feat: add cooldown to refresh token security (#1736)

2023-09-27 15:03:50 +02:00
parent 96865b0fec
commit a4cde44b13
5 changed files with 30 additions and 13 deletions
--- a/server/src/database/migrations/20230926150534_alter_table_refresh_token_add_revoked_at/migration.sql
+++ b/server/src/database/migrations/20230926150534_alter_table_refresh_token_add_revoked_at/migration.sql
@ -0,0 +1,8 @@
+-- Step 1: Add the new column
+ALTER TABLE "refresh_tokens" ADD COLUMN "revokedAt" TIMESTAMP(3);
+
+-- Step 2: Update the new column based on the isRevoked column value
+UPDATE "refresh_tokens" SET "revokedAt" = NOW() - INTERVAL '1 day' WHERE "isRevoked" = TRUE;
+
+-- Step 3: Drop the isRevoked column
+ALTER TABLE "refresh_tokens" DROP COLUMN "isRevoked";
--- a/server/src/database/schema.prisma
+++ b/server/src/database/schema.prisma
@ -331,10 +331,7 @@ model Person {
 model RefreshToken {
  /// @Validator.IsString()
  /// @Validator.IsOptional()
-  id        String  @id @default(uuid())
-  /// @Validator.IsBoolean()
-  /// @Validator.IsOptional()
-  isRevoked Boolean @default(false)
+  id String @id @default(uuid())

  /// @TypeGraphQL.omit(input: true, output: true)
  user   User   @relation(fields: [userId], references: [id])
@ -344,6 +341,8 @@ model RefreshToken {
  expiresAt DateTime
  /// @TypeGraphQL.omit(input: true, output: true)
  deletedAt DateTime?
+  /// @TypeGraphQL.omit(input: true, output: true)
+  revokedAt DateTime?

  createdAt DateTime @default(now())
  updatedAt DateTime @updatedAt