github
/
filebrowser
mirror of https://github.com/filebrowser/filebrowser
1
0
Fork 0
Code Issues Releases Wiki Activity

fix(auth): prevent integer overflow in logout timer using safeTimeout (#5470)

pull/5492/head
MSomnium Studios 2025-10-17 11:38:57 -04:00 committed by GitHub
parent 97b8911ba8
commit dd883985bb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
frontend/src/api/utils.ts
View File

@ -91,3 +91,21 @@ export function createURL(endpoint: string, searchParams = {}): string {
return url.toString();
}
export function setSafeTimeout(callback: () => void, delay: number): number {
const MAX_DELAY = 86_400_000;
let remaining = delay;
function scheduleNext(): number {
if (remaining <= MAX_DELAY) {
return window.setTimeout(callback, remaining);
} else {
return window.setTimeout(() => {
remaining -= MAX_DELAY;
scheduleNext();
}, MAX_DELAY);
}
}
return scheduleNext();
}

6
frontend/src/utils/auth.ts
View File

@ -4,6 +4,7 @@ import type { JwtPayload } from "jwt-decode";
import { jwtDecode } from "jwt-decode";
import { baseURL, noAuth } from "./constants";
import { StatusError } from "@/api/utils";
import { setSafeTimeout } from "@/api/utils";
export function parseToken(token: string) {
// falsy or malformed jwt will throw InvalidTokenError
@ -22,10 +23,11 @@ export function parseToken(token: string) {
}
const expiresAt = new Date(data.exp! * 1000);
const timeout = expiresAt.getTime() - Date.now();
authStore.setLogoutTimer(
window.setTimeout(() => {
setSafeTimeout(() => {
logout("inactivity");
}, expiresAt.getTime() - Date.now())
}, timeout)
);
}