@bivola/refresh-auth 1.1.3 → 1.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/collections/refreshTokens.js +0 -3
  2. package/dist/collections/refreshTokens.js.map +1 -1
  3. package/dist/endpoints/logout.js +1 -1
  4. package/dist/endpoints/logout.js.map +1 -1
  5. package/dist/endpoints/refresh.js +2 -1
  6. package/dist/endpoints/refresh.js.map +1 -1
  7. package/package.json +1 -1
package/dist/collections/refreshTokens.js CHANGED
@@ -6,9 +6,6 @@ export var RevocationReason = /*#__PURE__*/ function(RevocationReason) {
6
6
  }({});
7
7
  export const RefreshTokens = (options)=>({
8
8
  slug: 'refresh-tokens',
9
- admin: {
10
- hidden: true
11
- },
12
9
  fields: [
13
10
  {
14
11
  name: 'entity',
package/dist/collections/refreshTokens.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/collections/refreshTokens.ts"],"sourcesContent":["import type { CollectionConfig } from 'payload'\n\nimport type { AuthRefreshPluginOptions } from '../index'\n\ntype RefreshTokensOptions = Pick<AuthRefreshPluginOptions, 'entity_slug'>\n\nexport enum RevocationReason {\n SuspiciousActivity = 'suspicious_activity',\n TokenRotation = 'token_rotation',\n UserLogout = 'user_logout',\n}\n\nexport const RefreshTokens = (options: RefreshTokensOptions): CollectionConfig => ({\n slug: 'refresh-tokens',\n admin: {\n hidden: true,\n },\n fields: [\n {\n name: 'entity',\n type: 'relationship',\n relationTo: options.entity_slug,\n required: true,\n },\n {\n name: 'tokenHash',\n type: 'text',\n index: true,\n required: true,\n unique: true,\n },\n {\n name: 'expiresAt',\n type: 'date',\n required: true,\n },\n {\n name: 'lastUsedAt',\n type: 'date',\n },\n {\n name: 'rotatedAt',\n type: 'date',\n },\n {\n name: 'revokedAt',\n type: 'date',\n },\n {\n name: 'deviceId',\n type: 'text',\n required: true,\n },\n {\n name: 'userAgent',\n type: 'text',\n },\n {\n name: 'ipAddress',\n type: 'text',\n },\n {\n name: 'revocationReason',\n type: 'select',\n options: Object.entries(RevocationReason).map(([key, value]) => ({\n label: key,\n value,\n })),\n },\n ],\n})\n"],"names":["RevocationReason","RefreshTokens","options","slug","admin","hidden","fields","name","type","relationTo","entity_slug","required","index","unique","Object","entries","map","key","value","label"],"mappings":"AAMA,OAAO,IAAA,AAAKA,0CAAAA;;;;WAAAA;MAIX;AAED,OAAO,MAAMC,gBAAgB,CAACC,UAAqD,CAAA;QACjFC,MAAM;QACNC,OAAO;YACLC,QAAQ;QACV;QACAC,QAAQ;YACN;gBACEC,MAAM;gBACNC,MAAM;gBACNC,YAAYP,QAAQQ,WAAW;gBAC/BC,UAAU;YACZ;YACA;gBACEJ,MAAM;gBACNC,MAAM;gBACNI,OAAO;gBACPD,UAAU;gBACVE,QAAQ;YACV;YACA;gBACEN,MAAM;gBACNC,MAAM;gBACNG,UAAU;YACZ;YACA;gBACEJ,MAAM;gBACNC,MAAM;YACR;YACA;gBACED,MAAM;gBACNC,MAAM;YACR;YACA;gBACED,MAAM;gBACNC,MAAM;YACR;YACA;gBACED,MAAM;gBACNC,MAAM;gBACNG,UAAU;YACZ;YACA;gBACEJ,MAAM;gBACNC,MAAM;YACR;YACA;gBACED,MAAM;gBACNC,MAAM;YACR;YACA;gBACED,MAAM;gBACNC,MAAM;gBACNN,SAASY,OAAOC,OAAO,CAACf,kBAAkBgB,GAAG,CAAC,CAAC,CAACC,KAAKC,MAAM,GAAM,CAAA;wBAC/DC,OAAOF;wBACPC;oBACF,CAAA;YACF;SACD;IACH,CAAA,EAAE"}
1
+ {"version":3,"sources":["../../src/collections/refreshTokens.ts"],"sourcesContent":["import type { CollectionConfig } from 'payload'\n\nimport type { AuthRefreshPluginOptions } from '../index'\n\ntype RefreshTokensOptions = Pick<AuthRefreshPluginOptions, 'entity_slug'>\n\nexport enum RevocationReason {\n SuspiciousActivity = 'suspicious_activity',\n TokenRotation = 'token_rotation',\n UserLogout = 'user_logout',\n}\n\nexport const RefreshTokens = (options: RefreshTokensOptions): CollectionConfig => ({\n slug: 'refresh-tokens',\n fields: [\n {\n name: 'entity',\n type: 'relationship',\n relationTo: options.entity_slug,\n required: true,\n },\n {\n name: 'tokenHash',\n type: 'text',\n index: true,\n required: true,\n unique: true,\n },\n {\n name: 'expiresAt',\n type: 'date',\n required: true,\n },\n {\n name: 'lastUsedAt',\n type: 'date',\n },\n {\n name: 'rotatedAt',\n type: 'date',\n },\n {\n name: 'revokedAt',\n type: 'date',\n },\n {\n name: 'deviceId',\n type: 'text',\n required: true,\n },\n {\n name: 'userAgent',\n type: 'text',\n },\n {\n name: 'ipAddress',\n type: 'text',\n },\n {\n name: 'revocationReason',\n type: 'select',\n options: Object.entries(RevocationReason).map(([key, value]) => ({\n label: key,\n value,\n })),\n },\n ],\n})\n"],"names":["RevocationReason","RefreshTokens","options","slug","fields","name","type","relationTo","entity_slug","required","index","unique","Object","entries","map","key","value","label"],"mappings":"AAMA,OAAO,IAAA,AAAKA,0CAAAA;;;;WAAAA;MAIX;AAED,OAAO,MAAMC,gBAAgB,CAACC,UAAqD,CAAA;QACjFC,MAAM;QACNC,QAAQ;YACN;gBACEC,MAAM;gBACNC,MAAM;gBACNC,YAAYL,QAAQM,WAAW;gBAC/BC,UAAU;YACZ;YACA;gBACEJ,MAAM;gBACNC,MAAM;gBACNI,OAAO;gBACPD,UAAU;gBACVE,QAAQ;YACV;YACA;gBACEN,MAAM;gBACNC,MAAM;gBACNG,UAAU;YACZ;YACA;gBACEJ,MAAM;gBACNC,MAAM;YACR;YACA;gBACED,MAAM;gBACNC,MAAM;YACR;YACA;gBACED,MAAM;gBACNC,MAAM;YACR;YACA;gBACED,MAAM;gBACNC,MAAM;gBACNG,UAAU;YACZ;YACA;gBACEJ,MAAM;gBACNC,MAAM;YACR;YACA;gBACED,MAAM;gBACNC,MAAM;YACR;YACA;gBACED,MAAM;gBACNC,MAAM;gBACNJ,SAASU,OAAOC,OAAO,CAACb,kBAAkBc,GAAG,CAAC,CAAC,CAACC,KAAKC,MAAM,GAAM,CAAA;wBAC/DC,OAAOF;wBACPC;oBACF,CAAA;YACF;SACD;IACH,CAAA,EAAE"}
package/dist/endpoints/logout.js CHANGED
@@ -38,7 +38,7 @@ export const logoutEndpoint = (options)=>({
38
38
  });
39
39
  },
40
40
  method: 'post',
41
- path: `/auth/${options.entity_slug}/logout`
41
+ path: `/auth/logout`
42
42
  });
43
43
 
44
44
  //# sourceMappingURL=logout.js.map
package/dist/endpoints/logout.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/endpoints/logout.ts"],"sourcesContent":["import type { Endpoint } from 'payload'\n\nimport type { AuthRefreshPluginOptions } from '../index'\n\nimport { RevocationReason } from '../collections/refreshTokens'\nimport { hashToken } from '../utils/crypto'\n\ntype LogoutEndpointOptions = Pick<AuthRefreshPluginOptions, 'entity_slug' | 'pepper'>\n\nexport const logoutEndpoint = (options: LogoutEndpointOptions): Endpoint => ({\n handler: async (req) => {\n const { refresh_token } = (await req.json?.()) || {}\n\n if (!refresh_token) {\n return Response.json({ message: 'refreshToken is required to logout.' }, { status: 400 })\n }\n\n const tokenHash = hashToken(refresh_token, options.pepper)\n const result = await req.payload.find({\n collection: 'refresh-tokens',\n where: { tokenHash: { equals: tokenHash } },\n })\n\n if (!result?.docs?.length) {\n return new Response(null, { status: 204 })\n }\n\n const session = result.docs[0]\n\n await req.payload.update({\n id: session.id,\n collection: 'refresh-tokens',\n data: {\n revocationReason: RevocationReason.UserLogout,\n revokedAt: new Date(),\n },\n })\n\n return new Response(null, { status: 204 })\n },\n method: 'post',\n path: `/auth/${options.entity_slug}/logout`,\n})\n"],"names":["RevocationReason","hashToken","logoutEndpoint","options","handler","req","refresh_token","json","Response","message","status","tokenHash","pepper","result","payload","find","collection","where","equals","docs","length","session","update","id","data","revocationReason","UserLogout","revokedAt","Date","method","path","entity_slug"],"mappings":"AAIA,SAASA,gBAAgB,QAAQ,+BAA8B;AAC/D,SAASC,SAAS,QAAQ,kBAAiB;AAI3C,OAAO,MAAMC,iBAAiB,CAACC,UAA8C,CAAA;QAC3EC,SAAS,OAAOC;YACd,MAAM,EAAEC,aAAa,EAAE,GAAG,AAAC,MAAMD,IAAIE,IAAI,QAAS,CAAC;YAEnD,IAAI,CAACD,eAAe;gBAClB,OAAOE,SAASD,IAAI,CAAC;oBAAEE,SAAS;gBAAsC,GAAG;oBAAEC,QAAQ;gBAAI;YACzF;YAEA,MAAMC,YAAYV,UAAUK,eAAeH,QAAQS,MAAM;YACzD,MAAMC,SAAS,MAAMR,IAAIS,OAAO,CAACC,IAAI,CAAC;gBACpCC,YAAY;gBACZC,OAAO;oBAAEN,WAAW;wBAAEO,QAAQP;oBAAU;gBAAE;YAC5C;YAEA,IAAI,CAACE,QAAQM,MAAMC,QAAQ;gBACzB,OAAO,IAAIZ,SAAS,MAAM;oBAAEE,QAAQ;gBAAI;YAC1C;YAEA,MAAMW,UAAUR,OAAOM,IAAI,CAAC,EAAE;YAE9B,MAAMd,IAAIS,OAAO,CAACQ,MAAM,CAAC;gBACvBC,IAAIF,QAAQE,EAAE;gBACdP,YAAY;gBACZQ,MAAM;oBACJC,kBAAkBzB,iBAAiB0B,UAAU;oBAC7CC,WAAW,IAAIC;gBACjB;YACF;YAEA,OAAO,IAAIpB,SAAS,MAAM;gBAAEE,QAAQ;YAAI;QAC1C;QACAmB,QAAQ;QACRC,MAAM,CAAC,MAAM,EAAE3B,QAAQ4B,WAAW,CAAC,OAAO,CAAC;IAC7C,CAAA,EAAE"}
1
+ {"version":3,"sources":["../../src/endpoints/logout.ts"],"sourcesContent":["import type { Endpoint } from 'payload'\n\nimport type { AuthRefreshPluginOptions } from '../index'\n\nimport { RevocationReason } from '../collections/refreshTokens'\nimport { hashToken } from '../utils/crypto'\n\ntype LogoutEndpointOptions = Pick<AuthRefreshPluginOptions, 'entity_slug' | 'pepper'>\n\nexport const logoutEndpoint = (options: LogoutEndpointOptions): Endpoint => ({\n handler: async (req) => {\n const { refresh_token } = (await req.json?.()) || {}\n\n if (!refresh_token) {\n return Response.json({ message: 'refreshToken is required to logout.' }, { status: 400 })\n }\n\n const tokenHash = hashToken(refresh_token, options.pepper)\n const result = await req.payload.find({\n collection: 'refresh-tokens',\n where: { tokenHash: { equals: tokenHash } },\n })\n\n if (!result?.docs?.length) {\n return new Response(null, { status: 204 })\n }\n\n const session = result.docs[0]\n\n await req.payload.update({\n id: session.id,\n collection: 'refresh-tokens',\n data: {\n revocationReason: RevocationReason.UserLogout,\n revokedAt: new Date(),\n },\n })\n\n return new Response(null, { status: 204 })\n },\n method: 'post',\n path: `/auth/logout`,\n})\n"],"names":["RevocationReason","hashToken","logoutEndpoint","options","handler","req","refresh_token","json","Response","message","status","tokenHash","pepper","result","payload","find","collection","where","equals","docs","length","session","update","id","data","revocationReason","UserLogout","revokedAt","Date","method","path"],"mappings":"AAIA,SAASA,gBAAgB,QAAQ,+BAA8B;AAC/D,SAASC,SAAS,QAAQ,kBAAiB;AAI3C,OAAO,MAAMC,iBAAiB,CAACC,UAA8C,CAAA;QAC3EC,SAAS,OAAOC;YACd,MAAM,EAAEC,aAAa,EAAE,GAAG,AAAC,MAAMD,IAAIE,IAAI,QAAS,CAAC;YAEnD,IAAI,CAACD,eAAe;gBAClB,OAAOE,SAASD,IAAI,CAAC;oBAAEE,SAAS;gBAAsC,GAAG;oBAAEC,QAAQ;gBAAI;YACzF;YAEA,MAAMC,YAAYV,UAAUK,eAAeH,QAAQS,MAAM;YACzD,MAAMC,SAAS,MAAMR,IAAIS,OAAO,CAACC,IAAI,CAAC;gBACpCC,YAAY;gBACZC,OAAO;oBAAEN,WAAW;wBAAEO,QAAQP;oBAAU;gBAAE;YAC5C;YAEA,IAAI,CAACE,QAAQM,MAAMC,QAAQ;gBACzB,OAAO,IAAIZ,SAAS,MAAM;oBAAEE,QAAQ;gBAAI;YAC1C;YAEA,MAAMW,UAAUR,OAAOM,IAAI,CAAC,EAAE;YAE9B,MAAMd,IAAIS,OAAO,CAACQ,MAAM,CAAC;gBACvBC,IAAIF,QAAQE,EAAE;gBACdP,YAAY;gBACZQ,MAAM;oBACJC,kBAAkBzB,iBAAiB0B,UAAU;oBAC7CC,WAAW,IAAIC;gBACjB;YACF;YAEA,OAAO,IAAIpB,SAAS,MAAM;gBAAEE,QAAQ;YAAI;QAC1C;QACAmB,QAAQ;QACRC,MAAM,CAAC,YAAY,CAAC;IACtB,CAAA,EAAE"}
package/dist/endpoints/refresh.js CHANGED
@@ -20,6 +20,7 @@ export const refreshEndpoint = (options)=>({
20
20
  }
21
21
  }
22
22
  });
23
+ console.log(result);
23
24
  if (!result?.docs?.length) {
24
25
  return Response.json({
25
26
  message: 'Unauthorized.'
@@ -86,7 +87,7 @@ export const refreshEndpoint = (options)=>({
86
87
  });
87
88
  },
88
89
  method: 'post',
89
- path: `/${options.entity_slug}/auth/refresh`
90
+ path: `/auth/refresh`
90
91
  });
91
92
 
92
93
  //# sourceMappingURL=refresh.js.map
package/dist/endpoints/refresh.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/endpoints/refresh.ts"],"sourcesContent":["import type { Endpoint } from 'payload'\n\nimport type { AuthRefreshPluginOptions } from '../index'\n\nimport { RevocationReason } from '../collections/refreshTokens'\nimport { createRefreshToken, hashToken } from '../utils/crypto'\nimport { getRequestMeta } from '../utils/getRequestMeta'\nimport { signJWT } from '../utils/jwt'\n\ntype RefreshEndpointOptions = Pick<\n AuthRefreshPluginOptions,\n 'entity_slug' | 'identifier_field' | 'pepper' | 'refreshTokenTTL'\n>\n\nexport const refreshEndpoint = (options: RefreshEndpointOptions): Endpoint => ({\n handler: async (req) => {\n const { deviceId, refresh_token } = (await req.json?.()) || {}\n\n if (!refresh_token || !deviceId) {\n return Response.json(\n { message: 'Refresh token and device ID are required.' },\n { status: 400 },\n )\n }\n\n const result = await req.payload.find({\n collection: 'refresh-tokens',\n where: {\n tokenHash: {\n equals: hashToken(refresh_token, options.pepper),\n },\n },\n })\n\n if (!result?.docs?.length) {\n return Response.json({ message: 'Unauthorized.' }, { status: 401 })\n }\n\n const session = result.docs[0]\n\n if (session.deviceId !== deviceId || session.expiresAt < new Date() || session.revokedAt) {\n return Response.json({ message: 'Unauthorized.' }, { status: 401 })\n }\n\n if (session.rotatedAt) {\n await req.payload.update({\n id: session.id,\n collection: 'refresh-tokens',\n data: { revocationReason: RevocationReason.SuspiciousActivity, revokedAt: new Date() },\n })\n return Response.json({ message: 'Unauthorized.' }, { status: 401 })\n }\n\n const { token, tokenHash } = createRefreshToken(options.pepper)\n const now = new Date()\n\n const newSession = await req.payload.create({\n collection: 'refresh-tokens',\n data: {\n deviceId,\n entity: session.user,\n expiresAt: new Date(now.getTime() + options.refreshTokenTTL * 24 * 60 * 60 * 1000),\n lastUsedAt: now,\n tokenHash,\n ...getRequestMeta(req),\n },\n })\n\n await req.payload.update({\n id: session.id,\n collection: 'refresh-tokens',\n data: {\n lastUsedAt: now,\n replacedBy: newSession.id,\n revocationReason: RevocationReason.TokenRotation,\n rotatedAt: now,\n },\n })\n\n const accessJWT = signJWT({\n collectionId: session.user,\n collectionSlug: options.entity_slug,\n expiresIn: '15m',\n rawSecret: req.payload.secret,\n })\n\n return Response.json({\n access_token: accessJWT,\n refresh_token: token,\n user: session.user,\n })\n },\n method: 'post',\n path: `/${options.entity_slug}/auth/refresh`,\n})\n"],"names":["RevocationReason","createRefreshToken","hashToken","getRequestMeta","signJWT","refreshEndpoint","options","handler","req","deviceId","refresh_token","json","Response","message","status","result","payload","find","collection","where","tokenHash","equals","pepper","docs","length","session","expiresAt","Date","revokedAt","rotatedAt","update","id","data","revocationReason","SuspiciousActivity","token","now","newSession","create","entity","user","getTime","refreshTokenTTL","lastUsedAt","replacedBy","TokenRotation","accessJWT","collectionId","collectionSlug","entity_slug","expiresIn","rawSecret","secret","access_token","method","path"],"mappings":"AAIA,SAASA,gBAAgB,QAAQ,+BAA8B;AAC/D,SAASC,kBAAkB,EAAEC,SAAS,QAAQ,kBAAiB;AAC/D,SAASC,cAAc,QAAQ,0BAAyB;AACxD,SAASC,OAAO,QAAQ,eAAc;AAOtC,OAAO,MAAMC,kBAAkB,CAACC,UAA+C,CAAA;QAC7EC,SAAS,OAAOC;YACd,MAAM,EAAEC,QAAQ,EAAEC,aAAa,EAAE,GAAG,AAAC,MAAMF,IAAIG,IAAI,QAAS,CAAC;YAE7D,IAAI,CAACD,iBAAiB,CAACD,UAAU;gBAC/B,OAAOG,SAASD,IAAI,CAClB;oBAAEE,SAAS;gBAA4C,GACvD;oBAAEC,QAAQ;gBAAI;YAElB;YAEA,MAAMC,SAAS,MAAMP,IAAIQ,OAAO,CAACC,IAAI,CAAC;gBACpCC,YAAY;gBACZC,OAAO;oBACLC,WAAW;wBACTC,QAAQnB,UAAUQ,eAAeJ,QAAQgB,MAAM;oBACjD;gBACF;YACF;YAEA,IAAI,CAACP,QAAQQ,MAAMC,QAAQ;gBACzB,OAAOZ,SAASD,IAAI,CAAC;oBAAEE,SAAS;gBAAgB,GAAG;oBAAEC,QAAQ;gBAAI;YACnE;YAEA,MAAMW,UAAUV,OAAOQ,IAAI,CAAC,EAAE;YAE9B,IAAIE,QAAQhB,QAAQ,KAAKA,YAAYgB,QAAQC,SAAS,GAAG,IAAIC,UAAUF,QAAQG,SAAS,EAAE;gBACxF,OAAOhB,SAASD,IAAI,CAAC;oBAAEE,SAAS;gBAAgB,GAAG;oBAAEC,QAAQ;gBAAI;YACnE;YAEA,IAAIW,QAAQI,SAAS,EAAE;gBACrB,MAAMrB,IAAIQ,OAAO,CAACc,MAAM,CAAC;oBACvBC,IAAIN,QAAQM,EAAE;oBACdb,YAAY;oBACZc,MAAM;wBAAEC,kBAAkBjC,iBAAiBkC,kBAAkB;wBAAEN,WAAW,IAAID;oBAAO;gBACvF;gBACA,OAAOf,SAASD,IAAI,CAAC;oBAAEE,SAAS;gBAAgB,GAAG;oBAAEC,QAAQ;gBAAI;YACnE;YAEA,MAAM,EAAEqB,KAAK,EAAEf,SAAS,EAAE,GAAGnB,mBAAmBK,QAAQgB,MAAM;YAC9D,MAAMc,MAAM,IAAIT;YAEhB,MAAMU,aAAa,MAAM7B,IAAIQ,OAAO,CAACsB,MAAM,CAAC;gBAC1CpB,YAAY;gBACZc,MAAM;oBACJvB;oBACA8B,QAAQd,QAAQe,IAAI;oBACpBd,WAAW,IAAIC,KAAKS,IAAIK,OAAO,KAAKnC,QAAQoC,eAAe,GAAG,KAAK,KAAK,KAAK;oBAC7EC,YAAYP;oBACZhB;oBACA,GAAGjB,eAAeK,IAAI;gBACxB;YACF;YAEA,MAAMA,IAAIQ,OAAO,CAACc,MAAM,CAAC;gBACvBC,IAAIN,QAAQM,EAAE;gBACdb,YAAY;gBACZc,MAAM;oBACJW,YAAYP;oBACZQ,YAAYP,WAAWN,EAAE;oBACzBE,kBAAkBjC,iBAAiB6C,aAAa;oBAChDhB,WAAWO;gBACb;YACF;YAEA,MAAMU,YAAY1C,QAAQ;gBACxB2C,cAActB,QAAQe,IAAI;gBAC1BQ,gBAAgB1C,QAAQ2C,WAAW;gBACnCC,WAAW;gBACXC,WAAW3C,IAAIQ,OAAO,CAACoC,MAAM;YAC/B;YAEA,OAAOxC,SAASD,IAAI,CAAC;gBACnB0C,cAAcP;gBACdpC,eAAeyB;gBACfK,MAAMf,QAAQe,IAAI;YACpB;QACF;QACAc,QAAQ;QACRC,MAAM,CAAC,CAAC,EAAEjD,QAAQ2C,WAAW,CAAC,aAAa,CAAC;IAC9C,CAAA,EAAE"}
1
+ {"version":3,"sources":["../../src/endpoints/refresh.ts"],"sourcesContent":["import type { Endpoint } from 'payload'\n\nimport type { AuthRefreshPluginOptions } from '../index'\n\nimport { RevocationReason } from '../collections/refreshTokens'\nimport { createRefreshToken, hashToken } from '../utils/crypto'\nimport { getRequestMeta } from '../utils/getRequestMeta'\nimport { signJWT } from '../utils/jwt'\n\ntype RefreshEndpointOptions = Pick<\n AuthRefreshPluginOptions,\n 'entity_slug' | 'identifier_field' | 'pepper' | 'refreshTokenTTL'\n>\n\nexport const refreshEndpoint = (options: RefreshEndpointOptions): Endpoint => ({\n handler: async (req) => {\n const { deviceId, refresh_token } = (await req.json?.()) || {}\n\n if (!refresh_token || !deviceId) {\n return Response.json(\n { message: 'Refresh token and device ID are required.' },\n { status: 400 },\n )\n }\n\n const result = await req.payload.find({\n collection: 'refresh-tokens',\n where: {\n tokenHash: {\n equals: hashToken(refresh_token, options.pepper),\n },\n },\n })\n\n console.log(result)\n\n if (!result?.docs?.length) {\n return Response.json({ message: 'Unauthorized.' }, { status: 401 })\n }\n\n const session = result.docs[0]\n\n if (session.deviceId !== deviceId || session.expiresAt < new Date() || session.revokedAt) {\n return Response.json({ message: 'Unauthorized.' }, { status: 401 })\n }\n\n if (session.rotatedAt) {\n await req.payload.update({\n id: session.id,\n collection: 'refresh-tokens',\n data: { revocationReason: RevocationReason.SuspiciousActivity, revokedAt: new Date() },\n })\n return Response.json({ message: 'Unauthorized.' }, { status: 401 })\n }\n\n const { token, tokenHash } = createRefreshToken(options.pepper)\n const now = new Date()\n\n const newSession = await req.payload.create({\n collection: 'refresh-tokens',\n data: {\n deviceId,\n entity: session.user,\n expiresAt: new Date(now.getTime() + options.refreshTokenTTL * 24 * 60 * 60 * 1000),\n lastUsedAt: now,\n tokenHash,\n ...getRequestMeta(req),\n },\n })\n\n await req.payload.update({\n id: session.id,\n collection: 'refresh-tokens',\n data: {\n lastUsedAt: now,\n replacedBy: newSession.id,\n revocationReason: RevocationReason.TokenRotation,\n rotatedAt: now,\n },\n })\n\n const accessJWT = signJWT({\n collectionId: session.user,\n collectionSlug: options.entity_slug,\n expiresIn: '15m',\n rawSecret: req.payload.secret,\n })\n\n return Response.json({\n access_token: accessJWT,\n refresh_token: token,\n user: session.user,\n })\n },\n method: 'post',\n path: `/auth/refresh`,\n})\n"],"names":["RevocationReason","createRefreshToken","hashToken","getRequestMeta","signJWT","refreshEndpoint","options","handler","req","deviceId","refresh_token","json","Response","message","status","result","payload","find","collection","where","tokenHash","equals","pepper","console","log","docs","length","session","expiresAt","Date","revokedAt","rotatedAt","update","id","data","revocationReason","SuspiciousActivity","token","now","newSession","create","entity","user","getTime","refreshTokenTTL","lastUsedAt","replacedBy","TokenRotation","accessJWT","collectionId","collectionSlug","entity_slug","expiresIn","rawSecret","secret","access_token","method","path"],"mappings":"AAIA,SAASA,gBAAgB,QAAQ,+BAA8B;AAC/D,SAASC,kBAAkB,EAAEC,SAAS,QAAQ,kBAAiB;AAC/D,SAASC,cAAc,QAAQ,0BAAyB;AACxD,SAASC,OAAO,QAAQ,eAAc;AAOtC,OAAO,MAAMC,kBAAkB,CAACC,UAA+C,CAAA;QAC7EC,SAAS,OAAOC;YACd,MAAM,EAAEC,QAAQ,EAAEC,aAAa,EAAE,GAAG,AAAC,MAAMF,IAAIG,IAAI,QAAS,CAAC;YAE7D,IAAI,CAACD,iBAAiB,CAACD,UAAU;gBAC/B,OAAOG,SAASD,IAAI,CAClB;oBAAEE,SAAS;gBAA4C,GACvD;oBAAEC,QAAQ;gBAAI;YAElB;YAEA,MAAMC,SAAS,MAAMP,IAAIQ,OAAO,CAACC,IAAI,CAAC;gBACpCC,YAAY;gBACZC,OAAO;oBACLC,WAAW;wBACTC,QAAQnB,UAAUQ,eAAeJ,QAAQgB,MAAM;oBACjD;gBACF;YACF;YAEAC,QAAQC,GAAG,CAACT;YAEZ,IAAI,CAACA,QAAQU,MAAMC,QAAQ;gBACzB,OAAOd,SAASD,IAAI,CAAC;oBAAEE,SAAS;gBAAgB,GAAG;oBAAEC,QAAQ;gBAAI;YACnE;YAEA,MAAMa,UAAUZ,OAAOU,IAAI,CAAC,EAAE;YAE9B,IAAIE,QAAQlB,QAAQ,KAAKA,YAAYkB,QAAQC,SAAS,GAAG,IAAIC,UAAUF,QAAQG,SAAS,EAAE;gBACxF,OAAOlB,SAASD,IAAI,CAAC;oBAAEE,SAAS;gBAAgB,GAAG;oBAAEC,QAAQ;gBAAI;YACnE;YAEA,IAAIa,QAAQI,SAAS,EAAE;gBACrB,MAAMvB,IAAIQ,OAAO,CAACgB,MAAM,CAAC;oBACvBC,IAAIN,QAAQM,EAAE;oBACdf,YAAY;oBACZgB,MAAM;wBAAEC,kBAAkBnC,iBAAiBoC,kBAAkB;wBAAEN,WAAW,IAAID;oBAAO;gBACvF;gBACA,OAAOjB,SAASD,IAAI,CAAC;oBAAEE,SAAS;gBAAgB,GAAG;oBAAEC,QAAQ;gBAAI;YACnE;YAEA,MAAM,EAAEuB,KAAK,EAAEjB,SAAS,EAAE,GAAGnB,mBAAmBK,QAAQgB,MAAM;YAC9D,MAAMgB,MAAM,IAAIT;YAEhB,MAAMU,aAAa,MAAM/B,IAAIQ,OAAO,CAACwB,MAAM,CAAC;gBAC1CtB,YAAY;gBACZgB,MAAM;oBACJzB;oBACAgC,QAAQd,QAAQe,IAAI;oBACpBd,WAAW,IAAIC,KAAKS,IAAIK,OAAO,KAAKrC,QAAQsC,eAAe,GAAG,KAAK,KAAK,KAAK;oBAC7EC,YAAYP;oBACZlB;oBACA,GAAGjB,eAAeK,IAAI;gBACxB;YACF;YAEA,MAAMA,IAAIQ,OAAO,CAACgB,MAAM,CAAC;gBACvBC,IAAIN,QAAQM,EAAE;gBACdf,YAAY;gBACZgB,MAAM;oBACJW,YAAYP;oBACZQ,YAAYP,WAAWN,EAAE;oBACzBE,kBAAkBnC,iBAAiB+C,aAAa;oBAChDhB,WAAWO;gBACb;YACF;YAEA,MAAMU,YAAY5C,QAAQ;gBACxB6C,cAActB,QAAQe,IAAI;gBAC1BQ,gBAAgB5C,QAAQ6C,WAAW;gBACnCC,WAAW;gBACXC,WAAW7C,IAAIQ,OAAO,CAACsC,MAAM;YAC/B;YAEA,OAAO1C,SAASD,IAAI,CAAC;gBACnB4C,cAAcP;gBACdtC,eAAe2B;gBACfK,MAAMf,QAAQe,IAAI;YACpB;QACF;QACAc,QAAQ;QACRC,MAAM,CAAC,aAAa,CAAC;IACvB,CAAA,EAAE"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@bivola/refresh-auth",
3
- "version": "1.1.3",
3
+ "version": "1.1.5",
4
4
  "description": "A blank template to get started with Payload 3.0",
5
5
  "license": "MIT",
6
6
  "type": "module",