search

nicolaslopezj / meteor-apollo-accounts

Meteor accounts in GraphQL
MIT License
146 stars 37 forks source link

Checking if login token is valid #96

Open sgup opened 4 years ago

sgup commented 4 years ago

Hi, I have a react native app where I'd like to just use the login token if a valid one is available. Is this the correct way?

const token = (await getLoginToken()) || null;

if(token) {
   const tokenExpires = await AsyncStorage.getItem('Meteor.loginTokenExpires');
   const tokenIsValid = new Date() < new Date(tokenExpires)

  if(tokenIsValid) // take user to homepage
  else // take user to login or use stored email/pass to loginWithPassword
}
brightchip commented 3 years ago

Did you find out ? How do we check the token on server? Can it use seperated Redis for Token checking

brightchip commented 3 years ago

I think i got this:

schema:

` import { gql } from 'apollo-server-express';

export default gql

type Query { users: [User!] user(_id: ID!): User

}

extend type Mutation { updateUser(username: String!): User!

resumeLogin(token:String!,services:VaildSerivesEnumType!): User

}

type Email { address: String verified: Boolean }

type Token { token: String! }

type lastlogin{ date:Date ipAddr:String }

type UserStatus{ lastlogin:lastlogin userAgent:String online:Boolean page:String idle:Boolean }

enum VaildSerivesEnumType{ password google }

type User { id: ID username: String displayName: String password:String roles: [String!] heartbeat:Date hideMe:Boolean status:UserStatus

registered_emails: [Email]
createdAt:Date

emails: [Email]

picture:String
coverImg:String
description:String
brief:String

}

`

resolver: ` import { Resolvers } from 'meteor/nicolaslopezj:apollo-accounts/src/Mutation/hashPassword.js' import { combineResolvers } from 'graphql-resolvers'; import { isAuthenticated } from './authorization';

import { Accounts } from 'meteor/accounts-base';

export default { Query: { users: async(parent, args, { models }) => { return await Meteor.users.find(); }, user: async(parent, { _id }, { models }) => { return await Meteor.users.findById(_id); }, },

Mutation: {
    resumeLogin: async(parent, { token, services }, { models }) => {
        const hashedToken = Accounts._hashLoginToken(token);
        let selector = {};

        if ('password' == services) {
            selector['services.resume.loginTokens.hashedToken'] = hashedToken
        } else if ('google' == services) {
            selector['services.google.accessToken'] = hashedToken
        } else {
            return
        }
        // console.log('selector', selector)
        return await Meteor.users.find(selector).fetch()[0];
    },
    ...Resolvers,
    updateUser: combineResolvers(
        isAuthenticated,
        async(parent, { username }, { models, me }) => {
            return await models.User.findByIdAndUpdate(
                me.id, { username }, { new: true },
            );
        },
    ),

},

}; And then you can resume login on each request that need auth: mutation{ resumeLogin(token:"TOKEN",services:password){ id
} }`

enum:

` import { GraphQLEnumType, } from 'graphql';

const VaildSerivesEnumType = new GraphQLEnumType({ name: 'VAILD_SERIVCES', values: { password: { value: 'password', }, google: { value: 'google', }, }, }); `