Now with 1000% cleaner jwt generation

ref #6
2020-12-18 17:57:48 +01:00
parent b21dd6f0c0
commit 65a8449ea3
3 changed files with 108 additions and 43 deletions
--- a/src/models/actions/CreateAuth.ts
+++ b/src/models/actions/CreateAuth.ts
@@ -1,10 +1,9 @@
 import * as argon2 from "argon2";
 import { IsEmail, IsOptional, IsString } from 'class-validator';
-import * as jsonwebtoken from 'jsonwebtoken';
 import { getConnectionManager } from 'typeorm';
-import { config } from '../../config';
 import { InvalidCredentialsError, PasswordNeededError, UserNotFoundError } from '../../errors/AuthError';
 import { UsernameOrEmailNeededError } from '../../errors/UserErrors';
+import { JwtCreator } from '../../JwtCreator';
 import { User } from '../entities/User';
 import { Auth } from '../responses/ResponseAuth';

@@ -26,34 +25,24 @@ export class CreateAuth {
            throw new UsernameOrEmailNeededError();
        }
        if (!this.password) {
-            throw new PasswordNeededError()
+            throw new PasswordNeededError();
        }
-        const found_users = await getConnectionManager().get().getRepository(User).find({ relations: ['groups', 'permissions'], where: [{ username: this.username }, { email: this.email }] });
-        if (found_users.length === 0) {
-            throw new UserNotFoundError()
-        } else {
-            const found_user = found_users[0]
-            if (await argon2.verify(found_user.password, this.password + found_user.uuid)) {
-                const timestamp_accesstoken_expiry = Math.floor(Date.now() / 1000) + 5 * 60
-                found_user.permissions = found_user.permissions || []
-                delete found_user.password;
-                newAuth.access_token = jsonwebtoken.sign({
-                    userdetails: found_user,
-                    exp: timestamp_accesstoken_expiry
-                }, config.jwt_secret)
-                newAuth.access_token_expires_at = timestamp_accesstoken_expiry
-                // 
-                const timestamp_refresh_expiry = Math.floor(Date.now() / 1000) + 10 * 36000
-                newAuth.refresh_token = jsonwebtoken.sign({
-                    refreshtokencount: found_user.refreshTokenCount,
-                    userid: found_user.id,
-                    exp: timestamp_refresh_expiry
-                }, config.jwt_secret)
-                newAuth.refresh_token_expires_at = timestamp_refresh_expiry
-            } else {
-                throw new InvalidCredentialsError()
-            }
+        const found_user = await getConnectionManager().get().getRepository(User).findOne({ relations: ['groups', 'permissions'], where: [{ username: this.username }, { email: this.email }] });
+        if (!found_user) {
+            throw new UserNotFoundError();
        }
+        if (!(await argon2.verify(found_user.password, this.password + found_user.uuid))) {
+            throw new InvalidCredentialsError();
+        }
+
+        //Create the access token
+        const timestamp_accesstoken_expiry = Math.floor(Date.now() / 1000) + 5 * 60
+        newAuth.access_token = JwtCreator.createAccess(found_user, timestamp_accesstoken_expiry);
+        newAuth.access_token_expires_at = timestamp_accesstoken_expiry
+        //Create the refresh token
+        const timestamp_refresh_expiry = Math.floor(Date.now() / 1000) + 10 * 36000
+        newAuth.refresh_token = JwtCreator.createRefresh(found_user, timestamp_refresh_expiry);
+        newAuth.refresh_token_expires_at = timestamp_refresh_expiry
        return newAuth;
    }
 }
--- a/src/models/actions/RefreshAuth.ts
+++ b/src/models/actions/RefreshAuth.ts
@@ -3,6 +3,7 @@ import * as jsonwebtoken from 'jsonwebtoken';
 import { getConnectionManager } from 'typeorm';
 import { config } from '../../config';
 import { IllegalJWTError, JwtNotProvidedError, RefreshTokenCountInvalidError, UserNotFoundError } from '../../errors/AuthError';
+import { JwtCreator } from "../../JwtCreator";
 import { User } from '../entities/User';
 import { Auth } from '../responses/ResponseAuth';

@@ -29,24 +30,14 @@ export class RefreshAuth {
        if (found_user.refreshTokenCount !== decoded["refreshtokencount"]) {
            throw new RefreshTokenCountInvalidError()
        }
-        found_user.permissions = found_user.permissions || []
-        delete found_user.password;
+        //Create the auth token
        const timestamp_accesstoken_expiry = Math.floor(Date.now() / 1000) + 5 * 60
-        delete found_user.password;
-        newAuth.access_token = jsonwebtoken.sign({
-            userdetails: found_user,
-            exp: timestamp_accesstoken_expiry
-        }, config.jwt_secret)
+        newAuth.access_token = JwtCreator.createAccess(found_user, timestamp_accesstoken_expiry);
        newAuth.access_token_expires_at = timestamp_accesstoken_expiry
-        // 
+        //Create the refresh token
        const timestamp_refresh_expiry = Math.floor(Date.now() / 1000) + 10 * 36000
-        newAuth.refresh_token = jsonwebtoken.sign({
-            refreshtokencount: found_user.refreshTokenCount,
-            userid: found_user.id,
-            exp: timestamp_refresh_expiry
-        }, config.jwt_secret)
-        newAuth.refresh_token_expires_at = timestamp_refresh_expiry
-
+        newAuth.refresh_token = JwtCreator.createRefresh(found_user, timestamp_refresh_expiry);
+        newAuth.refresh_token_expires_at = timestamp_refresh_expiry;
        return newAuth;
    }
 }