diff --git a/src/config/keys.js b/src/config/keys.js index cf70eb4..446caae 100644 --- a/src/config/keys.js +++ b/src/config/keys.js @@ -4,6 +4,7 @@ const path = require('path'); export const expTime = 60 * 20; export const rememberTime = 60 * 60 * 24 * 2; export const reqExpTime = 60; +export const authExpTime = 2700000; export const accessTokenName = 'token'; export const refreshTokenName = 'rememberme'; export const iss = 'auth.devclub.in'; diff --git a/src/routes/auth.js b/src/routes/auth.js index c79de84..a40e9a7 100644 --- a/src/routes/auth.js +++ b/src/routes/auth.js @@ -13,6 +13,7 @@ import { linkSocial, makeid, getRequestToken, + createJWTToken, } from '../utils/utils'; import { accessTokenName, @@ -431,13 +432,14 @@ router.post('/requestToken', async (req, res) => { router.get('/verifyRToken', async (req, res) => { try { - console.log('here'); const { q } = req.query; + verify(q, keys.publicKey, { + algorithms: ['RS256'], + }); const { requestToken } = decode(q); rtoken.exists = util.promisify(rtoken.exists); rtoken.hget = util.promisify(rtoken.hget); const exists = await rtoken.exists(requestToken.toString()); - console.log(exists); if (!exists) { return res.status(401).json({ err: true, @@ -454,10 +456,6 @@ router.get('/verifyRToken', async (req, res) => { msg: 'No client found', }); } - - verify(requestToken, client.access_token, { - algorithms: ['HS256'], - }); rtoken.hmset(requestToken.toString(), { cId: clientId, uId: user._id.toString(), @@ -468,7 +466,48 @@ router.get('/verifyRToken', async (req, res) => { msg: 'User authenticated successfully', }); } catch (error) { - console.log(error); + return res.status(401).json({ + err: true, + msg: 'Unauthorized Client', + }); + } +}); + +router.post('/getAuthToken', async (req, res) => { + try { + const { token } = req.body; + const { requestToken } = decode(token); + rtoken.exists = util.promisify(rtoken.exists); + rtoken.hget = util.promisify(rtoken.hget); + const exists = await rtoken.exists(requestToken.toString()); + if (!exists) { + return res.status(401).json({ + err: true, + msg: 'Session Expired', + }); + } + + const clientId = await rtoken.hget(requestToken.toString(), 'cId'); + const userId = await rtoken.hget(requestToken.toString(), 'uId'); + const client = await Client.findById(clientId); + + if (!client) { + return res.status(400).json({ + err: true, + msg: 'No client found', + }); + } + + verify(token, client.access_token, { + algorithms: ['HS256'], + }); + + const user = await User.findById(userId); + + const authToken = createJWTToken(user, keys.authExpTime); + + res.send(authToken); + } catch (error) { return res.status(401).json({ err: true, msg: 'Unauthorized Client', diff --git a/src/utils/utils.js b/src/utils/utils.js index f32f81b..08730fa 100644 --- a/src/utils/utils.js +++ b/src/utils/utils.js @@ -37,7 +37,7 @@ const getRoleData = async (roles) => { return data; }; -const createJWTCookie = (user, res, tokenName = keys.accessTokenName) => { +const createJWTToken = (user, expiry) => { const payload = { user: { id: user.id, @@ -50,14 +50,19 @@ const createJWTCookie = (user, res, tokenName = keys.accessTokenName) => { isverified: user.isverified, }, }; - const exp = - tokenName === keys.refreshTokenName ? keys.rememberTime : keys.expTime; - // create a token const token = jwt.sign(payload, keys.privateKey, { - expiresIn: exp, // in seconds + expiresIn: expiry, issuer: keys.iss, algorithm: 'RS256', }); + return token; +}; + +const createJWTCookie = (user, res, tokenName = keys.accessTokenName) => { + const exp = + tokenName === keys.refreshTokenName ? keys.rememberTime : keys.expTime; + // create a token + const token = createJWTToken(user, exp); // set the cookie with token with the same age as that of token res.cookie(tokenName, token, { @@ -365,4 +370,5 @@ export { sendPassResetEmail, addRoles, getRequestToken, + createJWTToken, };