forked from baron/baron-sso
common auth/session bootstrap과 renew policy 공용화
This commit is contained in:
@@ -1,33 +1,24 @@
|
||||
import { UserManager, WebStorageStateStore } from "oidc-client-ts";
|
||||
import type { AuthProviderProps } from "react-oidc-context";
|
||||
import {
|
||||
buildOrgFrontAuthRedirectUris,
|
||||
resolveOrgFrontPublicOrigin,
|
||||
} from "./authConfig";
|
||||
buildCommonOidcRuntimeConfig,
|
||||
buildCommonUserManagerSettings,
|
||||
} from "../../../common/core/auth";
|
||||
import { resolveOrgFrontPublicOrigin } from "./authConfig";
|
||||
|
||||
const orgFrontPublicOrigin = resolveOrgFrontPublicOrigin(
|
||||
import.meta.env.VITE_ORGFRONT_PUBLIC_URL,
|
||||
window.location.origin,
|
||||
);
|
||||
const orgFrontRedirectUris =
|
||||
buildOrgFrontAuthRedirectUris(orgFrontPublicOrigin);
|
||||
|
||||
export const oidcConfig: AuthProviderProps = {
|
||||
export const oidcConfig: AuthProviderProps = buildCommonOidcRuntimeConfig({
|
||||
authority:
|
||||
import.meta.env.VITE_OIDC_AUTHORITY || "http://localhost:5000/oidc", // Gateway Proxy URL
|
||||
client_id: import.meta.env.VITE_OIDC_CLIENT_ID || "orgfront",
|
||||
redirect_uri: orgFrontRedirectUris.redirectUri,
|
||||
response_type: "code",
|
||||
scope: "openid offline_access profile email", // offline_access for refresh token
|
||||
post_logout_redirect_uri: orgFrontRedirectUris.postLogoutRedirectUri,
|
||||
popup_redirect_uri: orgFrontRedirectUris.popupRedirectUri,
|
||||
import.meta.env.VITE_OIDC_AUTHORITY || "http://localhost:5000/oidc",
|
||||
clientId: import.meta.env.VITE_OIDC_CLIENT_ID || "orgfront",
|
||||
origin: orgFrontPublicOrigin,
|
||||
userStore: new WebStorageStateStore({ store: window.localStorage }),
|
||||
automaticSilentRenew: false,
|
||||
};
|
||||
|
||||
export const userManager = new UserManager({
|
||||
...oidcConfig,
|
||||
authority: oidcConfig.authority || "",
|
||||
client_id: oidcConfig.client_id || "",
|
||||
redirect_uri: oidcConfig.redirect_uri || "",
|
||||
});
|
||||
|
||||
export const userManager = new UserManager(
|
||||
buildCommonUserManagerSettings(oidcConfig),
|
||||
);
|
||||
|
||||
@@ -1,76 +1,27 @@
|
||||
import {
|
||||
DEFAULT_SESSION_RENEW_THROTTLE_MS,
|
||||
shouldAttemptSlidingSessionRenew as shouldAttemptSlidingSessionRenewBase,
|
||||
shouldAttemptUnlimitedSessionRenew as shouldAttemptUnlimitedSessionRenewBase,
|
||||
type SessionRenewDecisionParams,
|
||||
} from "../../../common/core/session";
|
||||
|
||||
export const SESSION_RENEW_THROTTLE_MS = DEFAULT_SESSION_RENEW_THROTTLE_MS;
|
||||
export const SESSION_RENEW_THRESHOLD_MS = 5 * 60 * 1000;
|
||||
export const SESSION_RENEW_THROTTLE_MS = 30 * 1000;
|
||||
|
||||
type SlidingSessionRenewDecisionParams = {
|
||||
expiresAtSec?: number | null;
|
||||
nowMs: number;
|
||||
isEnabled: boolean;
|
||||
isAuthenticated: boolean;
|
||||
isLoading: boolean;
|
||||
isRenewInFlight: boolean;
|
||||
lastAttemptAtMs: number;
|
||||
thresholdMs?: number;
|
||||
throttleMs?: number;
|
||||
};
|
||||
|
||||
export function shouldAttemptSlidingSessionRenew({
|
||||
expiresAtSec,
|
||||
nowMs,
|
||||
isEnabled,
|
||||
isAuthenticated,
|
||||
isLoading,
|
||||
isRenewInFlight,
|
||||
lastAttemptAtMs,
|
||||
thresholdMs = SESSION_RENEW_THRESHOLD_MS,
|
||||
throttleMs = SESSION_RENEW_THROTTLE_MS,
|
||||
}: SlidingSessionRenewDecisionParams) {
|
||||
if (!isEnabled || !isAuthenticated || isLoading || isRenewInFlight) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (typeof expiresAtSec !== "number") {
|
||||
return false;
|
||||
}
|
||||
|
||||
const remainingMs = expiresAtSec * 1000 - nowMs;
|
||||
if (remainingMs <= 0 || remainingMs > thresholdMs) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (nowMs - lastAttemptAtMs < throttleMs) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
export function shouldAttemptSlidingSessionRenew(
|
||||
params: SessionRenewDecisionParams,
|
||||
) {
|
||||
return shouldAttemptSlidingSessionRenewBase({
|
||||
...params,
|
||||
thresholdMs: params.thresholdMs ?? SESSION_RENEW_THRESHOLD_MS,
|
||||
});
|
||||
}
|
||||
|
||||
export function shouldAttemptUnlimitedSessionRenew({
|
||||
expiresAtSec,
|
||||
nowMs,
|
||||
isEnabled,
|
||||
isAuthenticated,
|
||||
isLoading,
|
||||
isRenewInFlight,
|
||||
lastAttemptAtMs,
|
||||
thresholdMs = SESSION_RENEW_THRESHOLD_MS,
|
||||
throttleMs = SESSION_RENEW_THROTTLE_MS,
|
||||
}: SlidingSessionRenewDecisionParams) {
|
||||
if (isEnabled || !isAuthenticated || isLoading || isRenewInFlight) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (typeof expiresAtSec !== "number") {
|
||||
return false;
|
||||
}
|
||||
|
||||
const remainingMs = expiresAtSec * 1000 - nowMs;
|
||||
if (remainingMs <= 0 || remainingMs > thresholdMs) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (nowMs - lastAttemptAtMs < throttleMs) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
export function shouldAttemptUnlimitedSessionRenew(
|
||||
params: SessionRenewDecisionParams,
|
||||
) {
|
||||
return shouldAttemptUnlimitedSessionRenewBase({
|
||||
...params,
|
||||
thresholdMs: params.thresholdMs ?? SESSION_RENEW_THRESHOLD_MS,
|
||||
});
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user