additional token checks: user disabled/deleted or if the token was revoked

2021-05-24 19:32:35 +02:00 · 2021-05-24 19:32:35 +02:00 · 1ba36abdf0
commit 1ba36abdf0
parent 6fcb63bf81
2 changed files with 12 additions and 1 deletions
--- a/src/models/User.ts
+++ b/src/models/User.ts
@ -27,6 +27,8 @@ export interface User {
 	mfa_enabled: boolean; // if multi factor authentication is enabled
 	created_at: Date; // registration date
 	verified: boolean; // if the user is offically verified
+	disabled: boolean; // if the account is disabled
+	deleted: boolean; // if the user was deleted
 	email: string | null; // email of the user
 	flags: bigint; // UserFlags
 	public_flags: bigint;
@ -141,6 +143,8 @@ export const UserSchema = new Schema({
 	mfa_enabled: Boolean,
 	created_at: Date,
 	verified: Boolean,
+	disabled: Boolean,
+	deleted: Boolean,
 	email: String,
 	flags: { type: String, get: toBigInt }, // TODO: automatically convert Types.Long to BitField of UserFlags
 	public_flags: { type: String, get: toBigInt },
--- a/src/util/checkToken.ts
+++ b/src/util/checkToken.ts
@ -1,11 +1,18 @@
 import { JWTOptions } from "./Constants";
 import jwt from "jsonwebtoken";
+import { UserModel } from "../models";

 export function checkToken(token: string, jwtSecret: string): Promise<any> {
 	return new Promise((res, rej) => {
-		jwt.verify(token, jwtSecret, JWTOptions, (err, decoded: any) => {
+		jwt.verify(token, jwtSecret, JWTOptions, async (err, decoded: any) => {
 			if (err || !decoded) return rej("Invalid Token");

+			const user = await UserModel.findOne({ id: decoded.id }, { "user_data.valid_tokens_since": true }).exec();
+			if (!user) return rej("User not found");
+			if (decoded.iat * 1000 < user.user_data.valid_tokens_since.getTime()) return rej("Invalid Token");
+			if (user.disabled) return rej("User disabled");
+			if (user.deleted) return rej("User not found");
+
 			return res(decoded);
 		});
 	});