completed jwt token login with refresh token, reduced db calls

2 files changed, 36 insertions, 32 deletions

diff --git a/server/middleware/auth.js b/server/middleware/auth.js
index 5c77830..f012054 100644
--- a/server/middleware/auth.js
+++ b/server/middleware/auth.js
@@ -1,5 +1,5 @@
 const jwt = require('jsonwebtoken');
-const User = require('../models/User');
+const Session = require('../models/Session');
 
 const auth = async (req, res, next) => {
   try {
@@ -10,27 +10,26 @@ const auth = async (req, res, next) => {
     }
 
     try {
-      const decoded = jwt.verify(token, process.env.JWT_SECRET);
-      req.userId = decoded._id;
-      req.refreshToken = decoded.ref;
+      const {sessionId, user} = jwt.verify(token, process.env.JWT_SECRET);
+      req.sessionId = sessionId;
+      req.loggedUser = JSON.parse(user);
       return next();
+
     } catch(er) {
       if (er.message && er.message === 'jwt expired') {
-        const { _id, ref } = jwt.decode(token, process.env.JWT_SECRET);
-        const user = await User.findById(_id);
+        const {sessionId, user} = jwt.decode(token);
+        const userData = JSON.parse(user);
+        const session = await Session.findById(sessionId);
 
-        if (!user) {
+        if (!session || session.userId.toString() !== userData.userId) {
           throw new Error();
         }
 
-        if (user.sessions.filter(s => s.ref === ref).length > 0) {
-          req.userId = _id;
-          req.refreshToken = ref;
-          req.newToken = await user.generateJwtToken(ref);;
-          return next();
-        }
-
-        throw new Error();
+        session.setAccessDate();
+        req.newToken = session.generateJwtToken(userData);;
+        req.sessionId = sessionId;
+        req.loggedUser = userData;
+        return next();
       }
 
       throw new Error();
diff --git a/server/middleware/redirectLogged.js b/server/middleware/redirectLogged.js
index 40a5657..7d06ece 100644
--- a/server/middleware/redirectLogged.js
+++ b/server/middleware/redirectLogged.js
@@ -1,37 +1,42 @@
 const jwt = require('jsonwebtoken');
 const User = require('../models/User');
+const Session = require('../models/Session');
 
 const redirectLogged = async (req, res, next) => {
+  console.log('redirectLogged')
   try {
     const token = req.cookies.token || '';
-
     if (!token) {
       throw new Error();
     }
 
     try {
-      const decoded = jwt.verify(token, process.env.JWT_SECRET);
-      res.redirect('/admin');
+      const token = jwt.verify(token, process.env.JWT_SECRET);
+      if (!token.user || !token.user.userId){
+        throw new Error();
+      }
+      return res.redirect('/admin');
     } catch(er) {
       if (er.message && er.message === 'jwt expired') {
-        const { _id, ref } = jwt.decode(token, process.env.JWT_SECRET);
-        const user = await User.findById(_id);
+        const {sessionId, user} = jwt.decode(token);
+        const userData = JSON.parse(user);
+        const session = await Session.findById(sessionId);
 
-        if (!user) {
+        if (!session || session.userId.toString() !== userData.userId) {
           throw new Error();
         }
 
-        if (user.sessions.filter(s => s.ref === ref).length > 0) {
-          const newToken = await user.generateJwtToken(ref);;
-          res
-            .cookie('token', token, {
-              maxAge: parseInt(process.env.COOKIE_MAX_AGE),
-              secure: false,
-              httpOnly: true,
-            })
-            .redirect('/admin');
-        }
-
+        session.setAccessDate();
+        const newToken = session.generateJwtToken(userData);
+
+        return res
+          .cookie('token', newToken, {
+            maxAge: parseInt(process.env.COOKIE_MAX_AGE),
+            secure: false,
+            SameSite: 'Strict',
+            httpOnly: true,
+          })
+          .redirect('/admin');
         throw new Error();
       }