From 330c020933f1080261b38f07d6b627f6d7c62446 Mon Sep 17 00:00:00 2001 From: Sabir Hassan Date: Wed, 21 Sep 2022 22:12:03 +0500 Subject: [PATCH 1/3] fix: return same tokens if not expired --- api/src/controllers/auth.ts | 10 ++++++++ api/src/routes/api/auth.ts | 2 +- api/src/utils/getTokensFromDB.ts | 40 ++++++++++++++++++++++++++++++++ api/src/utils/index.ts | 1 + 4 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 api/src/utils/getTokensFromDB.ts diff --git a/api/src/controllers/auth.ts b/api/src/controllers/auth.ts index 778e3bfb..8d01d7bd 100644 --- a/api/src/controllers/auth.ts +++ b/api/src/controllers/auth.ts @@ -4,6 +4,7 @@ import { InfoJWT } from '../types' import { generateAccessToken, generateRefreshToken, + getTokensFromDB, removeTokensInDB, saveTokensInDB } from '../utils' @@ -73,6 +74,15 @@ const token = async (data: any): Promise => { AuthController.deleteCode(userInfo.userId, clientId) + // // get tokens from DB + const existingTokens = await getTokensFromDB(userInfo.userId, clientId) + if (existingTokens) { + return { + accessToken: existingTokens.accessToken, + refreshToken: existingTokens.refreshToken + } + } + const accessToken = generateAccessToken(userInfo) const refreshToken = generateRefreshToken(userInfo) diff --git a/api/src/routes/api/auth.ts b/api/src/routes/api/auth.ts index 34a45df5..f031df90 100644 --- a/api/src/routes/api/auth.ts +++ b/api/src/routes/api/auth.ts @@ -7,7 +7,7 @@ import { authenticateRefreshToken } from '../../middlewares' -import { authorizeValidation, tokenValidation } from '../../utils' +import { tokenValidation } from '../../utils' import { InfoJWT } from '../../types' const authRouter = express.Router() diff --git a/api/src/utils/getTokensFromDB.ts b/api/src/utils/getTokensFromDB.ts new file mode 100644 index 00000000..68a47e6c --- /dev/null +++ b/api/src/utils/getTokensFromDB.ts @@ -0,0 +1,40 @@ +import jwt from 'jsonwebtoken' +import User from '../model/User' + +export const getTokensFromDB = async (userId: number, clientId: string) => { + const user = await User.findOne({ id: userId }) + if (!user) return + + const currentTokenObj = user.tokens.find( + (tokenObj: any) => tokenObj.clientId === clientId + ) + + if (currentTokenObj) { + const accessToken = currentTokenObj.accessToken + const refreshToken = currentTokenObj.refreshToken + + const verifiedAccessToken: any = jwt.verify( + accessToken, + process.secrets.ACCESS_TOKEN_SECRET + ) + + const verifiedRefreshToken: any = jwt.verify( + refreshToken, + process.secrets.REFRESH_TOKEN_SECRET + ) + + if ( + verifiedAccessToken?.userId !== userId || + verifiedAccessToken?.clientId !== clientId + ) + return + + if ( + verifiedRefreshToken?.userId !== userId || + verifiedRefreshToken?.clientId !== clientId + ) + return + + return { accessToken, refreshToken } + } +} diff --git a/api/src/utils/index.ts b/api/src/utils/index.ts index 32b5b79e..7baf1e2a 100644 --- a/api/src/utils/index.ts +++ b/api/src/utils/index.ts @@ -14,6 +14,7 @@ export * from './getDesktopFields' export * from './getPreProgramVariables' export * from './getRunTimeAndFilePath' export * from './getServerUrl' +export * from './getTokensFromDB' export * from './instantiateLogger' export * from './isDebugOn' export * from './isPublicRoute' From d93470d183717bb0c2a3b6a2afcd86a7b6a636b4 Mon Sep 17 00:00:00 2001 From: Sabir Hassan Date: Wed, 21 Sep 2022 22:27:27 +0500 Subject: [PATCH 2/3] chore: improve code --- api/src/controllers/auth.ts | 2 +- api/src/utils/getTokensFromDB.ts | 16 +++++----------- 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/api/src/controllers/auth.ts b/api/src/controllers/auth.ts index 8d01d7bd..737468ef 100644 --- a/api/src/controllers/auth.ts +++ b/api/src/controllers/auth.ts @@ -74,7 +74,7 @@ const token = async (data: any): Promise => { AuthController.deleteCode(userInfo.userId, clientId) - // // get tokens from DB + // get tokens from DB const existingTokens = await getTokensFromDB(userInfo.userId, clientId) if (existingTokens) { return { diff --git a/api/src/utils/getTokensFromDB.ts b/api/src/utils/getTokensFromDB.ts index 68a47e6c..7b3d3dbe 100644 --- a/api/src/utils/getTokensFromDB.ts +++ b/api/src/utils/getTokensFromDB.ts @@ -24,17 +24,11 @@ export const getTokensFromDB = async (userId: number, clientId: string) => { ) if ( - verifiedAccessToken?.userId !== userId || - verifiedAccessToken?.clientId !== clientId + verifiedAccessToken?.userId === userId && + verifiedAccessToken?.clientId === clientId && + verifiedRefreshToken?.userId === userId && + verifiedRefreshToken?.clientId === clientId ) - return - - if ( - verifiedRefreshToken?.userId !== userId || - verifiedRefreshToken?.clientId !== clientId - ) - return - - return { accessToken, refreshToken } + return { accessToken, refreshToken } } } From 6f5566dabb717bd904975e3cf741d638aaf6adb5 Mon Sep 17 00:00:00 2001 From: Sabir Hassan Date: Wed, 21 Sep 2022 22:29:50 +0500 Subject: [PATCH 3/3] chore: lint fix --- api/src/controllers/stp.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/src/controllers/stp.ts b/api/src/controllers/stp.ts index 9085b667..86120eca 100644 --- a/api/src/controllers/stp.ts +++ b/api/src/controllers/stp.ts @@ -92,7 +92,7 @@ const execute = async ( ) if (result instanceof Buffer) { - ; (req as any).sasHeaders = httpHeaders + ;(req as any).sasHeaders = httpHeaders } return result