From c1eb7d87c553cf6bbce492d99841dfa1d7e0a90a Mon Sep 17 00:00:00 2001
From: Jonasz Bigda <jonasz@bankai.pl>
Date: Fri, 20 Nov 2020 18:13:08 +0100
Subject: [PATCH] update

---
 routes/routeUser.js  | 15 ++++++++++++++-
 services/services.js | 24 +++++++++++++++++++++++-
 2 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/routes/routeUser.js b/routes/routeUser.js
index 8aa1be4..894d325 100644
--- a/routes/routeUser.js
+++ b/routes/routeUser.js
@@ -15,6 +15,8 @@ const {
   checkEmailTaken,
   validateUserToken,
   hashPass,
+  generateRefreshToken,
+  validateRefreshToken,
 } = require("../services/services.js");
 const { resetPassword } = require("../services/mailServices.js");
 
@@ -30,12 +32,23 @@ router.post("/login", async (req, res) => {
     await checkPassword(req.body.password, user.password);
     const safeUser = await prepareSafeUser(user);
     var token = generateAuthToken(safeUser);
-    res.header("x-auth-token", token).status(202).send(safeUser);
+    var refreshToken = generateRefreshToken(user._id);
+    res.header("x-auth-token", token).header("ref", refreshToken).status(202).send(safeUser);
   } catch (error) {
     handleError(error, res);
   }
 });
 
+//REFRESH_TOKEN
+router.post("refreshtoken", async (req, res) => {
+  try {
+    const refreshToken = req.headers["ref"];
+    validateRefreshToken(refreshToken);
+  } catch (error) {
+    handleError(error, res);
+  }
+})
+
 // REFRESH
 router.post("/refresh", async (req, res) => {
   try {
diff --git a/services/services.js b/services/services.js
index 4d742f7..396e0fd 100644
--- a/services/services.js
+++ b/services/services.js
@@ -54,11 +54,20 @@ function generateAuthToken(user) {
       restaurants: user.restaurants,
     },
     jwtSecret,
-    { expiresIn: "1h" }
+    { expiresIn: "15m" }
   );
   return token;
 }
 
+function generateRefreshToken(userId) {
+  const token = jwt.sign({
+    id: userId
+  }, jwtSecret, {
+    expiresIn: "1h"
+  });
+  return token;
+}
+
 function generatePasswordResetToken(email) {
   const token = jwt.sign(
     {
@@ -98,6 +107,17 @@ function validateUserToken(token) {
   }
 }
 
+function validateRefreshToken(token) {
+  if (!token) throw newError("Brak dostępu", 401);
+  try {
+    const verified = jwt.verify(token, jwtSecret, { ignoreExpiration: false });
+    if (!verified) throw newError("Brak dostępu", 401);
+    return verified;
+  } catch (error) {
+    throw newError("Brak dostępu", 401);
+  }
+}
+
 async function validateDishId(id) {
   if (!mongoose.Types.ObjectId.isValid(id)) {
     throw newError("Niewłaściwy ID", 400);
@@ -174,3 +194,5 @@ exports.verifyRestaurantAccess = verifyRestaurantAccess;
 exports.yearFromNowDate = yearFromNowDate;
 exports.hashPass = hashPass;
 exports.saveImage = saveImage;
+exports.generateRefreshToken = generateRefreshToken;
+exports.validateRefreshToken = validateRefreshToken;