@w3lcome/feathers-refresh-token/lib/hooks/revoke-refresh-token.js

Refresh token hooks for @feathers/authentication

"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.revokeRefreshToken = void 0;
const errors_1 = require("@feathersjs/errors");
const debug_1 = __importDefault(require("debug"));
const common_1 = require("./common");
const debug = debug_1.default('feathers-refresh-token');
/*
 * Revoke refresh-token by set isValid to false, it must be a protected route
 * params.user must be populated with user entity
 */
exports.revokeRefreshToken = () => {
    return async (context) => {
        const { data, app, method, type, params } = context;
        const config = common_1.loadConfig(app);
        if (method !== 'patch') {
            throw new Error(`revokeRefreshToken hook must be used with patch method!`);
        }
        // for internal call, simply return context
        if (!params.provider) {
            debug('Internal API call for refresh token, simply return context');
            return context;
        }
        //revoke refresh Token only valid for before token and called from external
        if (type !== 'before') {
            throw new Error('Revoke refresh token hook must be used with before token');
        }
        // ! user must be authenticated
        const { entity, userEntityId } = config;
        const { user } = params;
        debug('Revoke refresh-token for user', user);
        if (!(user === null || user === void 0 ? void 0 : user[userEntityId])) {
            throw new Error(`Invalid query strings or user is not authenticated!`);
        }
        //! validating user input
        [entity].forEach((p) => {
            if (p in data)
                return;
            throw new errors_1.BadRequest(`${p} is missing from request`);
        });
        const existingTokenId = await common_1.lookupRefreshTokenId(context, config, {
            userId: `${user[userEntityId]}`,
            refreshToken: data[entity]
        });
        debug('Find existing refresh token result', existingTokenId);
        // Refresh token exists
        if (existingTokenId === null) {
            throw new errors_1.NotAuthenticated();
        }
        context.id = existingTokenId;
        context.data = { isValid: false };
        return context;
    };
};
//# sourceMappingURL=revoke-refresh-token.js.map