NASS' SSV System - Naflows/naflows-auth GitHub Wiki
NASS' Secure Session Verification Process
About
This is the second step of the NASS' verification process before executing a request. The whole point of the SSV is to validate the session of the user, meaning if the session is valid as well as its credentials.
Important notice
Later in the developement, renewing a session will need a secure code in order to strenghten the process.
.env variables
The following variables are used in the SSV process.
| Variable | Type | Usage | Default value |
|---|---|---|---|
| SESSION_RENEWAL_TOKEN_DEFAULT_USES | number | Default Session Renewal's token uses | 1 |
| SESSION_RENEWAL_LIFESPAN | number | Session renewal time in seconds | 1728000 |
| SESSION_TOKEN_DURATION | number | Basic token duration in seconds for normal sessions | 1728000 |
Error codes
The following error codes are the one that can be returned by the NASS during the SSV:
| Code | Message | Reason |
|---|---|---|
| 200 | SSV Process completed successfully. | Self explanatory. |
| 201 | Session is renewed. | Successfully renewed session with given renewal token. Response contains session ID and token value |
| 401 | Invalid user credentials | Given credentials (password + identifier) in the UCR are invalid |
| 401 | Invalid user credentials | Given token in the UCR is invalid |
| 500 | Internal server error. UCR should be valid but no credentials found. | In case of failing in the UCR check (which should not happen), prevent NASS from validating the session if something is wrong with the credentials / token |
| 401 | Invalid session informations. | At least one of the given informations in the UCR are not aligned with the session data |
| 401 | Session not found. | The attached session ID in the UCR is invalid |
| 401 | Unknown user credentials. | No user found under the given user ID in the UCR |
| 401 | Invalid credentials. | Provided user credentials (password / identifier) for session renewal are wrong |
| 401 | Session is outdated | Sending a renewal token to the user in order to renew the session |
| 500 | Internal server error. Could not access the database collections ([Collection(s) name(s)]) | Something went wrong while fetching the data |
| 500 | Failed to renew the session. | Something went wrong while renewing the session. |
| 500 | secure.token.create(...).message |
Something went wrong while creating a token for renewal |