Jayden/AFFiNE-Mirror
1
0
Fork 0
mirror of https://github.com/toeverything/AFFiNE.git synced 2026-02-13 21:05:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(server): verificationToken model (#9655)

Browse Source
This commit is contained in:
fengmk2
2025-01-14 03:39:05 +00:00
parent afd2c3f642
commit 290b2074c8
3 changed files with 343 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
packages/backend/server/src/models/index.ts
View File

@@ -2,14 +2,18 @@ import { Global, Injectable, Module } from '@nestjs/common';
import { SessionModel } from './session';
import { UserModel } from './user';
import { VerificationTokenModel } from './verification-token';
const models = [UserModel, SessionModel] as const;
export * from './verification-token';
const models = [UserModel, SessionModel, VerificationTokenModel] as const;
@Injectable()
export class Models {
constructor(
public readonly user: UserModel,
public readonly session: SessionModel
public readonly session: SessionModel,
public readonly verificationToken: VerificationTokenModel
) {}
}

144
packages/backend/server/src/models/verification-token.ts Normal file
View File

@@ -0,0 +1,144 @@
import { randomUUID } from 'node:crypto';
import { Injectable, Logger } from '@nestjs/common';
import { PrismaClient, type VerificationToken } from '@prisma/client';
import { CryptoHelper } from '../base/helpers';
export type { VerificationToken };
export enum TokenType {
SignIn,
VerifyEmail,
ChangeEmail,
ChangePassword,
Challenge,
}
@Injectable()
export class VerificationTokenModel {
private readonly logger = new Logger(VerificationTokenModel.name);
constructor(
private readonly db: PrismaClient,
private readonly crypto: CryptoHelper
) {}
/**
* create token by type and credential (optional) with ttl in seconds (default 30 minutes)
*/
async create(
type: TokenType,
credential?: string,
ttlInSec: number = 30 * 60
) {
const plaintextToken = randomUUID();
const { token } = await this.db.verificationToken.create({
data: {
type,
token: plaintextToken,
credential,
expiresAt: new Date(Date.now() + ttlInSec * 1000),
},
});
return this.crypto.encrypt(token);
}
/**
* get token by type
*
* token will be deleted if expired or keep is not set
*/
async get(type: TokenType, token: string, keep?: boolean) {
token = this.crypto.decrypt(token);
const record = await this.db.verificationToken.findUnique({
where: {
type_token: {
token,
type,
},
},
});
if (!record) {
return null;
}
const isExpired = record.expiresAt <= new Date();
// always delete expired token
// or if keep is not set for one time token
if (isExpired || !keep) {
const count = await this.delete(type, token);
// already deleted, means token has been used
if (!count) {
return null;
}
}
return !isExpired ? record : null;
}
/**
* get token and verify credential
*
* if credential is not provided, it will be failed
*
* token will be deleted if expired or keep is not set
*/
async verify(
type: TokenType,
token: string,
{
credential,
keep,
}: {
credential?: string;
keep?: boolean;
} = {}
) {
const record = await this.get(type, token, true);
if (!record) {
return null;
}
const valid = !record.credential || record.credential === credential;
// keep is not set for one time valid token
if (valid && !keep) {
const count = await this.delete(type, record.token);
// already deleted, means token has been used
if (!count) {
return null;
}
}
return valid ? record : null;
}
async delete(type: TokenType, token: string) {
const { count } = await this.db.verificationToken.deleteMany({
where: {
token,
type,
},
});
this.logger.log(`Deleted token success by type ${type} and token ${token}`);
return count;
}
/**
* clean expired tokens
*/
async cleanExpired() {
const { count } = await this.db.verificationToken.deleteMany({
where: {
expiresAt: {
lte: new Date(),
},
},
});
this.logger.log(`Cleaned ${count} expired tokens`);
return count;
}
}