Leahnaya/nxapi
1
0
Fork 0
mirror of https://github.com/samuelthomas2774/nxapi.git synced 2026-03-21 18:04:10 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix checking session token expiry

Browse Source
This commit is contained in:
Samuel Elliott 2025-09-01 02:02:44 +01:00
parent b683dca8b4
commit c021f20ef6
No known key found for this signature in database
GPG Key ID: 8420C7CDE43DC4D6
2 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/common/auth/coral.ts
View File

@ -7,7 +7,7 @@ import { getNintendoAccountUser, NintendoAccountScope, NintendoAccountSessionTok
import createDebug from '../../util/debug.js';
import { Jwt } from '../../util/jwt.js';
import { checkUseLimit, SHOULD_LIMIT_USE } from './util.js';
import { getNaToken } from './na.js';
import { getNaToken, InvalidNintendoAccountTokenError, NintendoAccountSessionTokenExpiredError } from './na.js';
const debug = createDebug('nxapi:auth:coral');
@ -48,17 +48,20 @@ export async function getToken(
const [jwt, sig] = Jwt.decode<NintendoAccountSessionTokenJwtPayload>(token);
// TODO: getNaToken already does this, but is called after checkUseLimit
// It has it's own rate limit so just call this first
if (jwt.payload.iss !== 'https://accounts.nintendo.com') {
throw new Error('Invalid Nintendo Account session token issuer');
throw new InvalidNintendoAccountTokenError('Invalid Nintendo Account session token issuer');
}
if (jwt.payload.typ !== 'session_token') {
throw new Error('Invalid Nintendo Account session token type');
throw new InvalidNintendoAccountTokenError('Invalid Nintendo Account session token type');
}
if (jwt.payload.aud !== ZNCA_CLIENT_ID) {
throw new Error('Invalid Nintendo Account session token audience');
throw new InvalidNintendoAccountTokenError('Invalid Nintendo Account session token audience');
}
if (jwt.payload.exp <= (Date.now() / 1000)) {
throw new Error('Nintendo Account session token expired');
throw new NintendoAccountSessionTokenExpiredError('Nintendo Account session token expired');
}
// Nintendo Account session tokens use a HMAC SHA256 signature, so we can't verify this is valid

9
src/common/auth/moon.ts
View File

@ -7,6 +7,7 @@ import { Jwt } from '../../util/jwt.js';
import MoonApi from '../../api/moon.js';
import { checkUseLimit, LIMIT_REQUESTS, SHOULD_LIMIT_USE } from './util.js';
import { MoonError } from '../../api/moon-types.js';
import { InvalidNintendoAccountTokenError, NintendoAccountSessionTokenExpiredError } from './na.js';
const debug = createDebug('nxapi:auth:moon');
@ -26,16 +27,16 @@ export async function getPctlToken(storage: persist.LocalStorage, token: string,
const [jwt, sig] = Jwt.decode<NintendoAccountSessionTokenJwtPayload>(token);
if (jwt.payload.iss !== 'https://accounts.nintendo.com') {
throw new Error('Invalid Nintendo Account session token issuer');
throw new InvalidNintendoAccountTokenError('Invalid Nintendo Account session token issuer');
}
if (jwt.payload.typ !== 'session_token') {
throw new Error('Invalid Nintendo Account session token type');
throw new InvalidNintendoAccountTokenError('Invalid Nintendo Account session token type');
}
if (jwt.payload.aud !== ZNMA_CLIENT_ID) {
throw new Error('Invalid Nintendo Account session token audience');
throw new InvalidNintendoAccountTokenError('Invalid Nintendo Account session token audience');
}
if (jwt.payload.exp <= (Date.now() / 1000)) {
throw new Error('Nintendo Account session token expired');
throw new NintendoAccountSessionTokenExpiredError('Nintendo Account session token expired');
}
// Nintendo Account session tokens use a HMAC SHA256 signature, so we can't verify this is valid