@qelos/auth/dist/server/controllers/refresh-token.js

Express Passport authentication service

"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
    return new (P || (P = Promise))(function (resolve, reject) {
        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
        step((generator = generator.apply(thisArg, _arguments || [])).next());
    });
};
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.refreshToken = void 0;
const logger_1 = __importDefault(require("../services/logger"));
const user_1 = __importDefault(require("../models/user"));
const tokens_1 = require("../services/tokens");
function refreshToken(req, res) {
    return __awaiter(this, void 0, void 0, function* () {
        if (!req.headers.authorization) {
            return res.status(401).end();
        }
        // get the last part from an authorization header string like "bearer token-value"
        const token = req.headers.authorization.split(' ')[1];
        const tenant = req.headers.tenant = req.headers.tenant || '0';
        try {
            const decoded = yield (0, tokens_1.verifyRefreshToken)(token, tenant);
            const user = yield user_1.default.findOne({
                _id: decoded.sub,
                tenant: decoded.tenant
            }).exec();
            if (!user.tokens.some(token => token.tokenIdentifier === decoded.tokenIdentifier)) {
                throw new Error('refresh token not valid');
            }
            user.tokens = user.tokens.filter(token => token.tokenIdentifier !== decoded.tokenIdentifier);
            const newToken = user.getToken({
                authType: 'oauth',
                workspace: decoded.workspace ? { _id: decoded.workspace } : null
            });
            const refreshToken = user.getRefreshToken(newToken);
            yield user.save();
            return res.json({
                payload: {
                    user: {
                        email: user.email,
                        name: user.name,
                        roles: user.roles,
                    },
                    token: newToken,
                    refreshToken,
                }
            }).end();
        }
        catch (e) {
            logger_1.default.error(e);
            res.status(401).end();
        }
    });
}
exports.refreshToken = refreshToken;