From e5f65d0b801934c0ac3a5d898aa7d8fdee4a35c4 Mon Sep 17 00:00:00 2001
From: Philipp Dormann <philipp.dormann1@gmail.com>
Date: Sat, 5 Dec 2020 13:30:22 +0100
Subject: [PATCH] note on refreshtokencount checking

ref #12
---
 src/middlewares/jwtauth.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/middlewares/jwtauth.ts b/src/middlewares/jwtauth.ts
index 3f77265..f83e0cf 100644
--- a/src/middlewares/jwtauth.ts
+++ b/src/middlewares/jwtauth.ts
@@ -3,11 +3,15 @@ import {
     ExpressMiddlewareInterface
 } from "routing-controllers";
 
-// @Middleware({ type: "before" })
 export class JWTAuth implements ExpressMiddlewareInterface {
     use(request: any, response: any, next?: (err?: any) => any): any {
         const token = <string>request.headers["auth"];
         try {
+            /**
+            TODO: idk if we should always check the db if refreshtokencount is valid?
+            seems like a lot of db overhead
+            at the same time it's basically our only option to support proper logouts
+             */
             const jwtPayload = <any>jwt.verify(token, "secretjwtsecret");
             // const jwtPayload = <any>jwt.verify(token, process.env.JWT_SECRET);
             response.locals.jwtPayload = jwtPayload;