@w3lcome/feathers-refresh-token/lib/hooks/logout-users.js

Refresh token hooks for @feathers/authentication

"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.logoutUser = void 0;
const errors_1 = require("@feathersjs/errors");
const common_1 = require("./common");
const debug_1 = __importDefault(require("debug"));
const debug = debug_1.default('feathers-refresh-token');
/*
 * Logout user by deleting the refresh-token, it must be a protected route
 * params.user must be populated with user entity
 */
exports.logoutUser = () => {
    return async (context) => {
        const { app, type, method, params } = context;
        const config = common_1.loadConfig(app);
        const { entity, authService, userEntityId } = config;
        if (method !== 'remove') {
            throw new Error(`logoutUser hook must be used with remove method!`);
        }
        //refresh Token only valid for before token and called from external
        if (type === 'after') {
            debug('Logout user after delete refresh token', params);
            // ! important, have to reset the query or won't be able to find users ID
            params.query = {};
            const user = await app.service(authService).remove(null, params);
            debug('Logout user after delete refresh token', user, context.result);
            // return the result to user
            context.result = { status: 'Logout successfully' };
            return context;
        }
        const { query, user } = params;
        debug('Logout hook id and params', query, user);
        if (!query || !(user === null || user === void 0 ? void 0 : user[userEntityId])) {
            throw new Error(`Invalid query strings or user is not authenticated!`);
        }
        // ! must provide current refreshToken in query and user Id to logout
        if (!query[entity])
            throw new errors_1.BadRequest(`Bad request`);
        const existingTokenId = await common_1.lookupRefreshTokenId(context, config, {
            userId: user[userEntityId],
            refreshToken: query[entity]
        });
        debug('Find existing refresh token result', existingTokenId);
        if (existingTokenId === null) {
            throw new errors_1.NotAuthenticated();
        }
        // set context ID to refresh token ID to delete it from DB
        context.id = existingTokenId;
        return context;
    };
};
//# sourceMappingURL=logout-users.js.map