summaryrefslogtreecommitdiff
path: root/server/controllers/sessions.controller.ts
diff options
context:
space:
mode:
Diffstat (limited to 'server/controllers/sessions.controller.ts')
-rw-r--r--server/controllers/sessions.controller.ts67
1 files changed, 32 insertions, 35 deletions
diff --git a/server/controllers/sessions.controller.ts b/server/controllers/sessions.controller.ts
index 90b8e78..9ae647b 100644
--- a/server/controllers/sessions.controller.ts
+++ b/server/controllers/sessions.controller.ts
@@ -1,56 +1,53 @@
-import {
- Body,
- Controller,
- Delete,
- HttpException,
- HttpStatus,
- Post,
- Redirect,
- Res,
-} from '@nestjs/common';
+import { Body, Controller, Delete, HttpException, HttpStatus, Post, Res } from '@nestjs/common';
import { Response } from 'express';
-import * as jwt from 'jsonwebtoken';
import { UsersService } from 'server/providers/services/users.service';
import { SignInDto } from 'server/dto/sign_in.dto';
-
+import { JwtService } from 'server/providers/services/jwt.service';
+import { RefreshTokensService } from 'server/providers/services/refresh_tokens.service';
+import { RefreshToken } from 'server/entities/refresh_token.entity';
// this is kind of a misnomer because we are doing token based auth
// instead of session based auth
@Controller()
export class SessionsController {
- constructor(private usersService: UsersService) {}
+ constructor(
+ private usersService: UsersService,
+ private jwtService: JwtService,
+ private refreshTokenService: RefreshTokensService,
+ ) {}
@Post('/sessions')
- async create(
- @Body() body: SignInDto,
- @Res({ passthrough: true }) res: Response,
- ) {
- const { verified, user } = await this.usersService.verify(
- body.email,
- body.password,
- );
+ async create(@Body() body: SignInDto, @Res({ passthrough: true }) res: Response) {
+ const { verified, user } = await this.usersService.verify(body.email, body.password);
if (!verified) {
- throw new HttpException(
- 'Invalid email or password.',
- HttpStatus.BAD_REQUEST,
- );
+ throw new HttpException('Invalid email or password.', HttpStatus.BAD_REQUEST);
+ }
+
+ let refreshToken = user.refreshTokens[0];
+ if (!refreshToken) {
+ const newRefreshToken = new RefreshToken();
+ newRefreshToken.user = user;
+ refreshToken = await this.refreshTokenService.create(newRefreshToken);
+ // generate new refresh token
}
- // Write JWT to cookie and send with response.
- const token = jwt.sign(
- {
- user_id: user.id,
- },
- process.env.ENCRYPTION_KEY,
- { expiresIn: '1h' },
- );
- res.cookie('_token', token);
+
+ // JWT gets sent with response
+ const token = this.jwtService.issueToken({ userId: user.id });
+
+ const refreshJwtToken = this.jwtService.issueRefreshToken({ id: refreshToken.id, userId: user.id });
+
+ // only refresh token should go in the cookie
+ res.cookie('_refresh_token', refreshJwtToken, {
+ httpOnly: true, // prevents javascript code from accessing cookie (helps protect against XSS attacks)
+ });
+
return { token };
}
@Delete('/sessions')
async destroy(@Res({ passthrough: true }) res: Response) {
- res.clearCookie('_token');
+ res.clearCookie('_refresh_token');
return { success: true };
}
}
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-09-23 05:33:55 +0000