🐛 fix checkToken

2021-06-23 18:06:00 +02:00 · 2021-06-23 18:06:00 +02:00 · e3dda743af
commit e3dda743af
parent 9c86deaa7d
2 changed files with 2 additions and 2 deletions
--- a/src/util/Database.ts
+++ b/src/util/Database.ts
@ -2,7 +2,6 @@ import "./MongoBigInt";
 import mongoose, { Collection, Connection, LeanDocument } from "mongoose";
 import { ChangeStream, ChangeEvent, Long } from "mongodb";
 import EventEmitter from "events";
-import { Document } from "mongoose";
 const uri = process.env.MONGO_URL || "mongodb://localhost:27017/fosscord?readPreference=secondaryPreferred";

 // TODO: auto throw error if findOne doesn't find anything
--- a/src/util/checkToken.ts
+++ b/src/util/checkToken.ts
@ -9,7 +9,8 @@ export function checkToken(token: string, jwtSecret: string): Promise<any> {

 			const user = await UserModel.findOne({ id: decoded.id }, { "user_data.valid_tokens_since": true }).exec();
 			if (!user) return rej("Invalid Token");
-			if (decoded.iat * 1000 < user.user_data.valid_tokens_since.getTime()) return rej("Invalid Token");
+			// we need to round it to seconds as it saved as seconds in jwt iat and valid_tokens_since is stored in milliseconds
+			if (decoded.iat * 1000 < user.user_data.valid_tokens_since.setSeconds(0, 0)) return rej("Invalid Token");
 			if (user.disabled) return rej("User disabled");
 			if (user.deleted) return rej("User not found");