-
Notifications
You must be signed in to change notification settings - Fork 3
/
authflow.drawio
125 lines (125 loc) · 10.4 KB
/
authflow.drawio
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
<mxfile host="app.diagrams.net" modified="2021-10-25T15:52:31.714Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" etag="sMnfHnkrvuLVTKOKcTPF" version="15.5.9" type="github">
<diagram id="VgS3NeHeZss1k28GfrYO" name="Page-1">
<mxGraphModel dx="1831" dy="608" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="850" pageHeight="1100" math="0" shadow="0">
<root>
<mxCell id="0" />
<mxCell id="1" parent="0" />
<mxCell id="pqOWpl_3aFsIhm1obFnf-1" value="database" style="shape=datastore;whiteSpace=wrap;html=1;" parent="1" vertex="1">
<mxGeometry x="650" y="330" width="120" height="120" as="geometry" />
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-14" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pqOWpl_3aFsIhm1obFnf-2" target="pqOWpl_3aFsIhm1obFnf-11" edge="1">
<mxGeometry relative="1" as="geometry">
<Array as="points">
<mxPoint x="190" y="400" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-35" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.31;entryY=0.8;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="pqOWpl_3aFsIhm1obFnf-2" target="pqOWpl_3aFsIhm1obFnf-25" edge="1">
<mxGeometry relative="1" as="geometry">
<Array as="points">
<mxPoint x="430" y="480" />
<mxPoint x="-165" y="480" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-2" value="main auth server" style="shape=cube;whiteSpace=wrap;html=1;boundedLbl=1;backgroundOutline=1;darkOpacity=0.05;darkOpacity2=0.1;" parent="1" vertex="1">
<mxGeometry x="320" y="340" width="160" height="90" as="geometry" />
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-5" value="" style="shape=flexArrow;endArrow=classic;startArrow=classic;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" parent="1" target="pqOWpl_3aFsIhm1obFnf-1" edge="1">
<mxGeometry width="100" height="100" relative="1" as="geometry">
<mxPoint x="480" y="390" as="sourcePoint" />
<mxPoint x="530" y="410" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-13" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pqOWpl_3aFsIhm1obFnf-6" target="pqOWpl_3aFsIhm1obFnf-11" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-6" value="Website server<br>Do not serve protected routes<br>e.g /admin if token.admin is false" style="ellipse;shape=cloud;whiteSpace=wrap;html=1;" parent="1" vertex="1">
<mxGeometry x="390" y="130" width="230" height="150" as="geometry" />
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-12" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pqOWpl_3aFsIhm1obFnf-9" target="pqOWpl_3aFsIhm1obFnf-11" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-9" value="User" style="shape=umlActor;verticalLabelPosition=bottom;verticalAlign=top;html=1;outlineConnect=0;" parent="1" vertex="1">
<mxGeometry x="120" y="80" width="30" height="60" as="geometry" />
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-16" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pqOWpl_3aFsIhm1obFnf-11" target="pqOWpl_3aFsIhm1obFnf-6" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-21" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0;entryDx=0;entryDy=35;entryPerimeter=0;" parent="1" source="pqOWpl_3aFsIhm1obFnf-11" target="pqOWpl_3aFsIhm1obFnf-2" edge="1">
<mxGeometry relative="1" as="geometry">
<Array as="points">
<mxPoint x="250" y="375" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-26" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pqOWpl_3aFsIhm1obFnf-11" target="pqOWpl_3aFsIhm1obFnf-24" edge="1">
<mxGeometry relative="1" as="geometry">
<Array as="points">
<mxPoint x="70" y="225" />
<mxPoint x="70" y="205" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-28" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.96;entryY=0.7;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="pqOWpl_3aFsIhm1obFnf-11" target="pqOWpl_3aFsIhm1obFnf-25" edge="1">
<mxGeometry relative="1" as="geometry">
<Array as="points">
<mxPoint x="70" y="225" />
<mxPoint x="70" y="407" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-11" value="website" style="pointerEvents=1;shadow=0;dashed=0;html=1;strokeColor=none;fillColor=#505050;labelPosition=center;verticalLabelPosition=bottom;verticalAlign=top;outlineConnect=0;align=center;shape=mxgraph.office.concepts.document_blank;" parent="1" vertex="1">
<mxGeometry x="160" y="160" width="110" height="130" as="geometry" />
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-17" value="access token" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;" parent="1" vertex="1">
<mxGeometry x="290" y="170" width="90" height="20" as="geometry" />
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-18" value="access token<br>refresh token" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;" parent="1" vertex="1">
<mxGeometry x="100" y="350" width="90" height="30" as="geometry" />
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-19" value="stores username<br>and password(or Discord ID<br>because we use OAuth 2.0)" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;" parent="1" vertex="1">
<mxGeometry x="490" y="330" width="160" height="50" as="geometry" />
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-22" value="username and password<br>or login via discord" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;" parent="1" vertex="1">
<mxGeometry x="250" y="300" width="150" height="30" as="geometry" />
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-24" value="Web server with not that important<br>auth" style="ellipse;shape=cloud;whiteSpace=wrap;html=1;" parent="1" vertex="1">
<mxGeometry x="-220" y="150" width="210" height="110" as="geometry" />
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-29" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0;entryDx=90;entryDy=90;entryPerimeter=0;" parent="1" source="pqOWpl_3aFsIhm1obFnf-25" target="pqOWpl_3aFsIhm1obFnf-2" edge="1">
<mxGeometry relative="1" as="geometry">
<Array as="points">
<mxPoint x="-125" y="450" />
<mxPoint x="410" y="450" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-25" value="Web server with important auth<br>(like database delete)" style="ellipse;shape=cloud;whiteSpace=wrap;html=1;" parent="1" vertex="1">
<mxGeometry x="-230" y="330" width="210" height="110" as="geometry" />
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-27" value="access token" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;" parent="1" vertex="1">
<mxGeometry y="180" width="90" height="20" as="geometry" />
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-30" value="access token" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;" parent="1" vertex="1">
<mxGeometry x="-20" y="380" width="90" height="20" as="geometry" />
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-31" value="if (user.admin == true) welcome;&nbsp;" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;" parent="1" vertex="1">
<mxGeometry x="-210" y="130" width="190" height="20" as="geometry" />
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-32" value="if (await API.getUser(user.id) == true) welcome;" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;" parent="1" vertex="1">
<mxGeometry x="-240" y="310" width="270" height="20" as="geometry" />
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-33" value="GET /user/{user.id}" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;" parent="1" vertex="1">
<mxGeometry x="40" y="430" width="120" height="20" as="geometry" />
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-36" value="user = { admin: false }" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;" parent="1" vertex="1">
<mxGeometry x="40" y="480" width="130" height="20" as="geometry" />
</mxCell>
<mxCell id="pqOWpl_3aFsIhm1obFnf-39" value="<h1>Why it checks auth server again</h1><p>Lets say I remove your mod status in Discord. You get angry and decide to end it all. You have exactly JWT_EXPIRY_TIME(5 minutes) to destroy everything with a scheme like above</p><p>But with this explicit check scheme, that is impossible.</p>" style="text;html=1;strokeColor=none;fillColor=none;spacing=5;spacingTop=-20;whiteSpace=wrap;overflow=hidden;rounded=0;" parent="1" vertex="1">
<mxGeometry x="-400" y="330" width="190" height="230" as="geometry" />
</mxCell>
</root>
</mxGraphModel>
</diagram>
</mxfile>