From 9a1223985e075934bd2555dcfc613e9dc82cd2a7 Mon Sep 17 00:00:00 2001
From: GGORG <GGORG0@protonmail.com>
Date: Wed, 29 Jun 2022 15:57:59 +0200
Subject: [PATCH] refactor(jwt): added a type to the jwts

every jwt used for authentication will now have to have "type": "auth"

BREAKING CHANGE: JWTs without "type": "auth" will now be rejected
---
 src/routes/authRouter.ts | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/routes/authRouter.ts b/src/routes/authRouter.ts
index c2b46a0..f6a6204 100644
--- a/src/routes/authRouter.ts
+++ b/src/routes/authRouter.ts
@@ -18,7 +18,10 @@ export function authenticateJWT(req: Request, res: Response, next: NextFunction)
 
   try {
     const decoded = jwt.verify(token, process.env.JWT_SECRET as string);
-    if (!(decoded instanceof Object) || !(typeof decoded.user === "string"))
+    if (!(decoded instanceof Object) ||
+      !(typeof decoded.user === "string") ||
+      !(typeof decoded.type === "string") ||
+      !(decoded.type === "auth"))
       return res.status(403).json({ success: false, error: "Invalid token" });
     res.locals.user = decoded.user;
     next();
@@ -87,7 +90,7 @@ router.post("/create", async (req, res) => {
         },
       });
 
-      const token = jwt.sign({ user: user.uuid, ip: req.ip }, process.env.JWT_SECRET as string, { expiresIn: "14d" });
+      const token = jwt.sign({ user: user.uuid, ip: req.ip, type: "auth" }, process.env.JWT_SECRET as string, { expiresIn: "14d" });
 
       res.json({
         success: true,
@@ -131,7 +134,7 @@ router.post("/login", async (req, res) => {
 
     if (hash !== user.passwordHash) throw "Invalid credentials";
 
-    const token = jwt.sign({ user: user.uuid, ip: req.ip }, process.env.JWT_SECRET as string, { expiresIn: "14d" });
+    const token = jwt.sign({ user: user.uuid, ip: req.ip, type: "auth" }, process.env.JWT_SECRET as string, { expiresIn: "14d" });
 
     res.json({
       success: true,