Fix: Do logout on GitHub token expiration (#64)

muhsin-k · Karthik · web-flow · commit 6eda6894a36f · 2020-04-19T18:46:59.000+05:30
* Add helper for checking github token expired or not

* Add middleware for checking token expiration

* logout from api level

* code formatting

* Fix some issue with github api

* Change error message

* Release version 0.0.25

Co-authored-by: Karthik &lt;karthik@collect.chat&gt;
diff --git a/manifest.json b/manifest.json
@@ -1,7 +1,7 @@
 {
   "name": "GitX- Private notes for GitHub",
   "short_name": "GitX",
-  "version": "0.0.24",
+  "version": "0.0.25",
   "manifest_version": 2,
   "description": "Chrome extension for adding private notes in Github",
   "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "GitX",
-  "version": "0.0.24", 
+  "version": "0.0.25",
   "license": "MIT",
   "description": "Chrome extension for adding private comments in Github",
   "main": "webpack.config.js",
diff --git a/server/apis/v1/modules/Note/note.service.js b/server/apis/v1/modules/Note/note.service.js
@@ -1,9 +1,12 @@
-import mongoose from 'mongoose';
-import showdown from 'showdown';
+import mongoose from "mongoose";
+import showdown from "showdown";
 
-import Note from './note.model';
+import Note from "./note.model";
 
-import { getRepoOwnerType, checkUserIsACollaborator } from '../../../../utils/githubapi';
+import {
+  getRepoOwnerType,
+  checkUserIsACollaborator,
+} from "../../../../utils/githubapi";
 
 const converter = new showdown.Converter();
 
@@ -29,10 +32,12 @@ async function createNote(user, noteDetails) {
     userName,
     accessToken,
   });
+
   if (!userHasAccessToRepo) {
     return {
       status: 400,
-      message: 'You cannot add private notes to this repository since you are not a collaborator',
+      message:
+        "You cannot add private notes to this repository since you are not a actual collaborator",
     };
   }
 
@@ -54,19 +59,19 @@ async function createNote(user, noteDetails) {
   if (!userId) {
     return {
       status: 400,
-      message: 'User id is required',
+      message: "User id is required",
     };
   }
   if (!issueId) {
     return {
       status: 400,
-      message: 'Issue id or Pull id is required',
+      message: "Issue id or Pull id is required",
     };
   }
   if (!projectName) {
     return {
       status: 400,
-      message: 'Project name is required',
+      message: "Project name is required",
     };
   }
 
@@ -87,13 +92,13 @@ async function createNote(user, noteDetails) {
     return {
       status: 200,
       data: newlyCreatedNote,
-      message: 'Note created successfully',
+      message: "Note created successfully",
     };
   } catch (err) {
     return {
       status: 401,
       data: { error: err },
-      message: 'Note not created',
+      message: "Note not created",
     };
   }
 }
@@ -120,10 +125,10 @@ async function getNotes(user, noteDetails) {
           { noteType },
           { $or: [{ userId }, { noteVisibility: true }] },
         ],
-      }).populate('userId', 'userName avatarUrl githubId');
+      }).populate("userId", "userName avatarUrl githubId");
       const userDetails = { userName, avatarUrl, githubId };
 
-      notes = notes.map(note => ({
+      notes = notes.map((note) => ({
         _id: note._id,
         noteContent: converter.makeHtml(note.noteContent),
         author: note.userId,
@@ -137,13 +142,13 @@ async function getNotes(user, noteDetails) {
 
     return {
       status: 200,
-      message: 'Fetched notes',
+      message: "Fetched notes",
       data: notes,
     };
   } catch (err) {
     return {
       status: 200,
-      message: 'Failed to fetch notes',
+      message: "Failed to fetch notes",
       data: { error: err },
     };
   }
@@ -154,7 +159,7 @@ async function deleteNote(userId, noteDetails) {
   if (!noteId) {
     return {
       status: 400,
-      message: 'Note id is required',
+      message: "Note id is required",
     };
   }
 
@@ -167,18 +172,18 @@ async function deleteNote(userId, noteDetails) {
         { projectName },
         { noteType },
       ],
-    }).populate('userId', 'userName avatarUrl githubId');
+    }).populate("userId", "userName avatarUrl githubId");
     if (note) note.remove();
     return {
       status: 200,
       data: note,
-      message: 'Note removed successfully',
+      message: "Note removed successfully",
     };
   } catch (err) {
     return {
       status: 401,
       data: { error: err },
-      message: 'Invalid note id',
+      message: "Invalid note id",
     };
   }
 }
@@ -188,22 +193,25 @@ async function editNote(userId, noteDetails) {
   if (!noteId) {
     return {
       status: 400,
-      message: 'Note id is required',
+      message: "Note id is required",
     };
   }
 
   try {
-    await Note.findOneAndUpdate({ _id: mongoose.Types.ObjectId(noteId) }, { noteVisibility });
+    await Note.findOneAndUpdate(
+      { _id: mongoose.Types.ObjectId(noteId) },
+      { noteVisibility }
+    );
 
     return {
       status: 200,
-      message: 'Note updated successfully',
+      message: "Note updated successfully",
     };
   } catch (err) {
     return {
       status: 401,
       data: { error: err },
-      message: 'Invalid note id',
+      message: "Invalid note id",
     };
   }
 }
diff --git a/server/middlewares/validateRequest.js b/server/middlewares/validateRequest.js
@@ -1,29 +1,44 @@
-import jwt from 'jsonwebtoken';
+import jwt from "jsonwebtoken";
+import { checkTokenExpiredOrNot } from "../utils/githubapi";
+
 // eslint-disable-next-line
-export default (req, res, next) => {
+export default async (req, res, next) => {
   try {
     const { url, headers } = req;
-    if (url.includes('oauth') || url.includes('user/all')) return next();
+    if (url.includes("oauth") || url.includes("user/all")) return next();
 
     const { authorization } = headers;
-    const token = authorization.split(' ')[1];
+    const token = authorization.split(" ")[1];
     if (token) {
       const decoded = jwt.verify(token, process.env.JWT_KEY);
       if (decoded) {
         req.user = decoded;
+      }
+      if (url.includes("note")) {
+        const tokenExpired = await checkTokenExpiredOrNot({
+          accessToken: decoded.accessToken,
+        });
+        if (!tokenExpired) {
+          res.status(401).send({
+            status: 401,
+            message:
+              "Sorry, your GitX token has expired, please do login again.",
+            logout: true,
+          });
+        }
         return next();
       }
       res.status(422).send({
-        message: 'Sorry, invalid token',
+        message: "Sorry, invalid token",
       });
     } else {
       res.status(422).send({
-        message: 'Sorry, token is missing',
+        message: "Sorry, token is missing",
       });
     }
   } catch (err) {
     res.status(422).send({
-      message: 'Sorry, invalid token',
+      message: "Sorry, invalid token",
     });
   }
 };
diff --git a/server/utils/githubapi.js b/server/utils/githubapi.js
@@ -11,13 +11,12 @@ const getRepoOwnerType = async ({ repoOwner }) => {
       return REPO_OWNER_TYPES.ORGANIZATION;
     }
   } catch (e) {
-    console.log('getRepoOwnerType error', e);
     const { response } = e;
 
     if (response) {
       return REPO_OWNER_TYPES.USER;
     }
-
+    console.log("Get repo owner type error", e);
     throw Error("Internal error");
   }
 };
@@ -26,7 +25,7 @@ const checkUserIsACollaborator = async ({
   repoOwner,
   projectName,
   userName,
-  accessToken
+  accessToken,
 }) => {
   if (!repoOwner && !projectName && !userName) {
     throw Error("Repo name, project name and user name are required");
@@ -36,15 +35,26 @@ const checkUserIsACollaborator = async ({
 
   try {
     await axios.get(apiUrl, {
-      headers: { Authorization: `token ${accessToken}` }
+      headers: { Authorization: `token ${accessToken}` },
     });
 
+    return true;
+  } catch (error) {
+    return false;
+  }
+};
+
+const checkTokenExpiredOrNot = async ({ accessToken }) => {
+  const apiUrl = `${process.env.GITHUB_API_URL}user`;
+
+  try {
+    await axios.get(apiUrl, {
+      headers: { Authorization: `token ${accessToken}` },
+    });
     return true;
   } catch (e) {
-    console.log('checkUserIsACollaborator error', e);
-    
     return false;
   }
 };
 
-export { getRepoOwnerType, checkUserIsACollaborator };
+export { getRepoOwnerType, checkUserIsACollaborator, checkTokenExpiredOrNot };
diff --git a/src/ajax.js b/src/ajax.js
@@ -48,19 +48,24 @@ function minAjax(config) {
   const xmlhttp = initXMLhttp();
 
   xmlhttp.onreadystatechange = () => {
-    if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
+    if (xmlhttp.readyState === 4 && xmlhttp.status == 200) {
       if (config.success) {
         config.success(xmlhttp.responseText, xmlhttp.readyState);
       }
 
-      if (config.debugLog == true) console.log('SuccessResponse');
-      if (config.debugLog == true) console.log(`Response Data:${xmlhttp.responseText}`);
-    } else if (config.debugLog == true) {
+      if (config.debugLog === true) console.log('SuccessResponse');
+      if (config.debugLog === true) console.log(`Response Data:${xmlhttp.responseText}`);
+    } else if (config.debugLog === true) {
       console.log(`FailureResponse --> State:${xmlhttp.readyState}Status:${xmlhttp.status}`);
     } else if (xmlhttp.readyState === 3 && xmlhttp.status === 400) {
       if (config.errorCallback) {
         config.errorCallback(JSON.parse(xmlhttp.responseText));
       }
+    } else if (xmlhttp.readyState === 3 && xmlhttp.status === 401) {
+      const error = JSON.parse(xmlhttp.responseText);
+      window.alert(error.message);
+      window.location.reload();
+      chrome.runtime.sendMessage({ logout: true });
     }
   };
 
@@ -93,7 +98,7 @@ function minAjax(config) {
   if (config.type === 'GET') {
     xmlhttp.open('GET', `${config.url}?${sendString}`, config.method);
     if (config.headers && config.headers.length) {
-      config.headers.map(header => {
+      config.headers.map((header) => {
         xmlhttp.setRequestHeader(header.type, header.value);
       });
     }
@@ -105,7 +110,7 @@ function minAjax(config) {
     xmlhttp.open('POST', config.url, config.method);
     xmlhttp.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
     if (config.headers && config.headers.length) {
-      config.headers.map(header => {
+      config.headers.map((header) => {
         xmlhttp.setRequestHeader(header.type, header.value);
       });
     }
diff --git a/src/api.js b/src/api.js
@@ -3,8 +3,8 @@ import { URL, VERSION } from './constants';
 
 export const getAllNotes = ({ issueId, projectName, noteType, repoOwner }) => {
   try {
-    return new Promise(resolve => {
-      window.chrome.storage.sync.get(['githubPrivateCommentToken'], result => {
+    return new Promise((resolve, reject) => {
+      window.chrome.storage.sync.get(['githubPrivateCommentToken'], (result) => {
         const authToken = result.githubPrivateCommentToken;
         minAjax({
           url: `${URL}${VERSION}/note/all`, // request URL
@@ -21,6 +21,10 @@ export const getAllNotes = ({ issueId, projectName, noteType, repoOwner }) => {
             noteType,
             repoOwner,
           },
+          errorCallback(e) {
+            console.log(e);
+            reject(e);
+          },
           success(results) {
             // Retrieve all the notes based on issue id
             const formattedResults = JSON.parse(results);
@@ -46,7 +50,7 @@ export const createNote = ({
 }) => {
   try {
     return new Promise((resolve, reject) => {
-      window.chrome.storage.sync.get(['githubPrivateCommentToken'], result => {
+      window.chrome.storage.sync.get(['githubPrivateCommentToken'], (result) => {
         const authToken = result.githubPrivateCommentToken;
         minAjax({
           url: `${URL}${VERSION}/note`, // request URL
@@ -79,15 +83,16 @@ export const createNote = ({
       });
     });
   } catch (error) {
+    console.log(error);
     throw error;
   }
 };
 
 // eslint-disable-next-line
 export const removeNote = ({ noteId, issueId, projectName, noteType, repoOwner }) => {
   try {
-    return new Promise(resolve => {
-      window.chrome.storage.sync.get(['githubPrivateCommentToken'], result => {
+    return new Promise((resolve) => {
+      window.chrome.storage.sync.get(['githubPrivateCommentToken'], (result) => {
         const authToken = result.githubPrivateCommentToken;
         minAjax({
           url: `${URL}${VERSION}/note/delete`, // request URL
@@ -121,8 +126,8 @@ export const removeNote = ({ noteId, issueId, projectName, noteType, repoOwner }
 // eslint-disable-next-line
 export const toggleVisibilityApi = ({ noteId, noteVisibility }) => {
   try {
-    return new Promise(resolve => {
-      window.chrome.storage.sync.get(['githubPrivateCommentToken'], result => {
+    return new Promise((resolve) => {
+      window.chrome.storage.sync.get(['githubPrivateCommentToken'], (result) => {
         const authToken = result.githubPrivateCommentToken;
         minAjax({
           url: `${URL}${VERSION}/note/edit`, // request URL
diff --git a/src/background.js b/src/background.js
diff --git a/src/index.js b/src/index.js

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "GitX- Private notes for GitHub",`
`3`	`3`	`"short_name": "GitX",`
`4`		`- "version": "0.0.24",`
	`4`	`+ "version": "0.0.25",`
`5`	`5`	`"manifest_version": 2,`
`6`	`6`	`"description": "Chrome extension for adding private notes in Github",`
`7`	`7`	`"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "GitX",`
`3`		`- "version": "0.0.24",`
	`3`	`+ "version": "0.0.25",`
`4`	`4`	`"license": "MIT",`
`5`	`5`	`"description": "Chrome extension for adding private comments in Github",`
`6`	`6`	`"main": "webpack.config.js",`