[core] autorize

--added function to check token expiration
--added function to extend token
--fix in token manager view(hide current auth token)
--logged in token - life span based on configs

Author: Cookiezaurs

api/utils/authorizer.js

@@ -82,6 +82,68 @@ var crypto = require("crypto");
             options.db.collection("auth_tokens").findOne({_id:options.token}, options.callback);
     };
 
+    /**
+    * Checks if token is not expired yet
+    * @param {object} options - options for the task
+    * @param {object} options.db - database connection
+    * @param {string} options.token - token to rvalidate
+    * @param {function} options.callback - function called when reading was completed or errored, providing error object as first param, true or false if expired as second, seconds till expiration as third.(-1 if never expires, 0 - if expired) 
+    */ 
+    authorizer.check_if_expired =function(options){
+        options.db = options.db || common.db;
+        options.token = options.token;
+        options.db.collection("auth_tokens").findOne({_id:options.token},function(err, res){
+            var expires_after = 0;
+            var valid=false;
+            if(res) {
+                if(res.ttl>0 && res.ends >= Math.round(Date.now()/1000)){
+                    valid = true;
+                    expires_after = res.ends - Math.round(Date.now()/1000);
+                }
+                else if(res.ttl==0) {
+                    valid=true;
+                    expires_after=-1;
+                }
+            } 
+            options.callback(err,valid,expires_after);
+        });
+    }
+    
+    /**
+    * extent token life spas
+    * @param {object} options - options for the task
+    * @param {object} options.db - database connection
+    * @param {string} options.token - token to extend
+    * @param {string} options.extendBy - extend token by given time(in ms)(optional) You have to provide extedBy or extendTill. extendBy==0 makes it never die
+    * @param {string} options.extendTill - extend till given timestamp. (optional) You have to provide extedBy or extendTill
+    * @param {function} options.callback - function called when reading was completed or errored, providing error object as first param and true as second if extending successful
+    */
+    authorizer.extend_token = function(options) {
+        if(!options.token || options.token=="") {
+            if(typeof options.callback === "function")
+                options.callback(Error("Token not provided"),null);
+            return;
+        }
+        options.db = options.db || common.db;
+        var updateArr ={ttl:0,ends:0};
+        if( options.extendBy){
+            updateArr["ends"] = Math.round((options.extendBy+Date.now())/1000);
+            updateArr["ttl"] = options.extendBy;
+        }
+        else if(options.extendTill) {
+            updateArr["ends"] = Math.round(options.extendTill/1000);
+            updateArr["ttl"] = 1;
+        }
+        else {
+            if(typeof options.callback === "function")
+                options.callback(Error("Please provide extendTill or extendBy"),null);
+            return;
+        }
+        options.db.collection("auth_tokens").update({_id:options.token},{$set:updateArr},function(err, res){
+            if(typeof options.callback === "function")
+                options.callback(err,true); 
+        });
+    }
     /**
     Token validation function called from verify and verify return
     */
@@ -90,7 +152,8 @@ var crypto = require("crypto");
         options.token = options.token;
 
         if(!options.token || options.token=="") {
-            options.callback(false);
+            if(typeof options.callback === "function")
+                options.callback(false);
             return;
         }
         else {

api/utils/requestProcessor.js

@@ -1470,6 +1470,22 @@ const processRequest = (params) => {
                 }
                 case '/o/token': {//returns all my tokens
                     switch (paths[3]) {
+                        case 'check':
+                            if (!params.qstring.token) {
+                                common.returnMessage(params, 400, 'Missing parameter "token"');
+                                return false;
+                            }
+                    
+                            validateUser(params, function(){
+                                authorize.check_if_expired({token:params.qstring.token,db:common.db,callback: (err,valid,time_left)=>{
+                                        if(err)
+                                            common.returnMessage(params,404,err.message);
+                                        else
+                                            common.returnMessage(params,200,{valid:valid,time:time_left});
+                                    }
+                                });
+                            });
+                            break;
                         case 'list':
                             validateUser(params, function(){
                                 common.db.collection("auth_tokens").find({"owner":params.member._id+""}).toArray(function(err, res){

frontend/express/app.js

@@ -442,9 +442,29 @@ app.get(countlyConfig.path+'/', function (req, res, next) {
     res.redirect(countlyConfig.path+'/login');
 });
 
-
+var getSessionTimeoutInMs = function(req) {
+    var myTimeoutValue = parseInt(plugins.getConfig("frontend", req.session && req.session.settings).session_timeout)*1000*60;
+        if(myTimeoutValue>2147483647) //max value used by set timeout function
+            myTimeoutValue = 1800000;//30 minutes
+    return myTimeoutValue;
+}
 var extendSession = function(req, res, next){
-	req.session.expires = Date.now() + parseInt(plugins.getConfig("frontend", req.session && req.session.settings).session_timeout)*1000*60;
+	req.session.expires = Date.now() + getSessionTimeoutInMs(req);
+    if(req.session.auth_token) {
+        var ChangeTime = getSessionTimeoutInMs(req);
+        if(ChangeTime>0) {
+            authorize.extend_token({token:req.session.auth_token,db: countlyDb,extendTill:Date.now() + ChangeTime},function(err,res) {
+                if(err)
+                    console.log(err);
+            }); 
+        }
+        else { //changed to not expire
+             authorize.extend_token({token:req.session.auth_token,db: countlyDb,extendBy:0},function(err,res) {
+                if(err)
+                    console.log(err);
+            }); 
+        }
+    }
 };
 var checkRequestForSession = function(req, res, next){
     if(parseInt(plugins.getConfig("frontend", req.session && req.session.settings).session_timeout)){
@@ -905,7 +925,7 @@ app.post(countlyConfig.path+'/setup', function (req, res, next) {
                                 req.session.gadm = !0;
                                 req.session.email = member[0].email;
                                 req.session.install = true;
-                                authorize.save({db:countlyDb,multi:true,owner:req.session.uid,purpose:"LoggedInAuth",callback:function(err,token){
+                                authorize.save({db:countlyDb,multi:true,owner:req.session.uid,purpose:"LoggedInAuth", ttl: getSessionTimeoutInMs(req),callback:function(err,token){
                                     if(err){console.log(err);}
                                     if(token)
                                     {
@@ -925,7 +945,7 @@ app.post(countlyConfig.path+'/setup', function (req, res, next) {
                             req.session.email = member[0].email;
                             req.session.install = true;
 
-                            authorize.save({db:countlyDb,multi:true,owner:req.session.uid,purpose:"LoggedInAuth",callback:function(err,token){
+                            authorize.save({db:countlyDb,multi:true,owner:req.session.uid,purpose:"LoggedInAuth", ttl: getSessionTimeoutInMs(req), callback:function(err,token){
                                 if(err){console.log(err);}
                                 if(token)
                                 {
@@ -1047,7 +1067,7 @@ app.post(countlyConfig.path+'/login', function (req, res, next) {
                             });
                         }
                         //create token
-                        authorize.save({db:countlyDb,multi:true,owner:req.session.uid,purpose:"LoggedInAuth",callback:function(err,token){
+                        authorize.save({db:countlyDb,multi:true,owner:req.session.uid, ttl: getSessionTimeoutInMs(req), purpose:"LoggedInAuth",callback:function(err,token){
 
                             if(err){console.log(err);}
                             if(token)

frontend/express/public/javascripts/countly/countly.views.js

@@ -4533,6 +4533,10 @@ window.TokenManagerView = countlyView.extend({
         if(dataChanged) {
             $.when(countlyTokenManager.initialize()).then(function () {
                 var tableData = countlyTokenManager.getData();
+                for(var i=0; i<tableData.length; i++){
+                    if(tableData[i]._id == countlyGlobal['auth_token'])
+                        tableData.splice(i,1);
+                }
                 CountlyHelpers.refreshTable(self.dtable, tableData);
                 self.add_scripts_to_table();
             });

plugins/plugins/api/api.js

@@ -149,6 +149,16 @@ var plugin = {},
                 }
             }
             if(Object.keys(data).length > 0){
+                if(data["frontend"] &&  typeof data['frontend']['session_timeout']!== "undefined") {
+                    var updateArr ={"ttl":0,"ends":0};
+                    if( data['frontend']['session_timeout']){
+                        updateArr["ends"] = data['frontend']['session_timeout']*60+Math.round(Date.now()/1000);
+                        updateArr["ttl"] = data['frontend']['session_timeout']*60;
+                    }
+                    common.db.collection("auth_tokens").update({"owner":ob.params.member._id+"","purpose":"LoggedInAuth"},{$set:updateArr},function(err, res1){ 
+                        if(err){console.log(err);}
+                    });
+                }
                 plugins.dispatch("/systemlogs", {params:params, action:"change_configs", data:{before:plugins.getAllConfigs(), update:data}});
                 plugins.updateAllConfigs(common.db, data, function(){
                     plugins.loadConfigs(common.db, function(){
@@ -192,6 +202,20 @@ var plugin = {},
                 }
             }
             if(Object.keys(data).length > 0){
+               if(data["frontend"] &&  typeof data['frontend']['session_timeout']!== "undefined") {
+                    var updateArr ={"ttl":0,"ends":0};
+                    if( data['frontend']['session_timeout']){
+                        updateArr["ends"] = data['frontend']['session_timeout']*60+Math.round(Date.now()/1000);
+                        updateArr["ttl"] = data['frontend']['session_timeout']*60;
+                    }
+                    
+                    if(params.member.settings && params.member.settings["frontend"] && typeof data['frontend']['session_timeout']!== "undefined") {}
+                    else {//if not set member value
+                        common.db.collection("auth_tokens").update({"owner":ob.params.member._id+"","purpose":"LoggedInAuth"},{$set:updateArr},function(err, res1){ 
+                            if(err){console.log(err);}
+                        });
+                    }
+                }
                 plugins.updateUserConfigs(common.db, data, params.member._id, function(){
                     common.returnOutput(params, plugins.getUserConfigs(params.member.settings));
                 });