cheveguerra/whaticket-community
1
0
Fork 0
mirror of https://github.com/cheveguerra/whaticket-community.git synced 2026-04-18 03:39:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: loggin out keeps refresh token in browser

Browse Source 
fix: https://github.com/canove/whaticket/issues/106
This commit is contained in:
canove
2021-01-15 11:56:28 -03:00
parent e6e9ac213f
commit 74e17a9f04
8 changed files with 59 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
backend/src/controllers/SessionController.ts
View File

@@ -31,9 +31,21 @@ export const update = async (
throw new AppError("ERR_SESSION_EXPIRED", 401);
}
const { user, newToken, refreshToken } = await RefreshTokenService(token);
const { user, newToken, refreshToken } = await RefreshTokenService(
res,
token
);
SendRefreshToken(res, refreshToken);
return res.json({ token: newToken, user });
};
export const remove = async (
req: Request,
res: Response
): Promise<Response> => {
res.clearCookie("jrt");
return res.send();
};

3
backend/src/routes/authRoutes.ts
View File

@@ -1,6 +1,7 @@
import { Router } from "express";
import * as SessionController from "../controllers/SessionController";
import * as UserController from "../controllers/UserController";
import isAuth from "../middleware/isAuth";
const authRoutes = Router();
@@ -10,4 +11,6 @@ authRoutes.post("/login", SessionController.store);
authRoutes.post("/refresh_token", SessionController.update);
authRoutes.delete("/logout", isAuth, SessionController.remove);
export default authRoutes;

37
backend/src/services/AuthServices/RefreshTokenService.ts
View File

@@ -1,4 +1,5 @@
import { verify } from "jsonwebtoken";
import { Response as Res } from "express";
import User from "../../models/User";
import AppError from "../../errors/AppError";
@@ -20,25 +21,27 @@ interface Response {
refreshToken: string;
}
export const RefreshTokenService = async (token: string): Promise<Response> => {
let decoded;
export const RefreshTokenService = async (
res: Res,
token: string
): Promise<Response> => {
try {
decoded = verify(token, authConfig.refreshSecret);
const decoded = verify(token, authConfig.refreshSecret);
const { id, tokenVersion } = decoded as RefreshTokenPayload;
const user = await ShowUserService(id);
if (user.tokenVersion !== tokenVersion) {
res.clearCookie("jrt");
throw new AppError("ERR_SESSION_EXPIRED", 401);
}
const newToken = createAccessToken(user);
const refreshToken = createRefreshToken(user);
return { user, newToken, refreshToken };
} catch (err) {
res.clearCookie("jrt");
throw new AppError("ERR_SESSION_EXPIRED", 401);
}
const { id, tokenVersion } = decoded as RefreshTokenPayload;
const user = await ShowUserService(id);
if (user.tokenVersion !== tokenVersion) {
throw new AppError("ERR_SESSION_EXPIRED", 401);
}
const newToken = createAccessToken(user);
const refreshToken = createRefreshToken(user);
return { user, newToken, refreshToken };
};