sef-global · dsmabulage · Sep 3, 2024 · Sep 3, 2024 · Sep 3, 2024 · Sep 3, 2024
diff --git a/.env.example b/.env.example
@@ -15,3 +15,4 @@ SMTP_PASSWORD=your_smtp_password
 LINKEDIN_CLIENT_ID=your_linkedin_client_id
 LINKEDIN_CLIENT_SECRET=your_linkedin_client_secret
 LINKEDIN_REDIRECT_URL=http://localhost:${SERVER_PORT}/api/auth/linkedin/callback
+REFRESH_JWT_SECRET=your_refresh_jwt_secret_key
diff --git a/src/configs/envConfig.ts b/src/configs/envConfig.ts
@@ -19,3 +19,4 @@ export const SMTP_PASS = process.env.SMTP_PASS ?? ''
 export const LINKEDIN_CLIENT_ID = process.env.LINKEDIN_CLIENT_ID ?? ''
 export const LINKEDIN_CLIENT_SECRET = process.env.LINKEDIN_CLIENT_SECRET ?? ''
 export const LINKEDIN_REDIRECT_URL = process.env.LINKEDIN_REDIRECT_URL ?? ''
+export const REFRESH_JWT_SECRET = process.env.REFRESH_JWT_SECRET ?? ''
diff --git a/src/configs/google-passport.ts b/src/configs/google-passport.ts
@@ -67,7 +67,7 @@ passport.deserializeUser(async (primary_email: string, done) => {
 const cookieExtractor = (req: Request): string => {
   let token = null
   if (req?.cookies) {
-    token = req.cookies.jwt
+    token = req.cookies.accessToken
   }
   return token
 }

diff --git a/src/configs/linkedin-passport.ts b/src/configs/linkedin-passport.ts
@@ -68,7 +68,7 @@ passport.deserializeUser(async (primary_email: string, done) => {
 const cookieExtractor = (req: Request): string => {
   let token = null
   if (req?.cookies) {
-    token = req.cookies.jwt
+    token = req.cookies.accessToken
   }
   return token
 }

diff --git a/src/controllers/auth.controller.ts b/src/controllers/auth.controller.ts
@@ -1,16 +1,16 @@
-import type { Request, Response, NextFunction } from 'express'
+import type { NextFunction, Request, Response } from 'express'
+import jwt from 'jsonwebtoken'
+import passport from 'passport'
+import { JWT_SECRET, REFRESH_JWT_SECRET } from '../configs/envConfig'
+import type Profile from '../entities/profile.entity'
 import {
-  registerUser,
+  generateResetToken,
   loginUser,
-  resetPassword,
-  generateResetToken
+  registerUser,
+  resetPassword
 } from '../services/auth.service'
-import passport from 'passport'
-import type Profile from '../entities/profile.entity'
-import jwt from 'jsonwebtoken'
-import { JWT_SECRET } from '../configs/envConfig'
 import type { ApiResponse } from '../types'
-import { signAndSetCookie } from '../utils'
+import { setAccessToken, signAndSetCookie } from '../utils'
 
 export const googleRedirect = async (
   req: Request,
@@ -135,7 +135,8 @@ export const logout = async (
   res: Response
 ): Promise<ApiResponse<Profile>> => {
   try {
-    res.clearCookie('jwt', { httpOnly: true })
+    res.clearCookie('accessToken', { httpOnly: true })
+    res.clearCookie('refreshToken', { httpOnly: true })
     return res.status(200).json({ message: 'Logged out successfully' })
   } catch (err) {
     if (err instanceof Error) {
@@ -163,18 +164,27 @@ export const requireAuth = (
         return
       }
 
-      const token = req.cookies.jwt
+      const token = req.cookies.accessToken
+      const refreshToken = req.cookies.refreshToken
 
-      if (!token) {
-        return res.status(401).json({ error: 'User is not authenticated' })
+      if (!token && !refreshToken) {
+        return res.status(403).json({ error: 'Forbidden. No token provided.' })
       }
 
       try {
         jwt.verify(token, JWT_SECRET)
       } catch (err) {
-        return res
-          .status(401)
-          .json({ error: 'Invalid token, please log in again' })
+        try {
+          const decoded = jwt.verify(refreshToken, REFRESH_JWT_SECRET) as {
+            userId: string
+          }
+
+          setAccessToken(res, decoded.userId)
+        } catch (error) {
+          return res
+            .status(401)
+            .json({ error: 'Invalid token, please log in again' })
+        }
       }
 
       if (!user) {
@@ -230,3 +240,22 @@ export const passwordReset = async (
     })
   }
 }
+
+export const refresh = async (req: Request, res: Response): Promise<void> => {
+  const refreshToken = req.cookies.refreshToken
+
+  if (!refreshToken) {
+    res.status(401).json({ error: 'Access Denied. No token provided.' })
+    return
+  }
+
+  try {
+    const decoded = jwt.verify(refreshToken, REFRESH_JWT_SECRET) as {
+      userId: string
+    }
+
+    setAccessToken(res, decoded.userId)
+  } catch (error) {
+    res.status(401).json({ error: 'Invalid token, please log in again' })
+  }
+}
diff --git a/src/routes/auth/auth.route.ts b/src/routes/auth/auth.route.ts
@@ -7,6 +7,7 @@ import {
   logout,
   passwordReset,
   passwordResetRequest,
+  refresh,
   register
 } from '../../controllers/auth.controller'
 import { requestBodyValidator } from '../../middlewares/requestValidator'
@@ -15,6 +16,7 @@ import { loginSchema, registerSchema } from '../../schemas/auth-routes.schems'
 const authRouter = express.Router()
 
 authRouter.post('/register', requestBodyValidator(registerSchema), register)
+authRouter.post('/refresh', refresh)
 authRouter.post('/login', requestBodyValidator(loginSchema), login)
 authRouter.get('/logout', logout)
 

diff --git a/src/utils.ts b/src/utils.ts
@@ -1,21 +1,48 @@
-import { JWT_SECRET, CLIENT_URL } from './configs/envConfig'
-import jwt from 'jsonwebtoken'
+import { randomUUID } from 'crypto'
+import ejs from 'ejs'
 import type { Response } from 'express'
-import type Mentor from './entities/mentor.entity'
-import path from 'path'
+import jwt from 'jsonwebtoken'
 import multer from 'multer'
-import ejs from 'ejs'
-import { MenteeApplicationStatus, MentorApplicationStatus } from './enums'
-import { generateCertificate } from './services/admin/generateCertificate'
-import { randomUUID } from 'crypto'
+import path from 'path'
 import { certificatesDir } from './app'
+import { CLIENT_URL, JWT_SECRET, REFRESH_JWT_SECRET } from './configs/envConfig'
 import type Mentee from './entities/mentee.entity'
+import type Mentor from './entities/mentor.entity'
+import { MenteeApplicationStatus, MentorApplicationStatus } from './enums'
+import { generateCertificate } from './services/admin/generateCertificate'
 import { type ZodError } from 'zod'
 
+const generateAccessToken = (uuid: string): string => {
+  return jwt.sign({ userId: uuid }, JWT_SECRET ?? '')
+}
+
+const generateRefreshToken = (uuid: string): string => {
+  return jwt.sign({ userId: uuid }, REFRESH_JWT_SECRET ?? '', {
+    expiresIn: '10d'
+  })
+}
+
 export const signAndSetCookie = (res: Response, uuid: string): void => {
-  const token = jwt.sign({ userId: uuid }, JWT_SECRET ?? '')
+  const accessToken = generateAccessToken(uuid)
+  const refreshToken = generateRefreshToken(uuid)
+
+  res.cookie('accessToken', accessToken, {
+    httpOnly: true,
+    maxAge: 5 * 24 * 60 * 60 * 1000,
+    secure: false // TODO: Set to true when using HTTPS
+  })
+
+  res.cookie('refreshToken', refreshToken, {
+    httpOnly: true,
+    maxAge: 10 * 24 * 60 * 60 * 1000,
+    secure: false // TODO: Set to true when using HTTPS
+  })
+}
+
+export const setAccessToken = (res: Response, uuid: string): void => {
+  const accessToken = generateAccessToken(uuid)
 
-  res.cookie('jwt', token, {
+  res.cookie('accessToken', accessToken, {
     httpOnly: true,
     maxAge: 5 * 24 * 60 * 60 * 1000,
     secure: false // TODO: Set to true when using HTTPS
@@ -101,7 +128,7 @@
    subject: string
    message: string
  }
 ): any => {
  const templatePath = path.join(__dirname, 'templates', `${templateName}.ejs`)

  return new Promise<string>((resolve, reject) => {