feat: use cookies for authentication

2023-01-04 11:54:28 +01:00
parent 71658ad39d
commit faea1abcc4
12 changed files with 193 additions and 74 deletions
--- a/backend/src/auth/auth.service.ts
+++ b/backend/src/auth/auth.service.ts
@@ -34,8 +34,10 @@ export class AuthService {
        },
      });

-      const accessToken = await this.createAccessToken(user);
-      const refreshToken = await this.createRefreshToken(user.id);
+      const { refreshToken, refreshTokenId } = await this.createRefreshToken(
+        user.id
+      );
+      const accessToken = await this.createAccessToken(user, refreshTokenId);

      return { accessToken, refreshToken };
    } catch (e) {
@@ -71,8 +73,10 @@ export class AuthService {
      return { loginToken };
    }

-    const accessToken = await this.createAccessToken(user);
-    const refreshToken = await this.createRefreshToken(user.id);
+    const { refreshToken, refreshTokenId } = await this.createRefreshToken(
+      user.id
+    );
+    const accessToken = await this.createAccessToken(user, refreshTokenId);

    return { accessToken, refreshToken };
  }
@@ -89,11 +93,12 @@ export class AuthService {
    });
  }

-  async createAccessToken(user: User) {
+  async createAccessToken(user: User, refreshTokenId: string) {
    return this.jwtService.sign(
      {
        sub: user.id,
        email: user.email,
+        refreshTokenId,
      },
      {
        expiresIn: "15min",
@@ -102,6 +107,14 @@ export class AuthService {
    );
  }

+  async signOut(accessToken: string) {
+    const { refreshTokenId } = this.jwtService.decode(accessToken) as {
+      refreshTokenId: string;
+    };
+
+    await this.prisma.refreshToken.delete({ where: { id: refreshTokenId } });
+  }
+
  async refreshAccessToken(refreshToken: string) {
    const refreshTokenMetaData = await this.prisma.refreshToken.findUnique({
      where: { token: refreshToken },
@@ -111,17 +124,18 @@ export class AuthService {
    if (!refreshTokenMetaData || refreshTokenMetaData.expiresAt < new Date())
      throw new UnauthorizedException();

-    return this.createAccessToken(refreshTokenMetaData.user);
+    return this.createAccessToken(
+      refreshTokenMetaData.user,
+      refreshTokenMetaData.id
+    );
  }

  async createRefreshToken(userId: string) {
-    const refreshToken = (
-      await this.prisma.refreshToken.create({
-        data: { userId, expiresAt: moment().add(3, "months").toDate() },
-      })
-    ).token;
+    const { id, token } = await this.prisma.refreshToken.create({
+      data: { userId, expiresAt: moment().add(3, "months").toDate() },
+    });

-    return refreshToken;
+    return { refreshTokenId: id, refreshToken: token };
  }

  async createLoginToken(userId: string) {