From 4569b85489e863465395f84e995dd3fdc44471b4 Mon Sep 17 00:00:00 2001
From: Piotr Russ <mail@pruss.it>
Date: Sun, 22 Nov 2020 13:49:09 +0100
Subject: implement refresh tokens

---
 server/models/User.js | 31 +++++++++++++++++++++++--------
 1 file changed, 23 insertions(+), 8 deletions(-)

(limited to 'server/models/User.js')

diff --git a/server/models/User.js b/server/models/User.js
index 4fa6ffe..e777878 100644
--- a/server/models/User.js
+++ b/server/models/User.js
@@ -1,5 +1,6 @@
 const mongoose = require("mongoose");
 const bcrypt = require('bcryptjs');
+const randtoken = require('rand-token');
 const jwt = require('jsonwebtoken');
 
 const userSchema = new mongoose.Schema({
@@ -23,22 +24,36 @@ const userSchema = new mongoose.Schema({
     min: 4,
     max: 1024,
   },
-  tokens: [{
-    token: {
+  sessions: [{
+    ref: {
       type: String,
       required: true
     }
   }]
 });
 
-userSchema.methods.generateAuthToken = async function () {
-  const user = this;
-  const token = jwt.sign({ _id: user._id.toString() }, 'replaceThisWithSecretString')
+userSchema.methods.generateJwtToken = async function (currentRef) {
+  const ref = currentRef ? currentRef : randtoken.uid(256);
+
+  if (!currentRef) {
+    this.sessions = this.sessions.concat({ ref });
+    this.save();
+  }
+
+  return jwt.sign(
+    { _id: this._id.toString(), ref },
+    'replaceThisWithSecretString',
+    { expiresIn: 300 }
+  );
+}
 
-  user.tokens = user.tokens.concat({ token });
-  user.save();
+userSchema.methods.endSession = async function (ref) {
+  this.sessions = this.sessions.filter((session) => {
+    return session.ref !== ref;
+  });
 
-  return token;
+  await this.save();
+  return null;
 }
 
 userSchema.statics.findByCredentials = async (email, password) => {
-- 
cgit v1.2.3