import { IsOptional, IsString } from 'class-validator'; import * as jsonwebtoken from 'jsonwebtoken'; import { getConnectionManager } from 'typeorm'; import { config } from '../../config'; import { IllegalJWTError, JwtNotProvidedError, RefreshTokenCountInvalidError, UserNotFoundError } from '../../errors/AuthError'; import { JwtCreator } from "../../jwtcreator"; import { User } from '../entities/User'; import { Auth } from '../responses/ResponseAuth'; /** * This class is used to create refreshed auth credentials. * To be a little bit more exact: Is takes in a refresh token and creates a new access and refresh token for it's user. * It of course checks for user existance, jwt validity and so on. */ export class RefreshAuth { /** * A stringyfied jwt refresh token. * Will get checked for validity. */ @IsString() @IsOptional() token?: string; /** * Creates a new auth object based on this. */ public async toAuth(): Promise { let newAuth: Auth = new Auth(); if (!this.token || this.token === undefined) { throw new JwtNotProvidedError() } let decoded try { decoded = jsonwebtoken.verify(this.token, config.jwt_secret) } catch (error) { throw new IllegalJWTError() } const found_user = await getConnectionManager().get().getRepository(User).findOne({ id: decoded["id"] }, { relations: ['groups', 'permissions', 'groups.permissions'] }); if (!found_user) { throw new UserNotFoundError() } if (found_user.refreshTokenCount !== decoded["refreshTokenCount"]) { throw new RefreshTokenCountInvalidError() } //Create the auth token const timestamp_accesstoken_expiry = Math.floor(Date.now() / 1000) + 5 * 60 newAuth.access_token = JwtCreator.createAccess(found_user, timestamp_accesstoken_expiry); newAuth.access_token_expires_at = timestamp_accesstoken_expiry //Create the refresh token const timestamp_refresh_expiry = Math.floor(Date.now() / 1000) + 10 * 36000 newAuth.refresh_token = JwtCreator.createRefresh(found_user, timestamp_refresh_expiry); newAuth.refresh_token_expires_at = timestamp_refresh_expiry; return newAuth; } }