✨ Support for refresh tokens

Author: AnandChowdhary

src/helpers/jwt.ts

@@ -1,6 +1,7 @@
 import { sign, verify } from "jsonwebtoken";
 import { JWT_ISSUER, JWT_SECRET } from "../config";
 import { User } from "../interfaces/tables/user";
+import { Tokens } from "../interfaces/enum";
 
 export const generateToken = (
   payload: string | object | Buffer,
@@ -33,9 +34,13 @@ export const verifyToken = (token: string, subject: string) =>
   });
 
 export const emailVerificationToken = (id: number) =>
-  generateToken({ id }, "7d", "email-verify");
+  generateToken({ id }, "7d", Tokens.EMAIL_VERIFY);
 
 export const passwordResetToken = (id: number) =>
-  generateToken({ id }, "1d", "password-reset");
+  generateToken({ id }, "1d", Tokens.PASSWORD_RESET);
 
-export const loginToken = (user: User) => generateToken(user, "1d", "auth");
+export const loginToken = (user: User) =>
+  generateToken(user, "1d", Tokens.LOGIN);
+
+export const refreshToken = (id: number) =>
+  generateToken({ id }, "30d", Tokens.REFRESH);

src/helpers/middleware.ts

@@ -1,7 +1,7 @@
 import { Request, Response, NextFunction } from "express";
 import { safeError, sendError } from "./errors";
 import { verifyToken } from "./jwt";
-import { ErrorCode } from "../interfaces/enum";
+import { ErrorCode, Tokens } from "../interfaces/enum";
 
 export const errorHandler = (
   error: any,
@@ -41,7 +41,7 @@ export const authHandler = async (
   }
   if (token.startsWith("Bearer ")) token = token.replace("Bearer ", "");
   try {
-    res.locals.token = await verifyToken(token, "auth");
+    res.locals.token = await verifyToken(token, Tokens.LOGIN);
     next();
   } catch (e) {
     const error = sendError(ErrorCode.INVALID_TOKEN);

src/interfaces/enum.ts

@@ -23,6 +23,7 @@ export enum EventType {
   USER_CREATED = "user.created",
   USER_UPDATED = "user.updated",
   USER_DELETED = "user.deleted",
+  AUTH_REFRESH = "auth.refresh",
   AUTH_LOGIN = "auth.login",
   AUTH_LOGIN_BACKUP_CODE = "auth.login_backupCode",
   AUTH_LOGIN_GOOGLE = "auth.login_google",
@@ -54,3 +55,10 @@ export enum Templates {
   EMAIL_VERIFY = "email-verify",
   PASSWORD_RESET = "password-reset"
 }
+
+export enum Tokens {
+  LOGIN = "auth",
+  REFRESH = "refresh",
+  PASSWORD_RESET = "password-reset",
+  EMAIL_VERIFY = "email-verify"
+}

src/rest/auth.ts

@@ -1,33 +1,52 @@
 import { User } from "../interfaces/tables/user";
 import { createUser, updateUser, getUserByEmail, getUser } from "../crud/user";
 import { InsertResult } from "../interfaces/mysql";
-import {
-  createEmail,
-  updateEmail,
-  getEmail,
-  sendEmailVerification
-} from "../crud/email";
+import { createEmail, updateEmail, getEmail } from "../crud/email";
 import { mail } from "../helpers/mail";
-import { verifyToken, loginToken, passwordResetToken } from "../helpers/jwt";
+import {
+  verifyToken,
+  loginToken,
+  passwordResetToken,
+  refreshToken
+} from "../helpers/jwt";
 import { KeyValue, Locals } from "../interfaces/general";
 import { createEvent } from "../crud/event";
 import {
   EventType,
   ErrorCode,
   MembershipRole,
-  Templates
+  Templates,
+  Tokens
 } from "../interfaces/enum";
 import { compare, hash } from "bcrypt";
 import { deleteSensitiveInfoUser } from "../helpers/utils";
 import { createMembership } from "../crud/membership";
 
+export const validateRefreshToken = async (token: string, locals: Locals) => {
+  const data = <User>await verifyToken(token, Tokens.REFRESH);
+  if (!data.id) throw new Error(ErrorCode.USER_NOT_FOUND);
+  const user = await getUser(data.id);
+  await createEvent(
+    {
+      userId: user.id,
+      type: EventType.AUTH_REFRESH
+    },
+    locals
+  );
+  return {
+    token: await loginToken(deleteSensitiveInfoUser(user)),
+    refresh: await refreshToken(data.id)
+  };
+};
+
 export const login = async (
   email: string,
   password: string,
   locals: Locals
 ) => {
   const user = await getUserByEmail(email, true);
   if (!user.password) throw new Error(ErrorCode.MISSING_PASSWORD);
+  if (!user.id) throw new Error(ErrorCode.USER_NOT_FOUND);
   const correctPassword = await compare(password, user.password);
   if (correctPassword) {
     await createEvent(
@@ -38,7 +57,10 @@ export const login = async (
       },
       locals
     );
-    return await loginToken(deleteSensitiveInfoUser(user));
+    return {
+      token: await loginToken(deleteSensitiveInfoUser(user)),
+      refresh: await refreshToken(user.id)
+    };
   }
   throw new Error(ErrorCode.INVALID_LOGIN);
 };
@@ -88,7 +110,7 @@ export const sendPasswordReset = async (email: string, locals: Locals) => {
 };
 
 export const verifyEmail = async (token: string, locals: Locals) => {
-  const emailId = (<KeyValue>await verifyToken(token, "email-verify")).id;
+  const emailId = (<KeyValue>await verifyToken(token, Tokens.EMAIL_VERIFY)).id;
   const email = await getEmail(emailId);
   await createEvent(
     {
@@ -106,7 +128,7 @@ export const updatePassword = async (
   password: string,
   locals: Locals
 ) => {
-  const userId = (<KeyValue>await verifyToken(token, "password-reset")).id;
+  const userId = (<KeyValue>await verifyToken(token, Tokens.PASSWORD_RESET)).id;
   const hashedPassword = await hash(password || "", 8);
   await updateUser(userId, { password: hashedPassword });
   await createEvent(

src/routes/auth.ts

@@ -4,7 +4,8 @@ import {
   sendPasswordReset,
   login,
   updatePassword,
-  register
+  register,
+  validateRefreshToken
 } from "../rest/auth";
 import { verifyToken } from "../helpers/jwt";
 
@@ -26,13 +27,25 @@ export const routeAuthLogin = async (req: Request, res: Response) => {
   const password = req.body.password;
   if (!email || !password) throw new Error(ErrorCode.MISSING_FIELD);
   try {
-    const token = await login(email, password, res.locals);
-    res.json({ token });
+    const tokens = await login(email, password, res.locals);
+    res.json(tokens);
   } catch (error) {
     throw new Error(ErrorCode.INVALID_LOGIN);
   }
 };
 
+export const routeAuthRefresh = async (req: Request, res: Response) => {
+  const token =
+    req.body.token || (req.get("Authorization") || "").replace("Bearer ", "");
+  if (!token) throw new Error(ErrorCode.MISSING_TOKEN);
+  try {
+    const tokens = await validateRefreshToken(token, res.locals);
+    res.json(tokens);
+  } catch (error) {
+    throw new Error(ErrorCode.INVALID_TOKEN);
+  }
+};
+
 export const routeAuthRegister = async (req: Request, res: Response) => {
   const email = req.body.email;
   const user = req.body;

src/routes/index.ts

@@ -19,7 +19,8 @@ import {
   routeAuthLogin,
   routeAuthResetPasswordRequest,
   routeAuthResetPasswordRecover,
-  routeAuthRegister
+  routeAuthRegister,
+  routeAuthRefresh
 } from "./auth";
 import { routeMembershipGet, routeMembershipCreate } from "./membership";
 
@@ -37,6 +38,7 @@ export const router = (app: Application) => {
 
 const routesAuth = (app: Application) => {
   app.post("/auth/login", asyncHandler(routeAuthLogin));
+  app.post("/auth/refresh", asyncHandler(routeAuthRefresh));
   app.post("/auth/verify-token", asyncHandler(routeAuthVerifyToken));
   app.post(
     "/auth/reset-password/request",