[CHAT-1650] Add user, application level token revoke helpers and iat …

…claim in tokens (#674)
GetStream · May 21, 2021 · 3b504e6 · 3b504e6
1 parent 8c38f79
commit 3b504e6
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 2 deletions.
diff --git a/src/client.ts b/src/client.ts
@@ -638,6 +638,59 @@ export class StreamChat<
     return await this.patch<APIResponse>(this.baseURL + '/app', options);
   }
 
+  _normalizeDate = (before: Date | string | null | undefined): string | null => {
+    if (before === undefined) {
+      before = new Date().toISOString();
+    }
+
+    if (before instanceof Date) {
+      before = before.toISOString();
+    }
+
+    if (before === '') {
+      throw new Error(
+        "Don't pass blank string for since, use null instead if resetting the token revoke",
+      );
+    }
+
+    return before;
+  };
+
+  /**
+   * Revokes all tokens on application level issued before given time
+   */
+  async revokeTokens(before?: Date | string | null) {
+    return await this.updateAppSettings({
+      revoke_tokens_issued_before: this._normalizeDate(before),
+    });
+  }
+
+  /**
+   * Revokes token for a user issued before given time
+   */
+  async revokeUserToken(userID: string, before?: Date | string | null) {
+    return await this.revokeUsersToken([userID], before);
+  }
+
+  /**
+   * Revokes tokens for a list of users issued before given time
+   */
+  async revokeUsersToken(userIDs: string[], before?: Date | string | null) {
+    before = this._normalizeDate(before);
+
+    const users: PartialUserUpdate<UserType>[] = [];
+    for (const userID of userIDs) {
+      users.push({
+        id: userID,
+        set: <Partial<UserResponse<UserType>>>{
+          revoke_tokens_issued_before: before,
+        },
+      });
+    }
+
+    return await this.partialUpdateUsers(users);
+  }
+
   /**
    * getAppSettings - retrieves application settings
    */
@@ -797,16 +850,20 @@ export class StreamChat<
    *
    * @return {string} Returns a token
    */
-  createToken(userID: string, exp?: number) {
+  createToken(userID: string, exp?: number, iat?: number) {
     if (this.secret == null) {
       throw Error(`tokens can only be created server-side using the API Secret`);
     }
-    const extra: { exp?: number } = {};
+    const extra: { exp?: number; iat?: number } = {};
 
     if (exp) {
       extra.exp = exp;
     }
 
+    if (iat) {
+      extra.iat = iat;
+    }
+
     return JWTUserToken(this.secret, userID, extra, {});
   }
 

diff --git a/src/signing.ts b/src/signing.ts
@@ -40,6 +40,10 @@ export function JWTUserToken(
     { algorithm: 'HS256', noTimestamp: true },
     jwtOptions,
   );
+
+  if (payload.iat) {
+    opts.noTimestamp = false;
+  }
   return jwt.sign(payload, apiSecret, opts);
 }
 

diff --git a/src/types.ts b/src/types.ts
@@ -97,6 +97,7 @@ export type AppSettingsAPIResponse<
       apn?: APNConfig;
       firebase?: FirebaseConfig;
     };
+    revoke_tokens_issued_before?: string;
     sqs_key?: string;
     sqs_secret?: string;
     sqs_url?: string;
@@ -721,6 +722,7 @@ export type UserResponse<UserType = UnknownType> = User<UserType> & {
   language?: TranslationLanguages | '';
   last_active?: string;
   online?: boolean;
+  revoke_tokens_issued_before?: string;
   shadow_banned?: boolean;
   updated_at?: string;
 };
@@ -1433,6 +1435,7 @@ export type AppSettings = {
   push_config?: {
     version?: string;
   };
+  revoke_tokens_issued_before?: string | null;
   sqs_key?: string;
   sqs_secret?: string;
   sqs_url?: string;