From f2fcc41cb17ece1fc5acf57809c5e3d61c236133 Mon Sep 17 00:00:00 2001 From: Piotr Russ Date: Thu, 26 Nov 2020 22:20:54 +0100 Subject: completed jwt token login with refresh token, reduced db calls --- server/middleware/auth.js | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) (limited to 'server/middleware/auth.js') diff --git a/server/middleware/auth.js b/server/middleware/auth.js index 5c77830..f012054 100644 --- a/server/middleware/auth.js +++ b/server/middleware/auth.js @@ -1,5 +1,5 @@ const jwt = require('jsonwebtoken'); -const User = require('../models/User'); +const Session = require('../models/Session'); const auth = async (req, res, next) => { try { @@ -10,27 +10,26 @@ const auth = async (req, res, next) => { } try { - const decoded = jwt.verify(token, process.env.JWT_SECRET); - req.userId = decoded._id; - req.refreshToken = decoded.ref; + const {sessionId, user} = jwt.verify(token, process.env.JWT_SECRET); + req.sessionId = sessionId; + req.loggedUser = JSON.parse(user); return next(); + } catch(er) { if (er.message && er.message === 'jwt expired') { - const { _id, ref } = jwt.decode(token, process.env.JWT_SECRET); - const user = await User.findById(_id); + const {sessionId, user} = jwt.decode(token); + const userData = JSON.parse(user); + const session = await Session.findById(sessionId); - if (!user) { + if (!session || session.userId.toString() !== userData.userId) { throw new Error(); } - if (user.sessions.filter(s => s.ref === ref).length > 0) { - req.userId = _id; - req.refreshToken = ref; - req.newToken = await user.generateJwtToken(ref);; - return next(); - } - - throw new Error(); + session.setAccessDate(); + req.newToken = session.generateJwtToken(userData);; + req.sessionId = sessionId; + req.loggedUser = userData; + return next(); } throw new Error(); -- cgit v1.2.3