najm-auth 1.1.24 → 1.1.26
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +7 -1
- package/dist/index.js +12 -9
- package/package.json +1 -1
package/dist/index.d.ts
CHANGED
|
@@ -727,7 +727,13 @@ declare class TokenService {
|
|
|
727
727
|
* Use this instead of bare verifyRefreshToken() when authenticating
|
|
728
728
|
* cookie-based sessions (SSR, /auth/me, middleware).
|
|
729
729
|
*/
|
|
730
|
-
validateRefreshSession(refreshToken: string): Promise<
|
|
730
|
+
validateRefreshSession(refreshToken: string): Promise<{
|
|
731
|
+
userId: string;
|
|
732
|
+
rotatedTokens?: {
|
|
733
|
+
refreshToken: string;
|
|
734
|
+
tokenFamily: string;
|
|
735
|
+
};
|
|
736
|
+
}>;
|
|
731
737
|
/**
|
|
732
738
|
* Read the refresh cookie and return the userId it belongs to.
|
|
733
739
|
* Lightweight check: verifies JWT signature and ensures the user
|
package/dist/index.js
CHANGED
|
@@ -1461,9 +1461,13 @@ var TokenService = class TokenService2 {
|
|
|
1461
1461
|
}
|
|
1462
1462
|
const isValid = this.hashToken(refreshToken) === stored.token;
|
|
1463
1463
|
if (!isValid) {
|
|
1464
|
-
|
|
1464
|
+
const tokens = await this.generateTokens(userId, stored.tokenFamily ?? void 0);
|
|
1465
|
+
return {
|
|
1466
|
+
userId,
|
|
1467
|
+
rotatedTokens: { refreshToken: tokens.refreshToken, tokenFamily: stored.tokenFamily }
|
|
1468
|
+
};
|
|
1465
1469
|
}
|
|
1466
|
-
return userId;
|
|
1470
|
+
return { userId };
|
|
1467
1471
|
}
|
|
1468
1472
|
/**
|
|
1469
1473
|
* Read the refresh cookie and return the userId it belongs to.
|
|
@@ -1607,10 +1611,6 @@ var TokenService = class TokenService2 {
|
|
|
1607
1611
|
if (!stored) {
|
|
1608
1612
|
Err5(this.t("errors.refreshTokenInvalid"));
|
|
1609
1613
|
}
|
|
1610
|
-
const isValid = this.hashToken(refreshToken) === stored.token;
|
|
1611
|
-
if (!isValid) {
|
|
1612
|
-
Err5(this.t("errors.refreshTokenInvalid"));
|
|
1613
|
-
}
|
|
1614
1614
|
return this.generateTokens(userId, stored.tokenFamily ?? void 0);
|
|
1615
1615
|
}
|
|
1616
1616
|
async revokeToken(userId) {
|
|
@@ -2246,11 +2246,14 @@ var AuthResolver = class AuthResolver2 {
|
|
|
2246
2246
|
if (!refreshToken)
|
|
2247
2247
|
return false;
|
|
2248
2248
|
const tokenService = await this.container.resolve(TokenService);
|
|
2249
|
-
const
|
|
2250
|
-
if (!userId)
|
|
2249
|
+
const result = await tokenService.validateRefreshSession(refreshToken);
|
|
2250
|
+
if (!result.userId)
|
|
2251
2251
|
return false;
|
|
2252
|
+
if (result.rotatedTokens) {
|
|
2253
|
+
cookieManager.setRefreshToken(result.rotatedTokens.refreshToken);
|
|
2254
|
+
}
|
|
2252
2255
|
const userService = await this.container.resolve(UserService);
|
|
2253
|
-
const user = await userService.getById(userId);
|
|
2256
|
+
const user = await userService.getById(result.userId);
|
|
2254
2257
|
if (!user)
|
|
2255
2258
|
return false;
|
|
2256
2259
|
return {
|