From aca3eaaeea482f3fbeeb8fc69e5e9a7c5297bbc5 Mon Sep 17 00:00:00 2001
From: Nicolai Ort <info@nicolai-ort.com>
Date: Sat, 12 Dec 2020 19:25:40 +0100
Subject: [PATCH] Now w/ working cookie based refresh

ref #25
---
 src/controllers/AuthController.ts | 11 ++++++++---
 src/models/actions/RefreshAuth.ts |  5 +++--
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/controllers/AuthController.ts b/src/controllers/AuthController.ts
index 467e64a..bed5942 100644
--- a/src/controllers/AuthController.ts
+++ b/src/controllers/AuthController.ts
@@ -1,4 +1,4 @@
-import { Body, JsonController, Post, Res } from 'routing-controllers';
+import { Body, CookieParam, JsonController, Post, Res } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { IllegalJWTError, InvalidCredentialsError, JwtNotProvidedError, PasswordNeededError, RefreshTokenCountInvalidError, UsernameOrEmailNeededError } from '../errors/AuthError';
 import { UserNotFoundError } from '../errors/UserErrors';
@@ -58,13 +58,18 @@ export class AuthController {
 	@ResponseSchema(UserNotFoundError)
 	@ResponseSchema(RefreshTokenCountInvalidError)
 	@OpenAPI({ description: 'refresh a access token' })
-	async refresh(@Body({ validate: true }) refreshAuth: RefreshAuth) {
+	async refresh(@CookieParam("lfk_backend__refresh_token") refresh_token: string, @Res() response: any, @Body({ validate: true }) refreshAuth: RefreshAuth) {
+		if (refresh_token && refresh_token.length != 0) {
+			refreshAuth.token = refresh_token;
+		}
 		let auth;
 		try {
 			auth = await refreshAuth.toAuth();
+			response.cookie('lfk_backend__refresh_token', auth.refresh_token, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
+			response.cookie('lfk_backend__refresh_token_expires_at', auth.refresh_token_expires_at, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
 		} catch (error) {
 			return error;
 		}
-		return auth
+		return response.send(auth)
 	}
 }
diff --git a/src/models/actions/RefreshAuth.ts b/src/models/actions/RefreshAuth.ts
index dacca59..afd22fe 100644
--- a/src/models/actions/RefreshAuth.ts
+++ b/src/models/actions/RefreshAuth.ts
@@ -1,4 +1,4 @@
-import { IsString } from 'class-validator';
+import { IsOptional, IsString } from 'class-validator';
 import * as jsonwebtoken from 'jsonwebtoken';
 import { getConnectionManager } from 'typeorm';
 import { config } from '../../config';
@@ -8,7 +8,8 @@ import { Auth } from '../responses/ResponseAuth';
 
 export class RefreshAuth {
     @IsString()
-    token: string;
+    @IsOptional()
+    token?: string;
 
     public async toAuth(): Promise<Auth> {
         let newAuth: Auth = new Auth();