implement refresh tokens

1 files changed, 23 insertions, 7 deletions

diff --git a/server/middleware/auth.js b/server/middleware/auth.js
index 42d93a4..462b100 100644
--- a/server/middleware/auth.js
+++ b/server/middleware/auth.js
@@ -9,16 +9,32 @@ const auth = async (req, res, next) => {
       throw new Error();
     }
 
-    const decoded = jwt.verify(token, 'replaceThisWithSecretString');
-    const user = await User.findOne({ _id: decoded._id, 'tokens.token': token });
+    try {
+      const decoded = jwt.verify(token, 'replaceThisWithSecretString');
+      req.userId = decoded._id;
+      req.refreshToken = decoded.ref;
+      return next();
+    } catch(er) {
+      if (er.message && er.message === 'jwt expired') {
+        const { _id, ref } = jwt.decode(token, 'replaceThisWithSecretString');
+        const user = await User.findById(_id);
+
+        if (!user) {
+          throw new Error();
+        }
+
+        if (user.sessions.filter(s => s.ref === ref).length > 0) {
+          req.userId = _id;
+          req.refreshToken = ref;
+          req.newToken = await user.generateJwtToken(res.req.refreshToken);;
+          return next();
+        }
+
+        throw new Error();
+      }
 
-    if (!user) {
       throw new Error();
     }
-
-    req.token = token;
-    req.user = user;
-    next();
   } catch (err) {
     res.redirect('/login');
   }