Merge pull request #12 from ThreeDify/dev

Dev => Master
ThreeDify · Nov 13, 2020 · 49c37db · 49c37db
2 parents 50867aa + b6c1fb4
commit 49c37db
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 40 deletions.
diff --git a/src/domain/AccessTokenPayload.ts b/src/domain/AccessTokenPayload.ts
@@ -0,0 +1,10 @@
+export interface AccessTokenPayloadData {
+  id: number;
+  random: Buffer;
+}
+
+export interface AccessTokenPayload {
+  data: AccessTokenPayloadData;
+}
+
+export default AccessTokenPayload;
diff --git a/src/services/auth.ts b/src/services/auth.ts
@@ -2,11 +2,10 @@ import Debug, { Debugger } from 'debug';
 
 import userService from './users';
 import User from '../models/User';
-import tokenService from './tokens';
-import Token from '../models/Token';
 import { NewUser } from '../domain/NewUser';
 import { hash, compare } from '../utils/hash';
-import { verifyTokenSign } from '../utils/tokens';
+import { verifyAndDecodeAccessToken } from '../utils/tokens';
+import AccessTokenPayload from '../domain/AccessTokenPayload';
 import { LoginCredential, TokenCredential } from '../domain/login';
 
 const debug: Debugger = Debug('threedify:services:auth');
@@ -67,27 +66,19 @@ export async function authenticate(
     return;
   }
 
-  debug('Check if token is not revoked.');
-  const token: Token | undefined = await tokenService.fetchTokenByAccessToken(
+  debug('Check if the access token is valid.');
+  const payload = verifyAndDecodeAccessToken(
     tokenCred.accessToken
-  );
+  ) as AccessTokenPayload;
 
-  if (token) {
+  if (payload) {
     debug('Check if user exists.');
     const user: User | undefined = await userService.fetchUserById(
-      token.userId,
-      {
-        withPassword: true,
-      }
+      payload.data.id
     );
 
     if (user) {
-      debug('Check if the tokens are valid.');
-      const [isAccessTokenValid, _] = verifyTokenSign(tokenCred, user);
-
-      if (isAccessTokenValid) {
-        return user;
-      }
+      return user;
     }
   }
 

diff --git a/src/services/tokens.ts b/src/services/tokens.ts
@@ -71,7 +71,7 @@ export async function refreshTokens(
 
       if (isRefreshTokenValid) {
         debug('Generate new access token.');
-        const refreshedAccessToken = generateAccessToken();
+        const refreshedAccessToken = generateAccessToken(user);
 
         debug('Update access token in database.');
         await Token.query()

diff --git a/src/utils/jwt.ts b/src/utils/jwt.ts
@@ -17,7 +17,16 @@ export function verify(token: string, secret: string): boolean {
   }
 }
 
+export function decode(token: string, secret: string): boolean | any {
+  try {
+    return jwt.verify(token, secret);
+  } catch (err) {
+    return false;
+  }
+}
+
 export default {
   sign,
   verify,
+  decode,
 };
diff --git a/src/utils/tokens.ts b/src/utils/tokens.ts
@@ -5,21 +5,22 @@ import jwt from './jwt';
 import config from '../config';
 import User from '../models/User';
 import { TokenCredential } from '../domain/login';
+import AccessTokenPayload from '../domain/AccessTokenPayload';
 
 const debug: Debugger = Debug('threedify:utils:tokens');
 
-export function generateAccessToken(): string {
+export function generateAccessToken(user: User): string {
   debug('Generating access token.');
 
   return jwt.sign(
-    { data: crypto.randomBytes(256) },
+    { data: { id: user.id, random: crypto.randomBytes(256) } },
     config.accessTokenSecret,
     config.accessTokenConfig
   );
 }
 
 export function generateTokens(user: User): TokenCredential {
-  const accessToken: string = generateAccessToken();
+  const accessToken: string = generateAccessToken(user);
 
   debug('Generating refresh token.');
   const refreshToken: string = jwt.sign(
@@ -55,35 +56,29 @@ export function verifyTokenSign(tokens: TokenCredential, user: User) {
       config.refreshTokenSecret + user.password
     );
   }
-
   return [isAccessTokenValid, isRefreshTokenValid];
 }
 
-export function refresh(refreshToken: string): TokenCredential | boolean {
-  debug('Check if refresh token exists.');
-  if (!refreshToken) {
-    return false;
-  }
-
-  debug('Verifing refresh token.');
-  const isRefreshTokenValid: boolean = jwt.verify(
-    refreshToken,
-    config.refreshTokenSecret
-  );
+export function verifyAndDecodeAccessToken(
+  accessToken: string
+): boolean | AccessTokenPayload {
+  debug('Check if access token exists.');
+  if (accessToken) {
+    debug('Verifing and decoding access token.');
+    let isAccessTokenValid: boolean | AccessTokenPayload = jwt.decode(
+      accessToken,
+      config.accessTokenSecret
+    );
 
-  if (isRefreshTokenValid) {
-    return {
-      refreshToken,
-      accessToken: generateAccessToken(),
-    };
+    return isAccessTokenValid;
   }
 
   return false;
 }
 
 export default {
-  generateAccessToken,
   generateTokens,
   verifyTokenSign,
-  refresh,
+  generateAccessToken,
+  verifyAndDecodeAccessToken,
 };