npm - @solidstarters/solid-core - Versions diffs - 1.2.87 → 1.2.88 - Mend

@solidstarters/solid-core 1.2.87 → 1.2.88

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@solidstarters/solid-core",
-  "version": "1.2.87",
+  "version": "1.2.88",
   "description": "This module is a NestJS module containing all the required core providers required by a Solid application",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/services/authentication.service.ts CHANGED Viewed

@@ -859,31 +859,45 @@ export class AuthenticationService {
     }
     async generateTokens(user: User) {
-        const refreshTokenId = randomUUID();
-        // const userRoleNames = user.roles.map((role) => role.name).join(';')
-        const userRoleNames = user.roles.map((role) => role.name);
         const [accessToken, refreshToken] = await Promise.all([
-            this.signToken<Partial<ActiveUserData>>(
-                user.id,
-                this.jwtConfiguration.accessTokenTtl,
-                { username: user.username, email: user.email, roles: userRoleNames },
-            ),
-            this.signToken(user.id, this.jwtConfiguration.refreshTokenTtl, {
-                refreshTokenId,
-            }),
+            this.generateAccessToken(user),
+            this.generateRefreshToken(user),
         ]);
-        // store the refresh token id in the redis storage.
-        await this.refreshTokenIdsStorage.insert(user.id, refreshTokenId);
         return {
             accessToken,
             refreshToken,
         };
     }
+    async generateAccessToken(user: User) {
+        // const userRoleNames = user.roles.map((role) => role.name).join(';')
+        const userRoleNames = user.roles.map((role) => role.name);
+        const accessToken = await this.signToken<Partial<ActiveUserData>>(
+            user.id,
+            this.jwtConfiguration.accessTokenTtl,
+            { username: user.username, email: user.email, roles: userRoleNames },
+        );
+        return accessToken;
+    }
+    async generateRefreshToken(user: User) {
+        const refreshTokenId = randomUUID();
+        const refreshToken = await this.signToken(user.id, this.jwtConfiguration.refreshTokenTtl, {
+            refreshTokenId,
+        })
+        // store the refresh token id in the redis storage.
+        await this.refreshTokenIdsStorage.insert(user.id, refreshToken);
+        return refreshToken;
+    }
     async refreshTokens(refreshTokenDto: RefreshTokenDto) {
         try {
             const { sub, refreshTokenId } = await this.jwtService.verifyAsync<Pick<ActiveUserData, 'sub'> & { refreshTokenId: string }>(refreshTokenDto.refreshToken, {
@@ -904,14 +918,21 @@ export class AuthenticationService {
                 throw new UnauthorizedException();
             }
-            const isValid = await this.refreshTokenIdsStorage.validate(user.id, refreshTokenId);
-            if (isValid) {
-                // Refresh token rotation.
-                await this.refreshTokenIdsStorage.invalidate(user.id);
-            } else {
-                throw new Error('Refresh token is invalid');
-            }
-            return this.generateTokens(user);
+            // TODO: Replace the if else condition below with a call to validateAndRotate - Done
+            // const isValid = await this.refreshTokenIdsStorage.validate(user.id, refreshTokenId);
+            // if (isValid) {
+            //     // Refresh token rotation.
+            //     await this.refreshTokenIdsStorage.invalidate(user.id);
+            // } else {
+            //     throw new Error('Refresh token is invalid');
+            // }
+            const currentRefreshToken = await this.refreshTokenIdsStorage.validateAndRotate(user, refreshTokenDto.refreshToken);
+            return {
+                accessToken: await this.generateAccessToken(user),
+                refreshToken: currentRefreshToken,
+            };
         } catch (err) {
             if (err instanceof InvalidatedRefreshTokenError) {
                 // Take action: notify user that his refresh token might have been stolen?

package/src/services/refresh-token-ids-storage.service.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { CACHE_MANAGER } from '@nestjs/cache-manager';
-import { Inject, Injectable } from '@nestjs/common';
+import { Inject, Injectable, forwardRef } from '@nestjs/common';
 import { Cache } from 'cache-manager';
+import { AuthenticationService } from './authentication.service';
 // TODO: Ideally this should be in a separate file - putting this here for brevity
 export class InvalidatedRefreshTokenError extends Error { }
@@ -21,24 +22,106 @@ export class RefreshTokenIdsStorageService {
     //     return this.redisClient.quit();
     // }
-    constructor(@Inject(CACHE_MANAGER) private cacheManager: Cache) {}
+    constructor(
+        @Inject(CACHE_MANAGER) private cacheManager: Cache,
+        @Inject(forwardRef(() => AuthenticationService))
+        private readonly authenticationService: AuthenticationService
+    ) { }
-    async insert(userId: number, tokenId: string): Promise<void> {
-        await this.cacheManager.set(this.getKey(userId), tokenId);
+    async insert(userId: number, refreshToken: string): Promise<void> {
+        // TODO: save a refresh token object with this shape {"currentRefreshToken": "", "previousRefreshToken": ""}
+        // Save a refresh token object with the shape: { currentRefreshToken: string, previousRefreshToken: string }
+        const existing = (await this.cacheManager.get(this.getKey(userId))) as { currentRefreshToken?: string, previousRefreshToken?: string } | undefined;
+        const refreshTokenState = {
+            currentRefreshToken: refreshToken,
+            previousRefreshToken: "",
+        };
+        await this.cacheManager.set(this.getKey(userId), refreshTokenState);
     }
-    async validate(userId: number, tokenId: string): Promise<boolean> {
+    async validate(userId: number, refreshToken: string): Promise<boolean> {
+        // TODO: Assume you get this shape out of the cache {"currentRefreshToken": "", "previousRefreshToken": ""}
+        // Then you will compare against the currentRefreshToken.
         const storedId = await this.cacheManager.get(this.getKey(userId));
-        if (storedId !== tokenId) {
+        if (storedId !== refreshToken) {
             throw new InvalidatedRefreshTokenError();
         }
-        return storedId === tokenId;
+        return storedId === refreshToken;
     }
     async invalidate(userId: number): Promise<void> {
         await this.cacheManager.del(this.getKey(userId));
     }
+    async validateAndRotate(user: any, refreshToken: string): Promise<string> {
+        let valid = false;
+        // TODO: Assume you get this shape out of the cache {"currentRefreshToken": "", "previousRefreshToken": ""}
+        // Then you will compare against the currentRefreshToken.
+        const refreshTokenState = await this.cacheManager.get(this.getKey(user.id));
+        console.log("refreshTokenState", refreshTokenState);
+        // Use the authentication service to generate a new refresh token, set it in the currentRefreshToken in scenario 1 and return.
+        // if UI.refresh_token is matching with Cache.currentRefreshToken
+        //   then invalidate (updated cache state, no need to delete anything), then generate new token and return.
+        //   also set a setTimeout to run after X minutes, this will simply update the RefreshTokenCacheState to this object {"currentRefreshToken": "R2","justInvalidatedRefreshToken": ""}
+        // valid=true
+        //   - if UI.refresh_token is matching Cache.justInvalidatedRefreshToken
+        //       then use the Cache.currentRefreshToken, generate new access token and return.
+        //       We do not modify the cache state at all.
+        // valid=true
+        let newRefreshToken: string | undefined;
+        if (
+            refreshTokenState &&
+            typeof refreshTokenState === 'object' &&
+            'currentRefreshToken' in refreshTokenState &&
+            'previousRefreshToken' in refreshTokenState
+        ) {
+            if (refreshTokenState.currentRefreshToken === refreshToken) {
+                // Scenario 1: Token matches currentRefreshToken
+                valid = true;
+                // Rotate tokens: move current to previous, set new current (simulate generation)
+                newRefreshToken = await this.authenticationService.generateRefreshToken(user); // Replace with real token generation logic
+                //   updated cache state
+                await this.cacheManager.set(this.getKey(user.id), {
+                    currentRefreshToken: newRefreshToken,
+                    previousRefreshToken: refreshTokenState.currentRefreshToken,
+                });
+                // Optionally, set a timeout to clear previousRefreshToken after X minutes
+                setTimeout(async () => {
+                    const state = (await this.cacheManager.get(this.getKey(user.id))) as any;
+                    if (state && state.currentRefreshToken === newRefreshToken) {
+                        await this.cacheManager.set(this.getKey(user.id), {
+                            currentRefreshToken: newRefreshToken,
+                            previousRefreshToken: "",
+                        });
+                    }
+                }, 1 * 60 * 1000); // 5 minutes
+            } else if (refreshTokenState.previousRefreshToken === refreshToken) {
+                // Scenario 2: Token matches previousRefreshToken
+                valid = true;
+                // Do not modify cache
+                // Generate new refresh token based on currentRefreshToken
+                const existingRefreshTokenState = (await this.cacheManager.get(this.getKey(user.id))) as { currentRefreshToken?: string, previousRefreshToken?: string } | undefined;
+                newRefreshToken = existingRefreshTokenState?.currentRefreshToken;
+            }
+        }
+        if (!valid) {
+            throw new InvalidatedRefreshTokenError();
+        }
+        // TODO: return the refresh token either currentRefreshToken
+        return newRefreshToken; // Fallback to the provided tokenId if no new token was generated
+    }
     private getKey(userId: number): string {
         return `user-${userId}`;
     }