mirror of
https://github.com/verdaccio/verdaccio.git
synced 2025-01-06 22:40:26 -05:00
feat: jwt default time new set (#2787)
Reduce 7 days to 1 hour as expiration time to improve security measures.
This commit is contained in:
Juan Picado
GitHub
parent
e1a9bb46ff
commit
1c17d0986e
2 changed files with 17 additions and 18 deletions
|
|
@ -4,7 +4,7 @@ import { RemoteUser, Package, Callback, Config, Security, APITokenOptions, JWTOp
|
|||
import { CookieSessionToken, IAuthWebUI, AuthMiddlewarePayload, AuthTokenHeader, BasicPayload } from '../../types';
|
||||
import { logger } from '../lib/logger';
|
||||
import { convertPayloadToBase64, ErrorCode } from './utils';
|
||||
import { API_ERROR, HTTP_STATUS, ROLES, TIME_EXPIRATION_7D, TOKEN_BASIC, TOKEN_BEARER, DEFAULT_MIN_LIMIT_PASSWORD } from './constants';
|
||||
import { API_ERROR, HTTP_STATUS, ROLES, TIME_EXPIRATION_1H, TOKEN_BASIC, TOKEN_BEARER, DEFAULT_MIN_LIMIT_PASSWORD } from './constants';
|
||||
import { aesDecrypt, verifyPayload } from './crypto-utils';
|
||||
|
||||
const debug = buildDebug('verdaccio');
|
||||
|
|
@ -115,8 +115,8 @@ export function createSessionToken(): CookieSessionToken {
|
|||
|
||||
const defaultWebTokenOptions: JWTOptions = {
|
||||
sign: {
|
||||
// The expiration token for the website is 7 days
|
||||
expiresIn: TIME_EXPIRATION_7D,
|
||||
// The expiration token for the website is 1 hour
|
||||
expiresIn: TIME_EXPIRATION_1H,
|
||||
},
|
||||
verify: {},
|
||||
};
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ export const DEFAULT_PORT = '4873';
|
|||
export const DEFAULT_PROTOCOL = 'http';
|
||||
export const DEFAULT_DOMAIN = 'localhost';
|
||||
export const TIME_EXPIRATION_24H = '24h';
|
||||
export const TIME_EXPIRATION_7D = '7d';
|
||||
export const TIME_EXPIRATION_1H = '1h';
|
||||
export const DIST_TAGS = 'dist-tags';
|
||||
export const LATEST = 'latest';
|
||||
export const USERS = 'users';
|
||||
|
|
@ -39,22 +39,22 @@ export const HEADERS = {
|
|||
OCTET_STREAM: 'application/octet-stream; charset=utf-8',
|
||||
TEXT_CHARSET: 'text/plain; charset=utf-8',
|
||||
WWW_AUTH: 'WWW-Authenticate',
|
||||
GZIP: 'gzip'
|
||||
GZIP: 'gzip',
|
||||
};
|
||||
|
||||
export const CHARACTER_ENCODING = {
|
||||
UTF8: 'utf8'
|
||||
UTF8: 'utf8',
|
||||
};
|
||||
|
||||
export const HEADER_TYPE = {
|
||||
CONTENT_ENCODING: 'content-encoding',
|
||||
CONTENT_TYPE: 'content-type',
|
||||
CONTENT_LENGTH: 'content-length',
|
||||
ACCEPT_ENCODING: 'accept-encoding'
|
||||
ACCEPT_ENCODING: 'accept-encoding',
|
||||
};
|
||||
|
||||
export const ERROR_CODE = {
|
||||
token_required: 'token is required'
|
||||
token_required: 'token is required',
|
||||
};
|
||||
|
||||
export const TOKEN_BASIC = 'Basic';
|
||||
|
|
@ -69,7 +69,7 @@ export const ROLES = {
|
|||
$ANONYMOUS: '$anonymous',
|
||||
DEPRECATED_ALL: '@all',
|
||||
DEPRECATED_AUTH: '@authenticated',
|
||||
DEPRECATED_ANONYMOUS: '@anonymous'
|
||||
DEPRECATED_ANONYMOUS: '@anonymous',
|
||||
};
|
||||
|
||||
export const HTTP_STATUS = {
|
||||
|
|
@ -88,7 +88,7 @@ export const HTTP_STATUS = {
|
|||
INTERNAL_ERROR: 500,
|
||||
NOT_IMPLEMENTED: 501,
|
||||
SERVICE_UNAVAILABLE: 503,
|
||||
LOOP_DETECTED: 508
|
||||
LOOP_DETECTED: 508,
|
||||
};
|
||||
|
||||
export const API_MESSAGE = {
|
||||
|
|
@ -101,19 +101,18 @@ export const API_MESSAGE = {
|
|||
TAG_UPDATED: 'tags updated',
|
||||
TAG_REMOVED: 'tag removed',
|
||||
TAG_ADDED: 'package tagged',
|
||||
LOGGED_OUT: 'Logged out'
|
||||
LOGGED_OUT: 'Logged out',
|
||||
};
|
||||
|
||||
export const SUPPORT_ERRORS = {
|
||||
PLUGIN_MISSING_INTERFACE: 'the plugin does not provide implementation of the requested feature',
|
||||
TFA_DISABLED: 'the two-factor authentication is not yet supported',
|
||||
STORAGE_NOT_IMPLEMENT: 'the storage does not support token saving',
|
||||
PARAMETERS_NOT_VALID: 'the parameters are not valid'
|
||||
PARAMETERS_NOT_VALID: 'the parameters are not valid',
|
||||
};
|
||||
|
||||
export const API_ERROR = {
|
||||
PASSWORD_SHORT: (passLength: number = DEFAULT_MIN_LIMIT_PASSWORD) =>
|
||||
`The provided password is too short. Please pick a password longer than ${passLength} characters.`,
|
||||
PASSWORD_SHORT: (passLength: number = DEFAULT_MIN_LIMIT_PASSWORD) => `The provided password is too short. Please pick a password longer than ${passLength} characters.`,
|
||||
MUST_BE_LOGGED: 'You must be logged in to publish packages.',
|
||||
PLUGIN_ERROR: 'bug in the auth plugin system',
|
||||
CONFIG_BAD_FORMAT: 'config file must be an object',
|
||||
|
|
@ -143,13 +142,13 @@ export const API_ERROR = {
|
|||
RESOURCE_UNAVAILABLE: 'resource unavailable',
|
||||
BAD_PACKAGE_DATA: 'bad incoming package data',
|
||||
USERNAME_PASSWORD_REQUIRED: 'username and password is required',
|
||||
USERNAME_ALREADY_REGISTERED: 'username is already registered'
|
||||
USERNAME_ALREADY_REGISTERED: 'username is already registered',
|
||||
};
|
||||
|
||||
export const APP_ERROR = {
|
||||
CONFIG_NOT_VALID: 'CONFIG: it does not look like a valid config file',
|
||||
PROFILE_ERROR: 'profile unexpected error',
|
||||
PASSWORD_VALIDATION: 'not valid password'
|
||||
PASSWORD_VALIDATION: 'not valid password',
|
||||
};
|
||||
|
||||
export const DEFAULT_NO_README = 'ERROR: No README data found!';
|
||||
|
|
@ -159,12 +158,12 @@ export const WEB_TITLE = 'Verdaccio';
|
|||
|
||||
export const PACKAGE_ACCESS = {
|
||||
SCOPE: '@*/*',
|
||||
ALL: '**'
|
||||
ALL: '**',
|
||||
};
|
||||
|
||||
export const STORAGE = {
|
||||
PACKAGE_FILE_NAME: 'package.json',
|
||||
FILE_EXIST_ERROR: 'EEXISTS',
|
||||
NO_SUCH_FILE_ERROR: 'ENOENT',
|
||||
DEFAULT_REVISION: '0-0000000000000000'
|
||||
DEFAULT_REVISION: '0-0000000000000000',
|
||||
};
|
||||
|
|
|
|||
Loading…
Reference in a new issue