should refresh token be jwt also? code example
Example: jwt refresh token
const jwt = require('jsonwebtoken')
const { message } = require('../utils/util.message')
module.exports = (req, res, next) => {
try {
const tokenHeader = req.headers.authorization.split('Bearer ')[1]
const decoded = jwt.verify(tokenHeader, process.env.ACCESS_TOKEN_SECRET)
req.user = decoded
next()
} catch (err) {
next(httpError(401))
}
}
app.get('/protect', authJwt, (req, res) => {
console.log(req.user)
res.send('aim in proteced route')
})
app.post('/login', (req, res) => {
const bodyPayload = {
id: Date.now(),
username: req.body.username
}
const token = signAccessToken(res, bodyPayload)
return res.status(200).json(token)
})
app.post('/refresh-token', (req, res) => {
const refreshToken = signRefreshToken(req)
return res.status(200).json(refreshToken)
})
const jwt = require('jsonwebtoken')
const { message } = require('../utils/util.message')
exports.signAccessToken = (res, payload) => {
try {
if (payload) {
const accessToken = jwt.sign({ ...payload }, process.env.ACCESS_TOKEN_SECRET, { expiresIn: '1d' })
const refreshToken = jwt.sign({ ...payload }, process.env.REFRESH_TOKEN_SECRET, { expiresIn: '90d' })
res.cookie('refreshToken', `${refreshToken}`, { maxAge: 86400 * 90, httpOnly: true })
return { accessToken, refreshToken }
}
} catch (err) {
message({
response: res,
statusCode: 401,
method: req.method,
message: 'Unautorization'
})
}
}
exports.signRefreshToken = (req) => {
try {
const getToken = req.cookies.refreshToken
if (getToken) {
const { id, username } = jwt.verify(getToken, process.env.REFRESH_TOKEN_SECRET)
const accesssToken = jwt.sign({ id, username }, process.env.ACCESS_TOKEN_SECRET, { expiresIn: '90d' })
return { accesssToken }
}
} catch (err) {
message({
response: res,
statusCode: 401,
method: req.method,
message: 'Unautorization'
})
}
}