Sorry for the simple question I just keep finding examples of "how to use them" not "when to use them"
Basically I have the code done for creating the refreshToken
and destroying it
// Compare token in the database and create a new access token
Player.prototype.validateRefreshToken = function(username, refreshToken) {
return new Promise(async (resolve, reject) => {
try {
let player = await this.col.findOneAsync({ username, refreshToken});
if (player) {
let token = jwt.sign(
{
id: player._id,
username: player.username,
email: player.email,
roles: player.role || "user"
},
globals.jwtSecret,
{
expiresIn: "300"
}
);
return resolve(token);
} else {
return resolve(null);
}
} catch(err) {
console.log("[ERROR]: There was an error trying to validateRefreshToken");
console.log(err);
return reject(err);
}
});
}
// Destroy users refreshToken by generating a new one and not delivering
// it to the client
Player.prototype.rejectToken = function (refreshToken) {
return new Promise(async (resolve, reject) => {
try {
let player = await this.col.findOneAndUpdateAsync(
{ refreshToken },
{ $set: { refreshToken: randtoken.uid(256) },
});
if (player) {
return resolve(true);
} else {
return resolve(false);
}
} catch(err) {
console.log("[ERROR]: There was an error trying to rejectToken");
console.log(err);
return reject(err);
}
});
}
// API Routes
// Check Refresh Token
router.post("/token", async (ctx, next) => {
let username = _.get(ctx.request.body, "username");
let refreshToken = _.get(ctx.request.body, "refreshToken");
if (refreshToken) {
try {
let token = ctx.models.player.validateRefreshToken(username, refreshToken);
if (token) {
ctx.body = { success: true, token };
} else {
ctx.body = { success: false, errors: ["You need to reauthenticate yourself their was an issue getting your refresh token"] };
}
} catch(err) {
console.log(err);
ctx.body = { success: false, errors: ["Internal Server Error"] };
}
} else {
ctx.body = { success: false, errors: ["You are not authenticated"] };
}
});
// Destroy refresh token
router.post("/token/reject", async (ctx, next) => {
let refreshToken = _.get(ctx.request.body, "refreshToken");
if (refreshToken) {
try {
let result = await ctx.models.player.rejectToken(refreshToken);
if (result) {
ctx.body = { success: true };
} else {
ctx.body = { success: false, errors: ["You are not authenticated"] };
}
} catch(err) {
console.log(err);
ctx.body = { success: false, errors: ["Internal Server Error"] };
}
}
});
But my problem is I don't know when I'm supposed to post
to /token
E.g. somebody does a post
request to their own profile /profile/me
but gets a permission error, now what, how do I automate the /token
I hope this makes sense if it doesn't ask me for clarification
via Datsik
No comments:
Post a Comment