lfk/backend
2
0
Fork 0
Code Issues 1 Pull Requests Actions Projects Releases 40 Activity

Merge pull request 'feature/25-refresh-token-cookie' (#29) from feature/25-refresh-token-cookie into dev

Browse Source 
Reviewed-on: #29
closed #25
This commit is contained in:
Nicolai Ort 2020-12-12 18:52:28 +00:00
commit df3c231fd2
5 changed files with 32 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
package.json
View File

@ -28,6 +28,7 @@
"class-validator": "^0.12.2",
"class-validator-jsonschema": "^2.0.3",
"consola": "^2.15.0",
"cookie-parser": "^1.4.5",
"cors": "^2.8.5",
"dotenv": "^8.2.0",
"express": "^4.17.1",

31
src/controllers/AuthController.ts
View File

@ -1,4 +1,4 @@
import { Body, JsonController, Post } from 'routing-controllers';
import { Body, CookieParam, JsonController, Post, Res } from 'routing-controllers';
import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
import { IllegalJWTError, InvalidCredentialsError, JwtNotProvidedError, PasswordNeededError, RefreshTokenCountInvalidError, UsernameOrEmailNeededError } from '../errors/AuthError';
import { UserNotFoundError } from '../errors/UserErrors';
@ -21,14 +21,16 @@ export class AuthController {
@ResponseSchema(PasswordNeededError)
@ResponseSchema(InvalidCredentialsError)
@OpenAPI({ description: 'Create a new access token object' })
async login(@Body({ validate: true }) createAuth: CreateAuth) {
async login(@Body({ validate: true }) createAuth: CreateAuth, @Res() response: any) {
let auth;
try {
auth = await createAuth.toAuth();
response.cookie('lfk_backend__refresh_token', auth.refresh_token, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
response.cookie('lfk_backend__refresh_token_expires_at', auth.refresh_token_expires_at, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
return response.send(auth)
} catch (error) {
throw error;
}
return auth
}
@Post("/logout")
@ -39,14 +41,20 @@ export class AuthController {
@ResponseSchema(PasswordNeededError)
@ResponseSchema(InvalidCredentialsError)
@OpenAPI({ description: 'Create a new access token object' })
async logout(@Body({ validate: true }) handleLogout: HandleLogout) {
async logout(@Body({ validate: true }) handleLogout: HandleLogout, @CookieParam("lfk_backend__refresh_token") refresh_token: string, @Res() response: any) {
if (refresh_token && refresh_token.length != 0 && handleLogout.token == undefined) {
handleLogout.token = refresh_token;
}
let logout;
try {
logout = await handleLogout.logout()
await response.cookie('lfk_backend__refresh_token', "expired", { expires: new Date(Date.now()), httpOnly: true });
response.cookie('lfk_backend__refresh_token_expires_at', "expired", { expires: new Date(Date.now()), httpOnly: true });
} catch (error) {
return error;
throw error;
}
return logout
return response.send(logout)
}
@Post("/refresh")
@ -56,13 +64,18 @@ export class AuthController {
@ResponseSchema(UserNotFoundError)
@ResponseSchema(RefreshTokenCountInvalidError)
@OpenAPI({ description: 'refresh a access token' })
async refresh(@Body({ validate: true }) refreshAuth: RefreshAuth) {
async refresh(@Body({ validate: true }) refreshAuth: RefreshAuth, @CookieParam("lfk_backend__refresh_token") refresh_token: string, @Res() response: any) {
if (refresh_token && refresh_token.length != 0 && refreshAuth.token == undefined) {
refreshAuth.token = refresh_token;
}
let auth;
try {
auth = await refreshAuth.toAuth();
response.cookie('lfk_backend__refresh_token', auth.refresh_token, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
response.cookie('lfk_backend__refresh_token_expires_at', auth.refresh_token_expires_at, { expires: new Date(auth.refresh_token_expires_at * 1000), httpOnly: true });
} catch (error) {
return error;
throw error;
}
return auth
return response.send(auth)
}
}

3
src/loaders/express.ts
View File

@ -1,10 +1,11 @@
import cookieParser from "cookie-parser";
import { Application } from "express";
/**
* Loader for express related configurations.
* Currently only enables the proxy trust.
*/
export default async (app: Application) => {
app.enable('trust proxy');
app.use(cookieParser());
return app;
};

5
src/models/actions/HandleLogout.ts
View File

@ -1,4 +1,4 @@
import { IsString } from 'class-validator';
import { IsOptional, IsString } from 'class-validator';
import * as jsonwebtoken from 'jsonwebtoken';
import { getConnectionManager } from 'typeorm';
import { config } from '../../config';
@ -8,7 +8,8 @@ import { Logout } from '../responses/ResponseLogout';
export class HandleLogout {
@IsString()
token: string;
@IsOptional()
token?: string;
public async logout(): Promise<Logout> {
let logout: Logout = new Logout();

5
src/models/actions/RefreshAuth.ts
View File

@ -1,4 +1,4 @@
import { IsString } from 'class-validator';
import { IsOptional, IsString } from 'class-validator';
import * as jsonwebtoken from 'jsonwebtoken';
import { getConnectionManager } from 'typeorm';
import { config } from '../../config';
@ -8,7 +8,8 @@ import { Auth } from '../responses/ResponseAuth';
export class RefreshAuth {
@IsString()
token: string;
@IsOptional()
token?: string;
public async toAuth(): Promise<Auth> {
let newAuth: Auth = new Auth();