import { createSecretKey } from "crypto"; import { Router } from "express"; import { jwtVerify, SignJWT } from "jose"; import Token from "../models/Token.js"; import User from "../models/User.js"; import IToken from "../types/IToken.js"; const router = Router(); router.post("/", async (req, res) => { let _username; if (req.cookies.refreshToken) { try { const { payload: { username }, } = await jwtVerify( req.cookies.refreshToken, createSecretKey(process.env.JWT_SECRET!, "utf8") ); _username = username; } catch (error) { return res.json({ error: `refreshToken jwtVerify - ${(error as Error).message}`, }); } const userWithTokens = await User.findOne({ username: _username }).populate( { path: "tokens", } ); if (!userWithTokens) { return res.json({ error: "userWithTokens is null" }); } if (!("tokens" in userWithTokens)) { return res.json({ error: "tokens not found in userWithTokens" }); } const foundRefreshToken = userWithTokens.tokens as IToken[]; if ( !foundRefreshToken.find( (token) => token.refreshToken === req.cookies.refreshToken )?.refreshToken ) { console.log("refreshToken not found in DB"); return res.json({ error: "refreshToken not found in DB" }); } const accessToken = await new SignJWT({ username: _username }) .setProtectedHeader({ alg: "HS256" }) .setExpirationTime(process.env.JWT_ACCESS_EXP) .sign(createSecretKey(process.env.JWT_SECRET!, "utf8")); await Token.findOneAndUpdate( { refreshToken: req.cookies.refreshToken }, { accessToken } ); return res.json({ accessToken }); } // if (req.body.refreshToken) { // try { // jwtVerify( // req.body.refreshToken, // createSecretKey(process.env.JWT_SECRET!, "utf8") // ); // } catch (error) { // return res.json({ error: `refreshToken - ${(error as Error).message}` }); // } // } return res.json({ error: "refreshToken not found" }); }); const refreshRoute = router; export default refreshRoute;