Skip to content

Commit 3c2c4ad

Browse files
devxsameerdevxsameer
committed
fix(auth): refactor refresh token to have same family id on same session
1 parent f6fcb8e commit 3c2c4ad

File tree

2 files changed

+11
-9
lines changed

2 files changed

+11
-9
lines changed

src/modules/auth/auth.repository.ts

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
// src/modules/auth/auth.repository.ts
22
import { db } from "@/db/index.js";
33
import { refreshTokensTable } from "@/db/schema/tokens.js";
4-
import { and, eq, isNull } from "drizzle-orm";
4+
import { and, eq, gt, isNull } from "drizzle-orm";
55

66
export function saveRefreshToken(data: {
77
userId: string;
@@ -21,7 +21,8 @@ export function findValidRefreshToken(tokenHash: string) {
2121
.where(
2222
and(
2323
eq(refreshTokensTable.tokenHash, tokenHash),
24-
isNull(refreshTokensTable.revokedAt)
24+
isNull(refreshTokensTable.revokedAt),
25+
gt(refreshTokensTable.expiresAt, new Date())
2526
)
2627
)
2728
.limit(1);
@@ -51,4 +52,4 @@ export function revokeAllUserTokens(userId: string) {
5152
isNull(refreshTokensTable.revokedAt)
5253
)
5354
);
54-
}
55+
}

src/modules/auth/auth.service.ts

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,8 @@ export async function signup(
4646
`📧 Verify email: ${process.env.FRONTEND_URL}/verify-email?token=${verificationToken}`
4747
);
4848

49-
const { accessToken, refreshToken } = await issueTokens(user, meta);
49+
const familyId = generateFamilyId();
50+
const { accessToken, refreshToken } = await issueTokens(user, meta, familyId);
5051

5152
return {
5253
user: presentUser(user),
@@ -72,7 +73,8 @@ export async function login(
7273
throw new UnauthorizedError("Invalid credentials");
7374
}
7475

75-
const { accessToken, refreshToken } = await issueTokens(user, meta);
76+
const familyId = generateFamilyId();
77+
const { accessToken, refreshToken } = await issueTokens(user, meta, familyId);
7678

7779
return {
7880
user: presentUser(user),
@@ -95,24 +97,23 @@ export async function refresh(refreshToken: string, meta: RequestMeta) {
9597

9698
await AuthRepo.revokeTokenFamily(stored.familyId);
9799

98-
return issueTokens(user, meta);
100+
return issueTokens(user, meta, stored.familyId);
99101
}
100102

101103
export async function logout(refreshToken: string) {
102104
const tokenHash = hashToken(refreshToken);
103105
await AuthRepo.revokeRefreshToken(tokenHash);
104106
}
105107

106-
async function issueTokens(user: any, meta: RequestMeta) {
108+
async function issueTokens(user: any, meta: RequestMeta, familyId: string) {
107109
const accessToken = signAccessToken(user.id, user.role, user.isReadOnly);
108110

109111
const refreshToken = generateOpaqueToken();
110-
const familyId = generateFamilyId();
111112

112113
await AuthRepo.saveRefreshToken({
113114
userId: user.id,
114115
tokenHash: hashToken(refreshToken),
115-
familyId,
116+
familyId: familyId,
116117
expiresAt: new Date(Date.now() + REFRESH_TOKEN_TTL),
117118
ipAddress: meta.ip,
118119
userAgent: meta.userAgent,

0 commit comments

Comments
 (0)