Create seperate database table for AccessTokens to hide jwt token and tokenId from user

2026-04-18 00:03:28 +02:00 · 2015-11-26 02:36:09 +09:00
parent 62413b3780
commit 9cb231391a
11 changed files with 97 additions and 71 deletions
--- a/lib/db/api.js
+++ b/lib/db/api.js
@@ -309,20 +309,23 @@ dbapi.loadDevice = function(serial) {
 }

 dbapi.saveUserAccessToken = function(email, token) {
-  return db.run(r.table('users').get(email).update({
-    accessTokens: r.row('accessTokens').default([]).append({
-      title: token.title
-    , tokenId: token.tokenId
-    , jwt: token.jwt
-    })
+  return db.run(r.table('accessTokens').insert({
+    email: email
+  , id: token.id
+  , title: token.title
+  , jwt: token.jwt
  }))
 }

 dbapi.removeUserAccessToken = function(email, title) {
-  return db.run(r.table('users').get(email).update({
-    accessTokens: r.row('accessTokens').default([]).filter(function(token) {
-      return token('title').ne(title)
-    })
+  return db.run(r.table('accessTokens').getAll(email, {
+    index: 'email'
+  }).filter({"title": title}).delete())
+}
+
+dbapi.loadAccessTokens = function(email) {
+  return db.run(r.table('accessTokens').getAll(email, {
+    index: 'email'
  }))
 }