Merge branch '1.23.X'

# Conflicts: # package-lock.json # server/database.js # server/server.js # server/util-server.js
2025-07-21 22:19:07 -04:00 · 2023-10-09 21:28:01 +08:00 · 2023-10-09 21:28:01 +08:00 · 852b3fa61b
commit 852b3fa61b
parent 91b4ffc6dd c3e3f27457
12 changed files with 100 additions and 33 deletions
--- a/server/server.js
+++ b/server/server.js
@ -78,9 +78,10 @@ const app = server.app;
 log.info("server", "Importing this project modules");
 log.debug("server", "Importing Monitor");
 const Monitor = require("./model/monitor");
+const User = require("./model/user");
+
 log.debug("server", "Importing Settings");
-const { getSettings, setSettings, setting, initJWTSecret, checkLogin, FBSD, doubleCheckPassword, startE2eTests,
-    allowDevAllOrigin
+const { getSettings, setSettings, setting, initJWTSecret, checkLogin, startUnitTest, FBSD, doubleCheckPassword, startE2eTests, shake256, SHAKE256_LENGTH, allowDevAllOrigin,
 } = require("./util-server");

 log.debug("server", "Importing Notification");
@ -326,6 +327,11 @@ let needSetup = false;
                    decoded.username,
                ]);

+                // Check if the password changed
+                if (decoded.h !== shake256(user.password, SHAKE256_LENGTH)) {
+                    throw new Error("The token is invalid due to password change or old token");
+                }
+
                if (user) {
                    log.debug("auth", "afterLogin");
                    afterLogin(socket, user);
@ -347,9 +353,10 @@ let needSetup = false;
                    });
                }
            } catch (error) {
-
                log.error("auth", `Invalid token. IP=${clientIP}`);
-
+                if (error.message) {
+                    log.error("auth", error.message, `IP=${clientIP}`);
+                }
                callback({
                    ok: false,
                    msg: "authInvalidToken",
@ -389,9 +396,7 @@ let needSetup = false;

                    callback({
                        ok: true,
-                        token: jwt.sign({
-                            username: data.username,
-                        }, server.jwtSecret),
+                        token: User.createJWT(user, server.jwtSecret),
                    });
                }

@ -419,9 +424,7 @@ let needSetup = false;

                        callback({
                            ok: true,
-                            token: jwt.sign({
-                                username: data.username,
-                            }, server.jwtSecret),
+                            token: User.createJWT(user, server.jwtSecret),
                        });
                    } else {