@bivola/refresh-auth 1.1.5 → 1.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/endpoints/refresh.js +2 -3
  2. package/dist/endpoints/refresh.js.map +1 -1
  3. package/package.json +1 -1
package/dist/endpoints/refresh.js CHANGED
@@ -20,7 +20,6 @@ export const refreshEndpoint = (options)=>({
20
20
  }
21
21
  }
22
22
  });
23
- console.log(result);
24
23
  if (!result?.docs?.length) {
25
24
  return Response.json({
26
25
  message: 'Unauthorized.'
@@ -57,7 +56,7 @@ export const refreshEndpoint = (options)=>({
57
56
  collection: 'refresh-tokens',
58
57
  data: {
59
58
  deviceId,
60
- entity: session.user,
59
+ entity: session.entity,
61
60
  expiresAt: new Date(now.getTime() + options.refreshTokenTTL * 24 * 60 * 60 * 1000),
62
61
  lastUsedAt: now,
63
62
  tokenHash,
@@ -75,7 +74,7 @@ export const refreshEndpoint = (options)=>({
75
74
  }
76
75
  });
77
76
  const accessJWT = signJWT({
78
- collectionId: session.user,
77
+ collectionId: session.entity,
79
78
  collectionSlug: options.entity_slug,
80
79
  expiresIn: '15m',
81
80
  rawSecret: req.payload.secret
package/dist/endpoints/refresh.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/endpoints/refresh.ts"],"sourcesContent":["import type { Endpoint } from 'payload'\n\nimport type { AuthRefreshPluginOptions } from '../index'\n\nimport { RevocationReason } from '../collections/refreshTokens'\nimport { createRefreshToken, hashToken } from '../utils/crypto'\nimport { getRequestMeta } from '../utils/getRequestMeta'\nimport { signJWT } from '../utils/jwt'\n\ntype RefreshEndpointOptions = Pick<\n AuthRefreshPluginOptions,\n 'entity_slug' | 'identifier_field' | 'pepper' | 'refreshTokenTTL'\n>\n\nexport const refreshEndpoint = (options: RefreshEndpointOptions): Endpoint => ({\n handler: async (req) => {\n const { deviceId, refresh_token } = (await req.json?.()) || {}\n\n if (!refresh_token || !deviceId) {\n return Response.json(\n { message: 'Refresh token and device ID are required.' },\n { status: 400 },\n )\n }\n\n const result = await req.payload.find({\n collection: 'refresh-tokens',\n where: {\n tokenHash: {\n equals: hashToken(refresh_token, options.pepper),\n },\n },\n })\n\n console.log(result)\n\n if (!result?.docs?.length) {\n return Response.json({ message: 'Unauthorized.' }, { status: 401 })\n }\n\n const session = result.docs[0]\n\n if (session.deviceId !== deviceId || session.expiresAt < new Date() || session.revokedAt) {\n return Response.json({ message: 'Unauthorized.' }, { status: 401 })\n }\n\n if (session.rotatedAt) {\n await req.payload.update({\n id: session.id,\n collection: 'refresh-tokens',\n data: { revocationReason: RevocationReason.SuspiciousActivity, revokedAt: new Date() },\n })\n return Response.json({ message: 'Unauthorized.' }, { status: 401 })\n }\n\n const { token, tokenHash } = createRefreshToken(options.pepper)\n const now = new Date()\n\n const newSession = await req.payload.create({\n collection: 'refresh-tokens',\n data: {\n deviceId,\n entity: session.user,\n expiresAt: new Date(now.getTime() + options.refreshTokenTTL * 24 * 60 * 60 * 1000),\n lastUsedAt: now,\n tokenHash,\n ...getRequestMeta(req),\n },\n })\n\n await req.payload.update({\n id: session.id,\n collection: 'refresh-tokens',\n data: {\n lastUsedAt: now,\n replacedBy: newSession.id,\n revocationReason: RevocationReason.TokenRotation,\n rotatedAt: now,\n },\n })\n\n const accessJWT = signJWT({\n collectionId: session.user,\n collectionSlug: options.entity_slug,\n expiresIn: '15m',\n rawSecret: req.payload.secret,\n })\n\n return Response.json({\n access_token: accessJWT,\n refresh_token: token,\n user: session.user,\n })\n },\n method: 'post',\n path: `/auth/refresh`,\n})\n"],"names":["RevocationReason","createRefreshToken","hashToken","getRequestMeta","signJWT","refreshEndpoint","options","handler","req","deviceId","refresh_token","json","Response","message","status","result","payload","find","collection","where","tokenHash","equals","pepper","console","log","docs","length","session","expiresAt","Date","revokedAt","rotatedAt","update","id","data","revocationReason","SuspiciousActivity","token","now","newSession","create","entity","user","getTime","refreshTokenTTL","lastUsedAt","replacedBy","TokenRotation","accessJWT","collectionId","collectionSlug","entity_slug","expiresIn","rawSecret","secret","access_token","method","path"],"mappings":"AAIA,SAASA,gBAAgB,QAAQ,+BAA8B;AAC/D,SAASC,kBAAkB,EAAEC,SAAS,QAAQ,kBAAiB;AAC/D,SAASC,cAAc,QAAQ,0BAAyB;AACxD,SAASC,OAAO,QAAQ,eAAc;AAOtC,OAAO,MAAMC,kBAAkB,CAACC,UAA+C,CAAA;QAC7EC,SAAS,OAAOC;YACd,MAAM,EAAEC,QAAQ,EAAEC,aAAa,EAAE,GAAG,AAAC,MAAMF,IAAIG,IAAI,QAAS,CAAC;YAE7D,IAAI,CAACD,iBAAiB,CAACD,UAAU;gBAC/B,OAAOG,SAASD,IAAI,CAClB;oBAAEE,SAAS;gBAA4C,GACvD;oBAAEC,QAAQ;gBAAI;YAElB;YAEA,MAAMC,SAAS,MAAMP,IAAIQ,OAAO,CAACC,IAAI,CAAC;gBACpCC,YAAY;gBACZC,OAAO;oBACLC,WAAW;wBACTC,QAAQnB,UAAUQ,eAAeJ,QAAQgB,MAAM;oBACjD;gBACF;YACF;YAEAC,QAAQC,GAAG,CAACT;YAEZ,IAAI,CAACA,QAAQU,MAAMC,QAAQ;gBACzB,OAAOd,SAASD,IAAI,CAAC;oBAAEE,SAAS;gBAAgB,GAAG;oBAAEC,QAAQ;gBAAI;YACnE;YAEA,MAAMa,UAAUZ,OAAOU,IAAI,CAAC,EAAE;YAE9B,IAAIE,QAAQlB,QAAQ,KAAKA,YAAYkB,QAAQC,SAAS,GAAG,IAAIC,UAAUF,QAAQG,SAAS,EAAE;gBACxF,OAAOlB,SAASD,IAAI,CAAC;oBAAEE,SAAS;gBAAgB,GAAG;oBAAEC,QAAQ;gBAAI;YACnE;YAEA,IAAIa,QAAQI,SAAS,EAAE;gBACrB,MAAMvB,IAAIQ,OAAO,CAACgB,MAAM,CAAC;oBACvBC,IAAIN,QAAQM,EAAE;oBACdf,YAAY;oBACZgB,MAAM;wBAAEC,kBAAkBnC,iBAAiBoC,kBAAkB;wBAAEN,WAAW,IAAID;oBAAO;gBACvF;gBACA,OAAOjB,SAASD,IAAI,CAAC;oBAAEE,SAAS;gBAAgB,GAAG;oBAAEC,QAAQ;gBAAI;YACnE;YAEA,MAAM,EAAEuB,KAAK,EAAEjB,SAAS,EAAE,GAAGnB,mBAAmBK,QAAQgB,MAAM;YAC9D,MAAMgB,MAAM,IAAIT;YAEhB,MAAMU,aAAa,MAAM/B,IAAIQ,OAAO,CAACwB,MAAM,CAAC;gBAC1CtB,YAAY;gBACZgB,MAAM;oBACJzB;oBACAgC,QAAQd,QAAQe,IAAI;oBACpBd,WAAW,IAAIC,KAAKS,IAAIK,OAAO,KAAKrC,QAAQsC,eAAe,GAAG,KAAK,KAAK,KAAK;oBAC7EC,YAAYP;oBACZlB;oBACA,GAAGjB,eAAeK,IAAI;gBACxB;YACF;YAEA,MAAMA,IAAIQ,OAAO,CAACgB,MAAM,CAAC;gBACvBC,IAAIN,QAAQM,EAAE;gBACdf,YAAY;gBACZgB,MAAM;oBACJW,YAAYP;oBACZQ,YAAYP,WAAWN,EAAE;oBACzBE,kBAAkBnC,iBAAiB+C,aAAa;oBAChDhB,WAAWO;gBACb;YACF;YAEA,MAAMU,YAAY5C,QAAQ;gBACxB6C,cAActB,QAAQe,IAAI;gBAC1BQ,gBAAgB5C,QAAQ6C,WAAW;gBACnCC,WAAW;gBACXC,WAAW7C,IAAIQ,OAAO,CAACsC,MAAM;YAC/B;YAEA,OAAO1C,SAASD,IAAI,CAAC;gBACnB4C,cAAcP;gBACdtC,eAAe2B;gBACfK,MAAMf,QAAQe,IAAI;YACpB;QACF;QACAc,QAAQ;QACRC,MAAM,CAAC,aAAa,CAAC;IACvB,CAAA,EAAE"}
1
+ {"version":3,"sources":["../../src/endpoints/refresh.ts"],"sourcesContent":["import type { Endpoint } from 'payload'\n\nimport type { AuthRefreshPluginOptions } from '../index'\n\nimport { RevocationReason } from '../collections/refreshTokens'\nimport { createRefreshToken, hashToken } from '../utils/crypto'\nimport { getRequestMeta } from '../utils/getRequestMeta'\nimport { signJWT } from '../utils/jwt'\n\ntype RefreshEndpointOptions = Pick<\n AuthRefreshPluginOptions,\n 'entity_slug' | 'identifier_field' | 'pepper' | 'refreshTokenTTL'\n>\n\nexport const refreshEndpoint = (options: RefreshEndpointOptions): Endpoint => ({\n handler: async (req) => {\n const { deviceId, refresh_token } = (await req.json?.()) || {}\n\n if (!refresh_token || !deviceId) {\n return Response.json(\n { message: 'Refresh token and device ID are required.' },\n { status: 400 },\n )\n }\n\n const result = await req.payload.find({\n collection: 'refresh-tokens',\n where: {\n tokenHash: {\n equals: hashToken(refresh_token, options.pepper),\n },\n },\n })\n\n if (!result?.docs?.length) {\n return Response.json({ message: 'Unauthorized.' }, { status: 401 })\n }\n\n const session = result.docs[0]\n\n if (session.deviceId !== deviceId || session.expiresAt < new Date() || session.revokedAt) {\n return Response.json({ message: 'Unauthorized.' }, { status: 401 })\n }\n\n if (session.rotatedAt) {\n await req.payload.update({\n id: session.id,\n collection: 'refresh-tokens',\n data: { revocationReason: RevocationReason.SuspiciousActivity, revokedAt: new Date() },\n })\n return Response.json({ message: 'Unauthorized.' }, { status: 401 })\n }\n\n const { token, tokenHash } = createRefreshToken(options.pepper)\n const now = new Date()\n\n const newSession = await req.payload.create({\n collection: 'refresh-tokens',\n data: {\n deviceId,\n entity: session.entity,\n expiresAt: new Date(now.getTime() + options.refreshTokenTTL * 24 * 60 * 60 * 1000),\n lastUsedAt: now,\n tokenHash,\n ...getRequestMeta(req),\n },\n })\n\n await req.payload.update({\n id: session.id,\n collection: 'refresh-tokens',\n data: {\n lastUsedAt: now,\n replacedBy: newSession.id,\n revocationReason: RevocationReason.TokenRotation,\n rotatedAt: now,\n },\n })\n\n const accessJWT = signJWT({\n collectionId: session.entity,\n collectionSlug: options.entity_slug,\n expiresIn: '15m',\n rawSecret: req.payload.secret,\n })\n\n return Response.json({\n access_token: accessJWT,\n refresh_token: token,\n user: session.user,\n })\n },\n method: 'post',\n path: `/auth/refresh`,\n})\n"],"names":["RevocationReason","createRefreshToken","hashToken","getRequestMeta","signJWT","refreshEndpoint","options","handler","req","deviceId","refresh_token","json","Response","message","status","result","payload","find","collection","where","tokenHash","equals","pepper","docs","length","session","expiresAt","Date","revokedAt","rotatedAt","update","id","data","revocationReason","SuspiciousActivity","token","now","newSession","create","entity","getTime","refreshTokenTTL","lastUsedAt","replacedBy","TokenRotation","accessJWT","collectionId","collectionSlug","entity_slug","expiresIn","rawSecret","secret","access_token","user","method","path"],"mappings":"AAIA,SAASA,gBAAgB,QAAQ,+BAA8B;AAC/D,SAASC,kBAAkB,EAAEC,SAAS,QAAQ,kBAAiB;AAC/D,SAASC,cAAc,QAAQ,0BAAyB;AACxD,SAASC,OAAO,QAAQ,eAAc;AAOtC,OAAO,MAAMC,kBAAkB,CAACC,UAA+C,CAAA;QAC7EC,SAAS,OAAOC;YACd,MAAM,EAAEC,QAAQ,EAAEC,aAAa,EAAE,GAAG,AAAC,MAAMF,IAAIG,IAAI,QAAS,CAAC;YAE7D,IAAI,CAACD,iBAAiB,CAACD,UAAU;gBAC/B,OAAOG,SAASD,IAAI,CAClB;oBAAEE,SAAS;gBAA4C,GACvD;oBAAEC,QAAQ;gBAAI;YAElB;YAEA,MAAMC,SAAS,MAAMP,IAAIQ,OAAO,CAACC,IAAI,CAAC;gBACpCC,YAAY;gBACZC,OAAO;oBACLC,WAAW;wBACTC,QAAQnB,UAAUQ,eAAeJ,QAAQgB,MAAM;oBACjD;gBACF;YACF;YAEA,IAAI,CAACP,QAAQQ,MAAMC,QAAQ;gBACzB,OAAOZ,SAASD,IAAI,CAAC;oBAAEE,SAAS;gBAAgB,GAAG;oBAAEC,QAAQ;gBAAI;YACnE;YAEA,MAAMW,UAAUV,OAAOQ,IAAI,CAAC,EAAE;YAE9B,IAAIE,QAAQhB,QAAQ,KAAKA,YAAYgB,QAAQC,SAAS,GAAG,IAAIC,UAAUF,QAAQG,SAAS,EAAE;gBACxF,OAAOhB,SAASD,IAAI,CAAC;oBAAEE,SAAS;gBAAgB,GAAG;oBAAEC,QAAQ;gBAAI;YACnE;YAEA,IAAIW,QAAQI,SAAS,EAAE;gBACrB,MAAMrB,IAAIQ,OAAO,CAACc,MAAM,CAAC;oBACvBC,IAAIN,QAAQM,EAAE;oBACdb,YAAY;oBACZc,MAAM;wBAAEC,kBAAkBjC,iBAAiBkC,kBAAkB;wBAAEN,WAAW,IAAID;oBAAO;gBACvF;gBACA,OAAOf,SAASD,IAAI,CAAC;oBAAEE,SAAS;gBAAgB,GAAG;oBAAEC,QAAQ;gBAAI;YACnE;YAEA,MAAM,EAAEqB,KAAK,EAAEf,SAAS,EAAE,GAAGnB,mBAAmBK,QAAQgB,MAAM;YAC9D,MAAMc,MAAM,IAAIT;YAEhB,MAAMU,aAAa,MAAM7B,IAAIQ,OAAO,CAACsB,MAAM,CAAC;gBAC1CpB,YAAY;gBACZc,MAAM;oBACJvB;oBACA8B,QAAQd,QAAQc,MAAM;oBACtBb,WAAW,IAAIC,KAAKS,IAAII,OAAO,KAAKlC,QAAQmC,eAAe,GAAG,KAAK,KAAK,KAAK;oBAC7EC,YAAYN;oBACZhB;oBACA,GAAGjB,eAAeK,IAAI;gBACxB;YACF;YAEA,MAAMA,IAAIQ,OAAO,CAACc,MAAM,CAAC;gBACvBC,IAAIN,QAAQM,EAAE;gBACdb,YAAY;gBACZc,MAAM;oBACJU,YAAYN;oBACZO,YAAYN,WAAWN,EAAE;oBACzBE,kBAAkBjC,iBAAiB4C,aAAa;oBAChDf,WAAWO;gBACb;YACF;YAEA,MAAMS,YAAYzC,QAAQ;gBACxB0C,cAAcrB,QAAQc,MAAM;gBAC5BQ,gBAAgBzC,QAAQ0C,WAAW;gBACnCC,WAAW;gBACXC,WAAW1C,IAAIQ,OAAO,CAACmC,MAAM;YAC/B;YAEA,OAAOvC,SAASD,IAAI,CAAC;gBACnByC,cAAcP;gBACdnC,eAAeyB;gBACfkB,MAAM5B,QAAQ4B,IAAI;YACpB;QACF;QACAC,QAAQ;QACRC,MAAM,CAAC,aAAa,CAAC;IACvB,CAAA,EAAE"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@bivola/refresh-auth",
3
- "version": "1.1.5",
3
+ "version": "1.1.6",
4
4
  "description": "A blank template to get started with Payload 3.0",
5
5
  "license": "MIT",
6
6
  "type": "module",