this.generateAccessToken(user, device); const accessToken = await this.generateAccessToken(user, device);
return { ok: true, accessToken, user, device }; return { ok: true, accessToken, user, device };
} }