search

msupply-foundation / conforma-server

Conforma application manager (IRIMS) back-end
GNU Affero General Public License v3.0
4 stars 1 forks source link

#1200F Token expiry check on server #1076

Closed CarlosNZ closed 11 months ago

CarlosNZ commented 1 year ago

Back-end required for front-end issue: https://github.com/msupply-foundation/conforma-web-app/issues/1607

(Front-end issue coming shortly)

Just does a basic check on requests to REST server to only allow requests with a current JWT. Expired tokens will return a 401 unauthorised error.

Note, this does NOT yet work for Postgraphile requests. To do that we need to add some middleware to serve Postgraphile through the main Fastify server (something we want to do when we have time -- @guatemartin is this something you know much about?)

To test, just set the logoutAfterInactivity preference in server preferences to something small, then try and make REST requests after expiry.

guatemartin commented 1 year ago

Note, this does NOT yet work for Postgraphile requests. To do that we need to add some middleware to serve Postgraphile through the main Fastify server (something we want to do when we have time -- @guatemartin is this something you know much about?) @CarlosNZ - Not in the context of a Fasify server or Postgraphile for that matter. I can look at it though if needed.