Create seperate database table for AccessTokens to hide jwt token and tokenId from user

2026-04-25 18:25:15 +02:00 · 2015-11-26 02:36:09 +09:00
parent 62413b3780
commit 9cb231391a
11 changed files with 97 additions and 71 deletions
--- a/lib/db/api.js
+++ b/lib/db/api.js
@@ -309,20 +309,23 @@ dbapi.loadDevice = function(serial) {
 }

 dbapi.saveUserAccessToken = function(email, token) {
-  return db.run(r.table('users').get(email).update({
-    accessTokens: r.row('accessTokens').default([]).append({
-      title: token.title
-    , tokenId: token.tokenId
-    , jwt: token.jwt
-    })
+  return db.run(r.table('accessTokens').insert({
+    email: email
+  , id: token.id
+  , title: token.title
+  , jwt: token.jwt
  }))
 }

 dbapi.removeUserAccessToken = function(email, title) {
-  return db.run(r.table('users').get(email).update({
-    accessTokens: r.row('accessTokens').default([]).filter(function(token) {
-      return token('title').ne(title)
-    })
+  return db.run(r.table('accessTokens').getAll(email, {
+    index: 'email'
+  }).filter({"title": title}).delete())
+}
+
+dbapi.loadAccessTokens = function(email) {
+  return db.run(r.table('accessTokens').getAll(email, {
+    index: 'email'
  }))
 }

--- a/lib/db/tables.js
+++ b/lib/db/tables.js
@@ -8,17 +8,18 @@ module.exports = {
        indexFunction: function(user) {
          return user('adbKeys')('fingerprint')
        }
-    , accessTokens: {
-        indexFunction: function(user) {
-          return user('accessTokens')('tokenId')
-        }
-      }
      , options: {
          multi: true
        }
      }
    }
  }
+, accessTokens: {
+    primaryKey: 'id'
+  , indexes: {
+      email: null
+    }
+  }
 , vncauth: {
    primaryKey: 'password'
  , indexes: {