@dwtechs/toker-express 0.1.1 → 0.1.2

package/README.md

@@ -2,6 +2,7 @@
 [![License: MIT](https://img.shields.io/npm/l/@dwtechs/toker-express.svg?color=brightgreen)](https://opensource.org/licenses/MIT)
 [![npm version](https://badge.fury.io/js/%40dwtechs%2Ftoker-express.svg)](https://www.npmjs.com/package/@dwtechs/toker-express)
 [![last version release date](https://img.shields.io/github/release-date/DWTechs/Toker-express.js)](https://www.npmjs.com/package/@dwtechs/toker-express)
+![Jest:coverage](https://img.shields.io/badge/Jest:coverage-83%25-brightgreen.svg)
 
 
 - [Synopsis](#synopsis)
@@ -124,13 +125,13 @@ const refreshDuration = isNumber(REFRESH_TOKEN_DURATION, false) ? REFRESH_TOKEN_
 /**
  * Refreshes the JWT tokens for a user.
  *
- * This function generates new access and refresh tokens for a user based on the provided
+ * This function generates new access and refresh tokens for a consumer based on the provided
  * decoded access token or user ID in the request body. It validates the issuer (iss) and
  * creates new tokens if the validation is successful. The new tokens are then added to the
- * response object.
+ * response local and the request body objects.
  *
- * @param {Request} req - The request object containing the decoded access token or user ID.
- * @param {MyResponse} res - The response object where the new tokens will be added.
+ * @param {Request} req - The request object containing the decoded access token or user ID. Where the new tokens will be added
+ * @param {Response} res - The response object where the new tokens will be added.
  * @param {NextFunction} next - The next middleware function in the Express.js request-response cycle.
  *
  * @returns {Promise<void>} Calls the next middleware function with an error if the issuer is invalid,
@@ -142,9 +143,8 @@ const refreshDuration = isNumber(REFRESH_TOKEN_DURATION, false) ? REFRESH_TOKEN_
  * @throws {InvalidBase64Secret} If the secret cannot be decoded from base64 (HTTP 500)
  * @throws {Object} Will call next() with error object containing:
  *   - statusCode: 400 - When iss (issuer) is missing or invalid
- *   - statusCode: 400 - When iss is not a valid number between 1 and 999999999
  */
-function refresh(req: Request, res: MyResponse, next: NextFunction): void {}
+function refresh(req: Request, res: Response, next: NextFunction): void {}
 
 /**
  * Express middleware function to decode and verify an access token from the Authorization header.
@@ -213,10 +213,13 @@ This function will look for an ISS in the client request body :
 const iss = req.body.decodedAccessToken?.iss || req.body?.id?.toString();
 ```
 
-It will then send both new refresh and access tokens in the res object.
+It will then send both new refresh and access tokens in the res.locals and req.body objects.
 
 ```Javascript
-res.rows = [{ accessToken, refreshToken }];
+res.locals.accessToken = accessToken;
+res.locals.refreshToken = refreshToken;
+req.body.accessToken = accessToken;
+req.body.refreshToken = refreshToken;
 ```
 
 ### JWT Decoding

package/dist/toker-express.d.ts

@@ -25,7 +25,6 @@ https://github.com/DWTechs/Toker-express.js
 */
 
 import type { Request, Response, NextFunction } from 'express';
-import type { MyResponse } from './interfaces';
 
 // Extend Express Request interface globally
 declare global {
@@ -38,7 +37,7 @@ declare global {
   }
 }
 
-declare function refresh(req: Request, res: MyResponse, next: NextFunction): Promise<void>;
+declare function refresh(req: Request, res: Response, next: NextFunction): Promise<void>;
 declare function decodeAccess(req: Request, _res: Response, next: NextFunction): void;
 declare function decodeRefresh(req: Request, _res: Response, next: NextFunction): Promise<void>;
 

package/dist/toker-express.js

@@ -38,21 +38,21 @@ var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argume
     });
 };
 const { TOKEN_SECRET, ACCESS_TOKEN_DURATION, REFRESH_TOKEN_DURATION } = process.env;
-const TE_PREFIX = "Toker-express: ";
+const LOGS_PREFIX = "Toker-express: ";
 if (!TOKEN_SECRET)
-    throw new Error(`${TE_PREFIX}Missing TOKEN_SECRET environment variable`);
+    throw new Error(`${LOGS_PREFIX}Missing TOKEN_SECRET environment variable`);
 if (!isString(TOKEN_SECRET, "!0"))
-    throw new Error(`${TE_PREFIX}Invalid TOKEN_SECRET environment variable`);
+    throw new Error(`${LOGS_PREFIX}Invalid TOKEN_SECRET environment variable`);
 const secrets = [TOKEN_SECRET];
-const accessDuration = isNumber(ACCESS_TOKEN_DURATION, false) ? ACCESS_TOKEN_DURATION : 600;
-const refreshDuration = isNumber(REFRESH_TOKEN_DURATION, false) ? REFRESH_TOKEN_DURATION : 86400;
+const accessDuration = isNumber(ACCESS_TOKEN_DURATION, false) ? Number(ACCESS_TOKEN_DURATION) : 600;
+const refreshDuration = isNumber(REFRESH_TOKEN_DURATION, false) ? Number(REFRESH_TOKEN_DURATION) : 86400;
 function refresh(req, res, next) {
     return __awaiter(this, void 0, void 0, function* () {
         var _a, _b, _c;
         const iss = ((_a = req.decodedAccessToken) === null || _a === void 0 ? void 0 : _a.iss) || ((_c = (_b = req.body) === null || _b === void 0 ? void 0 : _b.id) === null || _c === void 0 ? void 0 : _c.toString());
         if (!isValidNumber(iss, 1, 999999999, false))
-            return next({ statusCode: 400, message: `${TE_PREFIX}Missing iss` });
-        log.debug(`${TE_PREFIX}Create tokens for user ${iss}`);
+            return next({ statusCode: 400, message: `${LOGS_PREFIX}Missing iss` });
+        log.debug(`${LOGS_PREFIX}Create tokens for user ${iss}`);
         let accessToken;
         let refreshToken;
         try {
@@ -63,12 +63,15 @@ function refresh(req, res, next) {
             return next(err);
         }
         log.debug(`refreshToken='${refreshToken}', accessToken='${accessToken}'`);
-        res.rows = [{ accessToken, refreshToken }];
+        res.locals.accessToken = accessToken;
+        res.locals.refreshToken = refreshToken;
+        req.body.accessToken = accessToken;
+        req.body.refreshToken = refreshToken;
         next();
     });
 }
 function decodeAccess(req, _res, next) {
-    log.debug(`${TE_PREFIX}decode access token`);
+    log.debug(`${LOGS_PREFIX}decode access token`);
     if (!req.isProtected)
         return next();
     let t;
@@ -78,9 +81,9 @@ function decodeAccess(req, _res, next) {
     catch (e) {
         return next(e);
     }
-    log.debug(`${TE_PREFIX}accessToken : ${t}`);
+    log.debug(`${LOGS_PREFIX}accessToken : ${t}`);
     if (!isJWT(t))
-        return next({ statusCode: 401, message: `${TE_PREFIX}Invalid access token` });
+        return next({ statusCode: 401, message: `${LOGS_PREFIX}Invalid access token` });
     let decodedToken = null;
     try {
         decodedToken = verify(t, secrets, true);
@@ -89,17 +92,17 @@ function decodeAccess(req, _res, next) {
         return next(e);
     }
     if (!isValidNumber(decodedToken.iss, 1, 999999999, false))
-        return next({ statusCode: 400, message: `${TE_PREFIX}Missing iss` });
-    log.debug(`${TE_PREFIX}Decoded access token : ${JSON.stringify(decodedToken)}`);
+        return next({ statusCode: 400, message: `${LOGS_PREFIX}Missing iss` });
+    log.debug(`${LOGS_PREFIX}Decoded access token : ${JSON.stringify(decodedToken)}`);
     req.decodedAccessToken = decodedToken;
     next();
 }
 function decodeRefresh(req, _res, next) {
     return __awaiter(this, void 0, void 0, function* () {
         const token = req.body.refreshToken;
-        log.debug(`${TE_PREFIX}decodeRefresh(token=${token})`);
+        log.debug(`${LOGS_PREFIX}decodeRefresh(token=${token})`);
         if (!isJWT(token))
-            return next({ statusCode: 401, message: `${TE_PREFIX}Invalid refresh token` });
+            return next({ statusCode: 401, message: `${LOGS_PREFIX}Invalid refresh token` });
         let decodedToken = null;
         try {
             decodedToken = verify(token, secrets, false);
@@ -108,8 +111,8 @@ function decodeRefresh(req, _res, next) {
             return next(e);
         }
         if (!isValidNumber(decodedToken.iss, 1, 999999999, false))
-            return next({ statusCode: 400, message: `${TE_PREFIX}Missing iss` });
-        log.debug(`${TE_PREFIX}Decoded refresh token : ${JSON.stringify(req.decodedRefreshToken)}`);
+            return next({ statusCode: 400, message: `${LOGS_PREFIX}Missing iss` });
+        log.debug(`${LOGS_PREFIX}Decoded refresh token : ${JSON.stringify(req.decodedRefreshToken)}`);
         req.decodedRefreshToken = decodedToken;
         next();
     });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dwtechs/toker-express",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "description": "Open source JWT management library for Express.js to refresh and decode tokens safely.",
   "keywords": [
     "JWT",
@@ -31,7 +31,7 @@
     "rollup:mjs": "rollup --config rollup.config.mjs",
     "rollup:cjs": "rollup --config rollup.config.cjs.mjs",
     "rollup": "npm run rollup:mjs",
-    "test": ""
+    "test": "jest --coverage"
   },
   "files": [
     "dist/"
@@ -42,10 +42,13 @@
     "@dwtechs/winstan": "0.4.0"
   },
   "devDependencies": {
-    "@types/express": "5.0.0",
+    "@babel/preset-env": "7.26.0",
     "@rollup/plugin-node-resolve": "15.3.0",
+    "@types/express": "5.0.3",
+    "babel-jest": "29.7.0",
     "core-js": "3.38.1",
+    "jest": "29.7.0",
     "rollup": "4.24.0",
-    "typescript": "5.6.3"
+    "typescript": "5.9.2"
   }
 }