Saturday, 6 May 2017

How do I refresh a Refresh Token

Sorry for the simple question I just keep finding examples of "how to use them" not "when to use them"

Basically I have the code done for creating the refreshToken and destroying it

// Compare token in the database and create a new access token
Player.prototype.validateRefreshToken = function(username, refreshToken) {
    return new Promise(async (resolve, reject) => {
        try {
            let player = await this.col.findOneAsync({ username, refreshToken});
            if (player) {
                let token = jwt.sign(
                    {
                        id: player._id,
                        username: player.username, 
                        email: player.email,
                        roles: player.role || "user"
                    }, 
                    globals.jwtSecret,
                    {
                        expiresIn: "300"
                    }
                );

                return resolve(token);
            } else {
                return resolve(null);
            }
        } catch(err) {
            console.log("[ERROR]: There was an error trying to validateRefreshToken");
            console.log(err);
            return reject(err);
        }
    });
}

// Destroy users refreshToken by generating a new one and not delivering
// it to the client
Player.prototype.rejectToken = function (refreshToken) {
    return new Promise(async (resolve, reject) => {
        try {
            let player = await this.col.findOneAndUpdateAsync(
                { refreshToken },
                { $set: { refreshToken: randtoken.uid(256) },
            });
            if (player) {
                return resolve(true);
            } else {
                return resolve(false);
            }
        } catch(err) {
            console.log("[ERROR]: There was an error trying to rejectToken");
            console.log(err);
            return reject(err);
        }
    });
}

// API Routes
// Check Refresh Token
router.post("/token", async (ctx, next) => {
    let username = _.get(ctx.request.body, "username");
    let refreshToken = _.get(ctx.request.body, "refreshToken");

    if (refreshToken) {
        try {
            let token = ctx.models.player.validateRefreshToken(username, refreshToken);
            if (token) {
                ctx.body = { success: true, token };
            } else {
                ctx.body = { success: false, errors: ["You need to reauthenticate yourself their was an issue getting your refresh token"] };
            }
        } catch(err) {
            console.log(err);
            ctx.body = { success: false, errors: ["Internal Server Error"] };
        }
    } else {
        ctx.body = { success: false, errors: ["You are not authenticated"] };
    }
});


// Destroy refresh token
router.post("/token/reject", async (ctx, next) => {
    let refreshToken = _.get(ctx.request.body, "refreshToken");
    if (refreshToken) {
        try {
            let result = await ctx.models.player.rejectToken(refreshToken);
            if (result) {
                ctx.body = { success: true };
            } else {
                ctx.body = { success: false, errors: ["You are not authenticated"] };
            }
        } catch(err) {
            console.log(err);
            ctx.body = { success: false, errors: ["Internal Server Error"] };
        }
    }
});

But my problem is I don't know when I'm supposed to post to /token

E.g. somebody does a post request to their own profile /profile/me but gets a permission error, now what, how do I automate the /token

I hope this makes sense if it doesn't ask me for clarification



via Datsik

No comments:

Post a Comment