backend/src/models/actions/CreateAuth.ts

import * as argon2 from "argon2";
import { IsEmail, IsOptional, IsString } from 'class-validator';
import * as jsonwebtoken from 'jsonwebtoken';
import { getConnectionManager } from 'typeorm';
import { InvalidCredentialsError, PasswordNeededError, UserNotFoundError } from '../../errors/AuthError';
import { UsernameOrEmailNeededError } from '../../errors/UserErrors';
import { User } from '../entities/User';
import { Auth } from '../responses/ResponseAuth';

export class CreateAuth {
    @IsOptional()
    @IsString()
    username?: string;
    @IsString()
    password: string;
    @IsOptional()
    @IsEmail()
    @IsString()
    email?: string;

    public async toAuth(): Promise<Auth> {
        let newAuth: Auth = new Auth();

        if (this.email === undefined && this.username === undefined) {
            throw new UsernameOrEmailNeededError();
        }
        if (!this.password) {
            throw new PasswordNeededError()
        }
        const found_users = await getConnectionManager().get().getRepository(User).find({ where: [{ username: this.username }, { email: this.email }] });
        if (found_users.length === 0) {
            throw new UserNotFoundError()
        } else {
            const found_user = found_users[0]
            if (await argon2.verify(found_user.password, this.password + found_user.uuid)) {
                const timestamp_accesstoken_expiry = Math.floor(Date.now() / 1000) + 5 * 60
                delete found_user.password;
                newAuth.access_token = jsonwebtoken.sign({
                    userdetails: found_user,
                    exp: timestamp_accesstoken_expiry
                }, "securekey")
                newAuth.access_token_expires_at = timestamp_accesstoken_expiry
                // 
                const timestamp_refresh_expiry = Math.floor(Date.now() / 1000) + 10 * 36000
                newAuth.refresh_token = jsonwebtoken.sign({
                    refreshtokencount: found_user.refreshTokenCount,
                    userid: found_user.id,
                    exp: timestamp_refresh_expiry
                }, "securekey")
                newAuth.refresh_token_expires_at = timestamp_refresh_expiry
            } else {
                throw new InvalidCredentialsError()
            }
        }
        return newAuth;
    }
}