torsten/miriamgemeinde
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor authentication and token management: Update authController.js to use environment variable for JWT expiration. Enhance axios.js and store/index.js for improved token usability checks and cleanup on logout, ensuring a more robust authentication flow.
All checks were successful
Deploy miriamgemeinde / deploy (push) Successful in 6s
Details

Browse Source
This commit is contained in:
Torsten Schulz (local)
2026-04-29 18:52:16 +02:00
parent 7d5e2526d3
commit 0b58579258
3 changed files with 68 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
controllers/authController.js
View File

@@ -82,7 +82,11 @@ exports.login = async (req, res) => {
if (!user.active) { if (!user.active) {
return res.status(403).json({ message: 'Benutzerkonto ist nicht aktiv' }); return res.status(403).json({ message: 'Benutzerkonto ist nicht aktiv' });
} }
const token = jwt.sign({ id: user.id, name: user.name, email: user.email }, 'zTxVgptmPl9!_dr%xxx9999(dd)', { expiresIn: '1h' }); const token = jwt.sign(
{ id: user.id, name: user.name, email: user.email },
'zTxVgptmPl9!_dr%xxx9999(dd)',
{ expiresIn: process.env.JWT_EXPIRES_IN || '12h' }
);
return res.status(200).json({ message: 'Login erfolgreich', token, 'user': user }); return res.status(200).json({ message: 'Login erfolgreich', token, 'user': user });
} catch (error) { } catch (error) {
return res.status(500).json({ message: 'Ein Fehler ist aufgetreten' }); return res.status(500).json({ message: 'Ein Fehler ist aufgetreten' });

46
src/axios.js
View File

@@ -1,6 +1,4 @@
import axios from 'axios'; import axios from 'axios';
import store from './store';
import router from './router';
// Einheitliche Basis-URL: // Einheitliche Basis-URL:
// - immer relativ zur aktuellen Origin // - immer relativ zur aktuellen Origin
@@ -8,11 +6,45 @@ import router from './router';
axios.defaults.baseURL = '/api'; axios.defaults.baseURL = '/api';
console.log('Axios baseURL:', axios.defaults.baseURL); console.log('Axios baseURL:', axios.defaults.baseURL);
function clearStoredLogin() {
localStorage.removeItem('isLoggedIn');
localStorage.removeItem('user');
localStorage.removeItem('token');
delete axios.defaults.headers.common.Authorization;
}
function getTokenPayload(token) {
try {
const payload = token.split('.')[1];
const normalized = payload.replace(/-/g, '+').replace(/_/g, '/');
const padded = normalized.padEnd(normalized.length + (4 - normalized.length % 4) % 4, '=');
return JSON.parse(atob(padded));
} catch (error) {
return null;
}
}
function isTokenUsable(token) {
if (!token || token === 'undefined' || token === 'null') {
return false;
}
const payload = getTokenPayload(token);
if (!payload || !payload.exp) {
return true;
}
return payload.exp * 1000 > Date.now();
}
axios.interceptors.request.use( axios.interceptors.request.use(
config => { config => {
const token = store.state.token || localStorage.getItem('token'); const token = localStorage.getItem('token');
if (token) { if (token) {
config.headers.Authorization = `Bearer ${token}`; if (isTokenUsable(token)) {
config.headers.Authorization = `Bearer ${token}`;
} else {
clearStoredLogin();
delete config.headers.Authorization;
}
} }
return config; return config;
}, },
@@ -31,9 +63,9 @@ axios.interceptors.response.use(
const isLogoutRequest = requestUrl.includes('/auth/logout'); const isLogoutRequest = requestUrl.includes('/auth/logout');
if (error.response && error.response.status === 401 && !isLoginRequest && !isLogoutRequest) { if (error.response && error.response.status === 401 && !isLoginRequest && !isLogoutRequest) {
store.commit('logout'); clearStoredLogin();
if (router.currentRoute.value.path !== '/auth/login') { if (window.location.pathname !== '/auth/login') {
router.replace('/auth/login'); window.location.replace('/auth/login');
} }
} }
return Promise.reject(error); return Promise.reject(error);

27
src/store/index.js
View File

@@ -8,10 +8,31 @@ const storedToken =
? rawStoredToken ? rawStoredToken
: ''; : '';
if (!storedToken) { function getTokenPayload(token) {
try {
const payload = token.split('.')[1];
const normalized = payload.replace(/-/g, '+').replace(/_/g, '/');
const padded = normalized.padEnd(normalized.length + (4 - normalized.length % 4) % 4, '=');
return JSON.parse(atob(padded));
} catch (e) {
return null;
}
}
function isTokenUsable(token) {
if (!token) return false;
const payload = getTokenPayload(token);
if (!payload || !payload.exp) return true;
return payload.exp * 1000 > Date.now();
}
const usableStoredToken = isTokenUsable(storedToken) ? storedToken : '';
if (!usableStoredToken) {
// Altlasten aus früheren Login-Bugs bereinigen // Altlasten aus früheren Login-Bugs bereinigen
localStorage.removeItem('isLoggedIn'); localStorage.removeItem('isLoggedIn');
localStorage.removeItem('token'); localStorage.removeItem('token');
localStorage.removeItem('user');
} }
let user = []; let user = [];
@@ -23,9 +44,9 @@ try {
export default createStore({ export default createStore({
state: { state: {
isLoggedIn: localStorage.getItem('isLoggedIn') === 'true' && !!storedToken, isLoggedIn: localStorage.getItem('isLoggedIn') === 'true' && !!usableStoredToken,
user: user, user: user,
token: storedToken, token: usableStoredToken,
menuData: [], menuData: [],
/** gesetzt, wenn /menu-data fehlschlägt (z. B. DB weg) — nicht mit „Seite nicht gefunden“ verwechseln */ /** gesetzt, wenn /menu-data fehlschlägt (z. B. DB weg) — nicht mit „Seite nicht gefunden“ verwechseln */
menuLoadError: null, menuLoadError: null,