CUSportGo · goodchirapat · Oct 18, 2023 · Oct 13, 2023 · Oct 15, 2023 · Oct 18, 2023
diff --git a/package.json b/package.json
@@ -37,7 +37,7 @@
     "grpc_tools_node_protoc_ts": "^5.3.3",
     "nestjs-grpc-exceptions": "^0.2.1",
     "nestjs-proto-gen-ts": "^1.0.21",
-    "nodemailer": "^6.9.5",
+    "nodemailer": "^6.9.6",
     "passport": "^0.6.0",
     "passport-jwt": "^4.0.1",
     "protoc-gen-ts": "^0.8.6",

diff --git a/src/auth/auth.controller.ts b/src/auth/auth.controller.ts
@@ -15,13 +15,15 @@ import {
   ResetPasswordResponse,
   // ValidateGoogleRequest,
   // ValidateGoogleResponse,
-  ValidateOAuthRequest
+  ValidateOAuthRequest,
+  RefreshTokenRequest,
+  RefreshTokenResponse,
 } from './auth.pb';
 import { AuthService } from './auth.service';
 
 @Controller()
 export class AuthController {
-  constructor(private authService: AuthService) { }
+  constructor(private authService: AuthService) {}
 
   @GrpcMethod('AuthService', 'Login')
   login(request: LoginRequest): Promise<LoginResponse> {
@@ -33,6 +35,11 @@ export class AuthController {
     return this.authService.register(request);
   }
 
+  @GrpcMethod('AuthService', 'RefreshToken')
+  refreshToken(request: RefreshTokenRequest): Promise<RefreshTokenResponse> {
+    return this.authService.refreshToken(request);
+  }
+
   @GrpcMethod('AuthService', 'Logout')
   logout(request: LogoutRequest): Promise<LogoutResponse> {
     return this.authService.logout(request);
@@ -43,19 +50,16 @@ export class AuthController {
     return this.authService.validateOAuth(request);
   }
 
-
   @GrpcMethod('AuthService', 'ForgotPassword')
   forgotPassword(
-    request: ForgotPasswordRequest): Promise<ForgotPasswordResponse> {
-    return this.authService.forgotPassword(request)
+    request: ForgotPasswordRequest,
+  ): Promise<ForgotPasswordResponse> {
+    return this.authService.forgotPassword(request);
   }
 
   @GrpcMethod('AuthService', 'ResetPassword')
-  resetPassword(
-    request: ResetPasswordRequest,
-  ): Promise<ResetPasswordResponse> {
+  resetPassword(request: ResetPasswordRequest): Promise<ResetPasswordResponse> {
     return this.authService.resetPassword(request);
-
   }
 
   @GrpcMethod('AuthService', 'ValidateToken')

diff --git a/src/auth/auth.pb.ts b/src/auth/auth.pb.ts
@@ -49,7 +49,8 @@ export interface RefreshTokenRequest {
 }
 
 export interface RefreshTokenResponse {
-  credential: Credential | undefined;
+  newAccessToken: string;
+  accessTokenExpiresIn: number;
 }
 
 export interface ValidateOAuthRequest {
@@ -87,7 +88,8 @@ export interface ValidateTokenRequest {
 }
 
 export interface ValidateTokenResponse {
-  isValid: boolean;
+  userId: string;
+  role: string;
 }
 
 export const AUTH_PACKAGE_NAME = "auth";
@@ -108,7 +110,7 @@ export interface AuthServiceClient {
   logout(request: LogoutRequest): Observable<LogoutResponse>;
 
   validateToken(request: ValidateTokenRequest): Observable<ValidateTokenResponse>;
-  
+
   forgotPassword(request: ForgotPasswordRequest): Observable<ForgotPasswordResponse>;
 }
 
@@ -149,8 +151,8 @@ export function AuthServiceControllerMethods() {
       "resetPassword",
       "validateOAuth",
       "logout",
-      "forgotPassword",
       "validateToken",
+      "forgotPassword",
     ];
     for (const method of grpcMethods) {
       const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);

diff --git a/src/auth/auth.service.ts b/src/auth/auth.service.ts
@@ -22,7 +22,7 @@ import {
   ResetPasswordResponse,
   // ValidateGoogleRequest,
   // ValidateGoogleResponse,
-  ValidateOAuthRequest
+  ValidateOAuthRequest,
 } from './auth.pb';
 import { RpcException } from '@nestjs/microservices';
 import { status } from '@grpc/grpc-js';
@@ -33,7 +33,6 @@ import { BlacklistRepository } from '../repository/blacklist.repository';
 import { JwtPayload } from './strategies/accessToken.strategy';
 import * as nodemailer from 'nodemailer';
 
-
 @Injectable()
 export class AuthService implements AuthServiceController {
   constructor(
@@ -63,7 +62,10 @@ export class AuthService implements AuthServiceController {
         });
       }
 
-      const { accessToken, refreshToken } = await this.getTokens(user.id);
+      const { accessToken, refreshToken } = await this.getTokens(
+        user.id,
+        user.role,
+      );
       user = await this.userRepo.update(user.id, {
         refreshToken: refreshToken,
       });
@@ -97,7 +99,57 @@ export class AuthService implements AuthServiceController {
   public async refreshToken(
     request: RefreshTokenRequest,
   ): Promise<RefreshTokenResponse> {
-    return null;
+    try {
+      const decodedToken = this.jwtService.verify(request.refreshToken, {
+        secret: this.configService.get<string>('JWT_ACCESS_SECRET'),
+      });
+      if (decodedToken.registeredClaims.expiredAt < Date.now()) {
+        throw new RpcException({
+          code: status.PERMISSION_DENIED,
+          message: 'token expired',
+        });
+      }
+
+      const user = await this.userRepo.findUserById(decodedToken.sub);
+      if (!user) {
+        throw new RpcException({
+          code: status.NOT_FOUND,
+          message: 'user not found',
+        });
+      }
+      if (user.refreshToken != request.refreshToken) {
+        throw new RpcException({
+          code: status.PERMISSION_DENIED,
+          message: 'invalid token',
+        });
+      }
+
+      const newAccessToken = await this.jwtService.signAsync(
+        {
+          sub: decodedToken.sub,
+          registeredClaims: {
+            issuer: this.configService.get<string>('TOKEN_ISSUER'),
+            expiredAt: Date.now() + 60 * 15 * 1000,
+            issuedAt: Date.now(),
+          },
+        },
+        {
+          secret: this.configService.get<string>('JWT_ACCESS_SECRET'),
+          expiresIn: '15m',
+        },
+      );
+
+      return { newAccessToken, accessTokenExpiresIn: 600 };
+    } catch (err) {
+      console.log(err);
+      if (!(err instanceof RpcException)) {
+        throw new RpcException({
+          code: status.INTERNAL,
+          message: 'internal server error',
+        });
+      }
+      throw err;
+    }
   }
 
   public async validateOAuth(
@@ -150,7 +202,10 @@ export class AuthService implements AuthServiceController {
         }
       }
 
-      const { accessToken, refreshToken } = await this.getTokens(user.id);
+      const { accessToken, refreshToken } = await this.getTokens(
+        user.id,
+        user.role,
+      );
       user = await this.userRepo.update(user.id, {
         refreshToken: refreshToken,
       });
@@ -188,20 +243,29 @@ export class AuthService implements AuthServiceController {
         secret: this.configService.get<string>('JWT_ACCESS_SECRET'),
       });
       if (!decodedToken) {
-        return { isValid: false };
+        throw new RpcException({
+          code: status.PERMISSION_DENIED,
+          message: 'invalid token',
+        });
       }
       if (
         decodedToken.registeredClaims.issuer !==
         this.configService.get<string>('TOKEN_ISSUER')
       ) {
-        return { isValid: false };
+        throw new RpcException({
+          code: status.PERMISSION_DENIED,
+          message: 'invalid token',
+        });
       }
 
       if (decodedToken.registeredClaims.expiredAt < Date.now()) {
-        return { isValid: false };
+        throw new RpcException({
+          code: status.PERMISSION_DENIED,
+          message: 'invalid token',
+        });
       }
 
-      return { isValid: true };
+      return { userId: decodedToken.sub, role: decodedToken.role };
     } catch (err) {
       console.log(err);
       if (!(err instanceof RpcException)) {
@@ -214,11 +278,12 @@ export class AuthService implements AuthServiceController {
     }
   }
 
-  private async getTokens(userId: string) {
+  private async getTokens(userId: string, role: string) {
     try {
       const accessToken = await this.jwtService.signAsync(
         {
           sub: userId,
+          role: role,
           registeredClaims: {
             issuer: this.configService.get<string>('TOKEN_ISSUER'),
             expiredAt: Date.now() + 60 * 15 * 1000,
@@ -234,6 +299,7 @@ export class AuthService implements AuthServiceController {
       const refreshToken = await this.jwtService.signAsync(
         {
           sub: userId,
+          role: role,
           registeredClaims: {
             issuer: '',
             expiredAt: Date.now() + 60 * 60 * 24 * 7 * 1000,
@@ -283,9 +349,13 @@ export class AuthService implements AuthServiceController {
     }
   }
 
-  async resetPassword(request: ResetPasswordRequest): Promise<ResetPasswordResponse> {
+  async resetPassword(
+    request: ResetPasswordRequest,
+  ): Promise<ResetPasswordResponse> {
     try {
-      const credential = this.jwtService.decode(request.accessToken) as JwtPayload;
+      const credential = this.jwtService.decode(
+        request.accessToken,
+      ) as JwtPayload;
       const user = await this.userRepo.findUserById(credential.sub);
 
       const isPasswordMatch = await bcrypt.compare(
@@ -302,9 +372,9 @@ export class AuthService implements AuthServiceController {
       const hashedPassword = await bcrypt.hash(request.password, 12);
       await this.userRepo.update(user.id, {
         password: hashedPassword,
-      })
+      });
 
-      return { isDone: true }
+      return { isDone: true };
     } catch (err: any) {
       console.log(err);
       if (!(err instanceof RpcException)) {
@@ -346,8 +416,9 @@ export class AuthService implements AuthServiceController {
     return response;
   }
 
-
-  async forgotPassword(request: ForgotPasswordRequest): Promise<ForgotPasswordResponse> {
+  async forgotPassword(
+    request: ForgotPasswordRequest,
+  ): Promise<ForgotPasswordResponse> {
     try {
       const user = await this.userRepo.getUserByEmail(request.email);
       if (!user) {
@@ -357,8 +428,9 @@ export class AuthService implements AuthServiceController {
         });
       }
       // gen token
-      const userToken = (await this.getTokens(user.id)).accessToken;
-      const linkToResetPassword = "http://localhost:3000/reset-password/" + userToken;
+      const userToken = (await this.getTokens(user.id, user.role)).accessToken;
+      const linkToResetPassword =
+        'http://localhost:3000/reset-password/' + userToken;
 
       //set connection
       const transporter = nodemailer.createTransport({
@@ -382,7 +454,7 @@ export class AuthService implements AuthServiceController {
         `,
       };
       await transporter.sendMail(mailOptions);
-      return { resetPasswordUrl: linkToResetPassword }
+      return { resetPasswordUrl: linkToResetPassword };
     } catch (err: any) {
       console.log(err);
       if (!(err instanceof RpcException)) {

diff --git a/src/proto/auth.proto b/src/proto/auth.proto
@@ -55,11 +55,12 @@ message LoginResponse {
 }
 
 message RefreshTokenRequest {
-  string refresh_token = 1;
+  string refreshToken = 1;
 }
 
 message RefreshTokenResponse {
-  Credential credential = 1;
+  string newAccessToken = 1;
+  int32 accessTokenExpiresIn = 2;
 }
 
 message ValidateOAuthRequest {
@@ -96,5 +97,6 @@ message ValidateTokenRequest {
 }
 
 message ValidateTokenResponse {
-  bool is_valid = 1;
+  string userId = 1;
+  string role = 2;
 }
diff --git a/yarn.lock b/yarn.lock
@@ -4130,10 +4130,10 @@ node-releases@^2.0.13:
   resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-2.0.13.tgz#d5ed1627c23e3461e819b02e57b75e4899b1c81d"
   integrity sha512-uYr7J37ae/ORWdZeQ1xxMJe3NtdmqMC/JZK+geofDrkLUApKRHPd18/TxtBOJ4A0/+uUIliorNrfYV6s1b02eQ==
 
-nodemailer@^6.9.5:
-  version "6.9.5"
-  resolved "https://registry.yarnpkg.com/nodemailer/-/nodemailer-6.9.5.tgz#eaeae949c62ec84ef1e9128df89fc146a1017aca"
-  integrity sha512-/dmdWo62XjumuLc5+AYQZeiRj+PRR8y8qKtFCOyuOl1k/hckZd8durUUHs/ucKx6/8kN+wFxqKJlQ/LK/qR5FA==
+nodemailer@^6.9.6:
+  version "6.9.6"
+  resolved "https://registry.yarnpkg.com/nodemailer/-/nodemailer-6.9.6.tgz#5a38a2a4d9fb1e349542a138f9e2d5c760a663ed"
+  integrity sha512-s7pDtWwe5fLMkQUhw8TkWB/wnZ7SRdd9HRZslq/s24hlZvBP3j32N/ETLmnqTpmj4xoBZL9fOWyCIZ7r2HORHg==
 
 nopt@^5.0.0:
   version "5.0.0"