fix(auth): add JWT refresh tokens to rest api

Frantz Kati · Frantz Kati · commit 0e553e524651 · 2020-11-21T01:56:39.000+01:00
Add refresh tokens and delete refresh tokens endpoints to rest api from the auth package
diff --git a/examples/blog/app.js b/examples/blog/app.js
@@ -32,6 +32,10 @@ module.exports = tensei()
             .teams()
             .apiPath('auth')
             .rolesAndPermissions()
+            .jwt({
+                expiresIn: 60,
+                refreshTokenExpiresIn: 60 * 2,
+            })
             .social('github', {
                 key: process.env.GITHUB_KEY,
                 secret: process.env.GITHUB_SECRET,
diff --git a/packages/auth/package.json b/packages/auth/package.json
@@ -4,7 +4,9 @@
     "main": "./build/index.js",
     "license": "MIT",
     "files": [
-        "build/"
+        "build/",
+        "auth.d.ts",
+        "auth.config.d.ts"
     ],
     "types": "./build/index.d.ts",
     "devDependencies": {
diff --git a/packages/auth/src/index.ts b/packages/auth/src/index.ts
@@ -4,7 +4,7 @@ import Bcrypt from 'bcryptjs'
 import Jwt from 'jsonwebtoken'
 import Randomstring from 'randomstring'
 import { validateAll } from 'indicative/validator'
-import { Request, Response, NextFunction } from 'express'
+import { Request, Response, NextFunction, response } from 'express'
 import {
     plugin,
     resource,
@@ -808,8 +808,10 @@ class Auth {
             route(`Get authenticated ${name}`)
                 .path(this.getApiPath('me'))
                 .get()
-                .handle(async (request, response) =>
-                    response.formatter.ok(request.user)
+                .handle(async ({ user }, { formatter: { ok, unauthorized } }) =>
+                    user && ! user.public ? ok(user) : unauthorized({
+                        message: 'Unauthorized.'
+                    })
                 ),
             route(`Resend Verification email`)
                 .path(this.getApiPath('verification/resend'))
@@ -834,6 +836,28 @@ class Auth {
                     response.formatter.ok(
                         await this.socialAuth(request as any, 'register')
                     )
+                ),
+            route('Refresh Token')
+                .path(this.getApiPath('refresh-token'))
+                .post()
+                .handle(async (request, { formatter: { ok, unauthorized } }) => {
+                    try {
+                        return ok(
+                            await this.handleRefreshTokens(request as any)
+                        )
+                    } catch (error) {
+                        return unauthorized({
+                            message: error.message || 'Invalid refresh token.'
+                        })
+                    }
+                }),
+            route('Remove refresh Token')
+                .path(this.getApiPath('refresh-token'))
+                .delete()
+                .handle(async (request, response) =>
+                    response.formatter.ok(
+                        await this.removeRefreshTokens(request as any)
+                    )
                 )
         ]
     }
@@ -978,8 +1002,9 @@ class Auth {
             ) as JwtPayload
         } catch (error) {}
 
-        if (!tokenPayload || !tokenPayload.refresh)
+        if (!tokenPayload || !tokenPayload.refresh) {
             throw ctx.authenticationError('Invalid refresh token.')
+        }
 
         const user: any = await ctx.manager.findOne(
             this.resources.user.data.pascalCaseName,
diff --git a/packages/common/package.json b/packages/common/package.json
@@ -5,7 +5,8 @@
     "license": "MIT",
     "types": "./typings/index.d.ts",
     "files": [
-        "build/"
+        "build/",
+        "typings/"
     ],
     "devDependencies": {
         "@babel/core": "^7.11.4",
diff --git a/packages/common/typings/config.d.ts b/packages/common/typings/config.d.ts
@@ -218,11 +218,15 @@ declare module '@tensei/common/config' {
         TContext = GraphQLPluginContext,
         TArgs = any
     > = IMiddleware<TSource, TContext, TArgs>
-    type MiddlewareGenerator = (
+    type MiddlewareGenerator<
+        TSource = any,
+        TContext = GraphQLPluginContext,
+        TArgs = any
+    > = (
         graphQlQueries: GraphQlQueryContract[],
         typeDefs: ITypedef[],
         schema: GraphQLSchema
-    ) => IMiddleware
+    ) => IMiddleware<TSource, TContext, TArgs>
     export interface Config {
         databaseClient: any
         schemas: any
diff --git a/packages/core/Tensei.ts b/packages/core/Tensei.ts
@@ -363,6 +363,8 @@ export class Tensei implements TenseiContract {
 
         this.app.use(CookieParser())
 
+        this.app.disable('x-powered-by')
+
         const rootStorage = (this.storageConfig.disks?.local?.config as any)
             .root
         const publicPath = (this.storageConfig.disks?.local?.config as any)
diff --git a/packages/core/package.json b/packages/core/package.json
@@ -6,7 +6,8 @@
     "license": "MIT",
     "files": [
         "build/",
-        "typings/"
+        "typings/",
+        "core.d.ts"
     ],
     "devDependencies": {
         "@types/bcryptjs": "^2.4.2",
diff --git a/packages/rest/rest.d.ts b/packages/rest/rest.d.ts
@@ -0,0 +1,12 @@
+import { Request } from 'express'
+
+declare global {
+    namespace Express {
+        export interface Request {
+            authenticationError: (message?: string) => unknown
+            forbiddenError: (message?: string) => unknown
+            validationError: (message?: string) => unknown
+            userInputError: (message?: string) => unknown
+        }
+    }
+}
diff --git a/packages/rest/src/index.ts b/packages/rest/src/index.ts
@@ -1,4 +1,4 @@
-import { Request, Response, request } from 'express'
+import { Request, Response } from 'express'
 import qs from 'qs'
 import {
     FindOptions,
@@ -15,7 +15,7 @@ class Rest {
         return `/${apiPath}/${path}`
     }
 
-    public getPageMetaFromFindOptions(
+    private getPageMetaFromFindOptions(
         total: number,
         findOptions: FindOptions<any>
     ) {
@@ -31,7 +31,7 @@ class Rest {
         }
     }
 
-    public parseQueryToFindOptions(query: any, resource: ResourceContract) {
+    private parseQueryToFindOptions(query: any, resource: ResourceContract) {
         let findOptions: FindOptions<any> = {}
 
         if (query.page && query.page !== '-1') {
@@ -69,7 +69,7 @@ class Rest {
         return findOptions
     }
 
-    public parseQueryToWhereOptions(query: any) {
+    private parseQueryToWhereOptions(query: any) {
         let whereOptions: FilterQuery<any> = {}
 
         if (query.where) {
@@ -101,7 +101,7 @@ class Rest {
         return whereOptions
     }
 
-    extendRoutes(
+    private extendRoutes(
         resources: ResourceContract[],
         getApiPath: (path: string) => string
     ) {
@@ -299,6 +299,46 @@ class Rest {
             .afterDatabaseSetup(
                 async ({ extendRoutes, resources, apiPath, app }) => {
                     app.use(responseEnhancer())
+
+                    app.use((request, response, next) => {
+                        // @ts-ignore
+                        request.req = request
+
+                        return next()
+                    })
+
+                    app.use((request, response, next) => {
+                        request.authenticationError = (
+                            message: string = 'Unauthenticated.'
+                        ) => ({
+                            status: 401,
+                            message
+                        })
+
+                        request.forbiddenError = (
+                            message: string = 'Forbidden.'
+                        ) => ({
+                            status: 400,
+                            message
+                        })
+
+                        request.validationError = (
+                            message: string = 'Validation failed.'
+                        ) => ({
+                            status: 422,
+                            message
+                        })
+
+                        request.userInputError = (
+                            message: string = 'Validation failed.'
+                        ) => ({
+                            status: 422,
+                            message
+                        })
+
+                        return next()
+                    })
+
                     extendRoutes(
                         this.extendRoutes(resources, (path: string) =>
                             this.getApiPath(apiPath, path)
@@ -317,6 +357,7 @@ class Rest {
                         }
                     )
                 })
+
                 routes.forEach(route => {
                     ;(app as any)[route.config.type.toLowerCase()](
                         route.config.path,
