nodejs-quickstart-structure 2.1.2 → 2.2.1

package/templates/common/auth/js/controllers/authController.spec.js.ejs

@@ -1,27 +1,44 @@
 <%_ if (architecture === 'Clean Architecture') { _%>
-const AuthController = require('@/interfaces/controllers/auth/authController');
-const JwtService = require('@/infrastructure/auth/jwtService');
-<%_ } else { _%>
-const AuthController = require('@/controllers/authController');
-const JwtService = require('@/services/jwtService');
-<%_ } _%>
-const HTTP_STATUS = require('@/utils/httpCodes');
-const bcrypt = require('bcryptjs');
-
-jest.mock('bcryptjs');
-<%_ if (architecture === 'Clean Architecture') { _%>
 jest.mock('@/infrastructure/auth/jwtService');
+<%_ if (socialAuth && socialAuth.filter(a => a !== 'None').length > 0) { _%>
+jest.mock('@/infrastructure/auth/socialAuthService');
+jest.mock('@/usecases/auth/socialLoginUseCase');
+jest.mock('@/infrastructure/repositories/UserRepository');
+<%_ } _%>
 jest.mock('@/infrastructure/database/models/User', () => ({
-    findOne: jest.fn()
+    findOne: jest.fn(),
+    create: jest.fn()
 }));
-const User = require('@/infrastructure/database/models/User');
 <%_ } else { _%>
 jest.mock('@/services/jwtService');
+<%_ if (socialAuth && socialAuth.filter(a => a !== 'None').length > 0) { _%>
+jest.mock('@/services/socialAuthService');
+<%_ } _%>
 jest.mock('@/models/User', () => ({
-    findOne: jest.fn()
+    findOne: jest.fn(),
+    create: jest.fn()
 }));
+<%_ } _%>
+jest.mock('bcryptjs');
+
+<%_ if (architecture === 'Clean Architecture') { _%>
+const AuthController = require('@/interfaces/controllers/auth/authController');
+const JwtService = require('@/infrastructure/auth/jwtService');
+<%_ if (socialAuth && socialAuth.filter(a => a !== 'None').length > 0) { _%>
+const { SocialLoginUseCase } = require('@/usecases/auth/socialLoginUseCase');
+<%_ } _%>
+const User = require('@/infrastructure/database/models/User');
+<%_ } else { _%>
+const AuthController = require('@/controllers/authController');
+const JwtService = require('@/services/jwtService');
+<%_ if (socialAuth && socialAuth.filter(a => a !== 'None').length > 0) { _%>
+const { SocialAuthService } = require('@/services/socialAuthService');
+<%_ } _%>
 const User = require('@/models/User');
 <%_ } _%>
+const HTTP_STATUS = require('@/utils/httpCodes');
+const bcrypt = require('bcryptjs');
+
 <%_ if (caching !== 'None') { _%>
 <%_ const cachePath = (architecture === "MVC") ? (caching === "Redis" ? "@/config/redisClient" : "@/config/memoryCache") : (caching === "Redis" ? "@/infrastructure/caching/redisClient" : "@/infrastructure/caching/memoryCache"); _%>
 jest.mock('<%= cachePath %>', () => ({
@@ -42,11 +59,16 @@ describe('AuthController', () => {
         controller = new AuthController();
         mockReq = {
             body: {},
-            headers: {}
+            headers: {},
+            query: {},
+            cookies: {}
         };
         mockRes = {
             status: jest.fn().mockReturnThis(),
-            json: jest.fn()
+            json: jest.fn(),
+            cookie: jest.fn(),
+            clearCookie: jest.fn(),
+            redirect: jest.fn()
         };
         next = jest.fn();
         jest.clearAllMocks();
@@ -62,7 +84,6 @@ describe('AuthController', () => {
             JwtService.generateRefreshToken.mockReturnValue('mock-refresh-token');
             JwtService.decodeToken.mockReturnValue({ jti: 'test-jti' });
 
-            // Mock cacheService
             <% if (caching !== 'None') { %>
             cacheService.get.mockResolvedValue([]);
             cacheService.set.mockResolvedValue();<% } %>
@@ -73,7 +94,7 @@ describe('AuthController', () => {
             expect(mockRes.json).toHaveBeenCalledWith({ token: 'mock-access-token', accessToken: 'mock-access-token', refreshToken: 'mock-refresh-token' });
         });
 
-        it('should return 401 on invalid email', async () => {
+        it('should return 401 if user not found', async () => {
             mockReq.body = { email: 'wrong@test.com', password: 'password123' };
             User.findOne.mockResolvedValue(null);
 
@@ -82,7 +103,7 @@ describe('AuthController', () => {
             expect(mockRes.status).toHaveBeenCalledWith(HTTP_STATUS.UNAUTHORIZED);
         });
 
-        it('should return 401 on invalid password', async () => {
+        it('should return 401 if password invalid', async () => {
             const user = { id: 1, email: 'test@test.com', password: 'hashedpassword' };
             mockReq.body = { email: 'test@test.com', password: 'wrongpassword' };
             User.findOne.mockResolvedValue(user);
@@ -92,57 +113,312 @@ describe('AuthController', () => {
 
             expect(mockRes.status).toHaveBeenCalledWith(HTTP_STATUS.UNAUTHORIZED);
         });
+
+        it('should call next on error', async () => {
+            const error = new Error('Database error');
+            User.findOne.mockRejectedValue(error);
+            mockReq.body = { email: 'test@test.com', password: 'password123' };
+
+            await controller.login(mockReq, mockRes, next);
+
+            expect(next).toHaveBeenCalledWith(error);
+        });
     });
 
-    describe('refresh', () => {
-        it('should return new tokens for a valid refresh token', async () => {
-            mockReq.body = { refreshToken: 'valid-refresh' };
-            const decoded = { id: '1', email: 'test@test.com', jti: 'old-jti' };
-            JwtService.verifyRefreshToken.mockReturnValue(decoded);
-            JwtService.generateToken.mockReturnValue('new-access');
-            JwtService.generateRefreshToken.mockReturnValue('new-refresh');
-            JwtService.decodeToken.mockReturnValue({ jti: 'new-jti' });
+  describe('refresh', () => {
+    it('should return 401 if refresh token is invalid', async () => {
+      mockReq.body = { refreshToken: 'invalid-token' };
+      JwtService.verifyRefreshToken.mockReturnValue(null);
 
-            <% if (caching !== 'None') { %>
-            cacheService.get.mockResolvedValue(['old-jti']);
-            cacheService.set.mockResolvedValue();
+      await controller.refresh(mockReq, mockRes, next);
+
+      expect(mockRes.status).toHaveBeenCalledWith(HTTP_STATUS.UNAUTHORIZED);
+    });
+
+    it('should return new tokens if refresh token is valid', async () => {
+      mockReq.body = { refreshToken: 'valid-token' };
+      const decoded = { id: '1', email: 'test@test.com', jti: 'test-jti' };
+      JwtService.verifyRefreshToken.mockReturnValue(decoded);
+      JwtService.generateRefreshToken.mockReturnValue('new-refresh-token');
+      JwtService.generateToken.mockReturnValue('new-access-token');
+      JwtService.decodeToken.mockReturnValue({ jti: 'new-jti' });
+
+      <% if (caching !== 'None') { %>
+      cacheService.get.mockResolvedValue(['test-jti']);
+      <% } else { %>
+      JwtService.activeRefreshTokens.set('1', ['test-jti']);
+      <% } %>
+
+      await controller.refresh(mockReq, mockRes, next);
+
+      expect(mockRes.json).toHaveBeenCalledWith(expect.objectContaining({ accessToken: 'new-access-token' }));
+    });
+
+    it('should return 401 if token theft detected', async () => {
+        mockReq.body = { refreshToken: 'stolen-token' };
+        const decoded = { id: '1', email: 'test@test.com', jti: 'stolen-jti' };
+        JwtService.verifyRefreshToken.mockReturnValue(decoded);
+        <% if (caching !== 'None') { %>
+        cacheService.get.mockResolvedValue(['other-jti']);
+        cacheService.del.mockResolvedValue();
+        <% } %>
+
+        await controller.refresh(mockReq, mockRes, next);
+
+        expect(mockRes.status).toHaveBeenCalledWith(HTTP_STATUS.UNAUTHORIZED);
+    });
+
+    it('should call next on refresh error', async () => {
+        const error = new Error('Redis error');
+        mockReq.body = { refreshToken: 'valid-token' };
+        JwtService.verifyRefreshToken.mockImplementation(() => { throw error; });
+
+        await controller.refresh(mockReq, mockRes, next);
+
+        expect(next).toHaveBeenCalledWith(error);
+    });
+  });
+
+  describe('logout', () => {
+    it('should return 400 if no token provided', async () => {
+      mockReq.headers = {};
+      await controller.logout(mockReq, mockRes, next);
+      expect(mockRes.status).toHaveBeenCalledWith(HTTP_STATUS.BAD_REQUEST);
+    });
+
+    it('should logout successfully', async () => {
+      mockReq.headers = { authorization: 'Bearer valid-token' };
+      mockReq.body = { refreshToken: 'valid-refresh-token' };
+      JwtService.decodeToken.mockReturnValueOnce({ jti: 'access-jti', exp: Math.floor(Date.now() / 1000) + 3600 })
+                            .mockReturnValueOnce({ id: '1', jti: 'refresh-jti' });
+
+      <% if (caching !== 'None') { %>
+      cacheService.get.mockResolvedValue(['refresh-jti']);
+      <% } else { %>
+      JwtService.activeRefreshTokens.set('1', ['refresh-jti']);
+      <% } %>
+
+      await controller.logout(mockReq, mockRes, next);
+
+      expect(mockRes.json).toHaveBeenCalledWith({ message: 'Logged out successfully' });
+    });
+
+    it('should handle logout even if no refresh token provided', async () => {
+        mockReq.headers = { authorization: 'Bearer valid-token' };
+        mockReq.body = {};
+        JwtService.decodeToken.mockReturnValue({ jti: 'access-jti', exp: Math.floor(Date.now() / 1000) + 3600 });
+
+        await controller.logout(mockReq, mockRes, next);
+
+        expect(mockRes.json).toHaveBeenCalledWith({ message: 'Logged out successfully' });
+    });
+
+    it('should call next on logout error', async () => {
+        const error = new Error('Logout error');
+        mockReq.headers = { authorization: 'Bearer valid-token' };
+        JwtService.decodeToken.mockImplementation(() => { throw error; });
+
+        await controller.logout(mockReq, mockRes, next);
+
+        expect(next).toHaveBeenCalledWith(error);
+    });
+  });
+
+<% if (socialAuth && socialAuth.filter(a => a !== 'None').length > 0) { -%>
+    describe('socialExchange', () => {
+        it('should return 400 if code or provider missing', async () => {
+            mockReq.body = {};
+            await controller.socialExchange(mockReq, mockRes, next);
+            expect(mockRes.status).toHaveBeenCalledWith(HTTP_STATUS.BAD_REQUEST);
+        });
+
+        it('should exchange code for JWT tokens', async () => {
+            mockReq.body = { code: 'test-code', provider: 'Google' };
+            const user = { id: 1, email: 'social@test.com' };
+            
+            <% if (architecture === 'Clean Architecture') { %>
+            const mockUseCase = {
+                execute: jest.fn().mockResolvedValue({
+                    user,
+                    accessToken: 'mock-token',
+                    refreshToken: 'mock-refresh-token'
+                })
+            };
+            SocialLoginUseCase.mockImplementation(() => mockUseCase);
             <% } else { %>
-            JwtService.activeRefreshTokens.set('1', ['old-jti']);<% } %>
+            SocialAuthService.getGoogleProfile.mockResolvedValue({ email: 'social@test.com', id: 'google-id', name: 'Google User' });
+            User.findOne.mockResolvedValue(user);
+            JwtService.generateToken.mockReturnValue('mock-token');
+            JwtService.generateRefreshToken.mockReturnValue('mock-refresh-token');
+            <% } %>
+            JwtService.decodeToken.mockReturnValue({ jti: 'test-jti' });
 
-            await controller.refresh(mockReq, mockRes, next);
+            await controller.socialExchange(mockReq, mockRes, next);
 
-            expect(JwtService.generateToken).toHaveBeenCalledWith(expect.objectContaining({ sid: 'new-jti' }));
-            expect(mockRes.json).toHaveBeenCalledWith({ accessToken: 'new-access', refreshToken: 'new-refresh' });
+            expect(mockRes.json).toHaveBeenCalledWith(expect.objectContaining({ accessToken: 'mock-token' }));
         });
 
-        it('should detect theft and revoke if jti is not active', async () => {
-            mockReq.body = { refreshToken: 'stolen-refresh' };
-            const decoded = { id: '1', email: 'test@test.com', jti: 'stolen-jti' };
-            JwtService.verifyRefreshToken.mockReturnValue(decoded);
+        it('should return 400 for invalid provider', async () => {
+            mockReq.body = { code: 'test-code', provider: 'Invalid' };
+            await controller.socialExchange(mockReq, mockRes, next);
+            expect(mockRes.status).toHaveBeenCalledWith(HTTP_STATUS.BAD_REQUEST);
+        });
+    });
 
-            <% if (caching !== 'None') { %>
-            cacheService.get.mockResolvedValue(['different-jti']);
+    describe('social redirect methods', () => {
+        <% if (socialAuth.includes('Google')) { %>
+        it('googleLogin should redirect to Google', async () => {
+            await controller.googleLogin(mockReq, mockRes);
+            expect(mockRes.redirect).toHaveBeenCalledWith(expect.stringContaining('accounts.google.com'));
+        });
+
+        it('googleCallback should handle Google callback', async () => {
+            mockReq.query = { code: 'test-code', state: 'test-state' };
+            mockReq.cookies = { oauth_state: 'test-state' };
+            const user = { id: 1, email: 'google@test.com' };
+            
+            <% if (architecture === 'Clean Architecture') { %>
+            const mockUseCase = {
+                execute: jest.fn().mockResolvedValue({
+                    user,
+                    accessToken: 'mock-token',
+                    refreshToken: 'mock-refresh-token'
+                })
+            };
+            SocialLoginUseCase.mockImplementation(() => mockUseCase);
             <% } else { %>
-            JwtService.activeRefreshTokens.set('1', ['different-jti']);<% } %>
+            SocialAuthService.getGoogleProfile.mockResolvedValue({ email: 'google@test.com' });
+            User.findOne.mockResolvedValue(user);
+            JwtService.generateToken.mockReturnValue('mock-token');
+            JwtService.generateRefreshToken.mockReturnValue('mock-refresh-token');
+            <% } %>
+            JwtService.decodeToken.mockReturnValue({ jti: 'test-jti' });
 
-            await controller.refresh(mockReq, mockRes, next);
+            await controller.googleCallback(mockReq, mockRes, next);
 
-            expect(mockRes.status).toHaveBeenCalledWith(HTTP_STATUS.UNAUTHORIZED);
+            expect(mockRes.cookie).toHaveBeenCalledWith('accessToken', 'mock-token', expect.any(Object));
+            expect(mockRes.redirect).toHaveBeenCalledWith('/');
         });
-    });
 
-    describe('logout', () => {
-        it('should blacklist access jti and remove refresh jti', async () => {
-            mockReq.headers.authorization = 'Bearer access-token';
-            mockReq.body = { refreshToken: 'refresh-token' };
+        it('googleCallback should return 403 if state is invalid', async () => {
+            mockReq.query = { code: 'test-code', state: 'invalid-state' };
+            mockReq.cookies = { oauth_state: 'valid-state' };
+            await controller.googleCallback(mockReq, mockRes, next);
+            expect(mockRes.status).toHaveBeenCalledWith(HTTP_STATUS.FORBIDDEN);
+        });
+
+        it('googleCallback should create user if not exists (MVC)', async () => {
+            <% if (architecture === 'MVC') { %>
+            mockReq.query = { code: 'test-code', state: 'test-state' };
+            mockReq.cookies = { oauth_state: 'test-state' };
+            SocialAuthService.getGoogleProfile.mockResolvedValue({ email: 'new@google.com', id: 'google-id' });
+            User.findOne.mockResolvedValue(null);
+            User.create.mockResolvedValue({ id: '2', email: 'new@google.com' });
+            JwtService.generateToken.mockReturnValue('at');
+            JwtService.generateRefreshToken.mockReturnValue('rt');
+            JwtService.decodeToken.mockReturnValue({ jti: 'jti' });
+
+            await controller.googleCallback(mockReq, mockRes, next);
+            expect(User.create).toHaveBeenCalled();
+            <% } else { %>
+            expect(true).toBe(true);
+            <% } %>
+        });
+
+        it('googleCallback should redirect to login on error', async () => {
+            const error = new Error('Callback failed');
+            mockReq.query = { code: 'code', state: 'test-state' };
+            mockReq.cookies = { oauth_state: 'test-state' };
+            <% if (architecture === 'Clean Architecture') { %>
+            const mockUseCase = {
+                execute: jest.fn().mockRejectedValue(error)
+            };
+            SocialLoginUseCase.mockImplementation(() => mockUseCase);
+            <% } else { %>
+            SocialAuthService.getGoogleProfile.mockRejectedValue(error);
+            <% } %>
+
+            await controller.googleCallback(mockReq, mockRes, next);
+            expect(mockRes.redirect).toHaveBeenCalledWith('/login?error=social_auth_failed');
+        });
+        <% } %>
+
+        <% if (socialAuth.includes('GitHub')) { %>
+        it('githubLogin should redirect to GitHub', async () => {
+            await controller.githubLogin(mockReq, mockRes);
+            expect(mockRes.redirect).toHaveBeenCalledWith(expect.stringContaining('github.com'));
+        });
+
+        it('githubCallback should handle GitHub callback', async () => {
+            mockReq.query = { code: 'test-code', state: 'test-state' };
+            mockReq.cookies = { oauth_state: 'test-state' };
+            const user = { id: 1, email: 'github@test.com' };
             
-            JwtService.decodeToken
-                .mockReturnValueOnce({ jti: 'access-jti', exp: Math.floor(Date.now() / 1000) + 3600 })
-                .mockReturnValueOnce({ id: '1', jti: 'refresh-jti' });
+            <% if (architecture === 'Clean Architecture') { %>
+            const mockUseCase = {
+                execute: jest.fn().mockResolvedValue({
+                    user,
+                    accessToken: 'mock-token',
+                    refreshToken: 'mock-refresh-token'
+                })
+            };
+            SocialLoginUseCase.mockImplementation(() => mockUseCase);
+            <% } else { %>
+            SocialAuthService.getGithubProfile.mockResolvedValue({ email: 'github@test.com' });
+            User.findOne.mockResolvedValue(user);
+            JwtService.generateToken.mockReturnValue('mock-token');
+            JwtService.generateRefreshToken.mockReturnValue('mock-refresh-token');
+            <% } %>
+            JwtService.decodeToken.mockReturnValue({ jti: 'test-jti' });
+
+            await controller.githubCallback(mockReq, mockRes, next);
+
+            expect(mockRes.cookie).toHaveBeenCalledWith('accessToken', 'mock-token', expect.any(Object));
+            expect(mockRes.redirect).toHaveBeenCalledWith('/');
+        });
+
+        it('githubCallback should return 403 if state is invalid', async () => {
+            mockReq.query = { code: 'test-code', state: 'invalid-state' };
+            mockReq.cookies = { oauth_state: 'valid-state' };
+            await controller.githubCallback(mockReq, mockRes, next);
+            expect(mockRes.status).toHaveBeenCalledWith(HTTP_STATUS.FORBIDDEN);
+        });
+
+        it('githubCallback should create user if not exists (MVC)', async () => {
+            <% if (architecture === 'MVC') { %>
+            mockReq.query = { code: 'test-code', state: 'test-state' };
+            mockReq.cookies = { oauth_state: 'test-state' };
+            SocialAuthService.getGithubProfile.mockResolvedValue({ email: 'new@github.com', id: 'github-id' });
+            User.findOne.mockResolvedValue(null);
+            User.create.mockResolvedValue({ id: '2', email: 'new@github.com' });
+            JwtService.generateToken.mockReturnValue('at');
+            JwtService.generateRefreshToken.mockReturnValue('rt');
+            JwtService.decodeToken.mockReturnValue({ jti: 'jti' });
 
-            await controller.logout(mockReq, mockRes, next);
+            await controller.githubCallback(mockReq, mockRes, next);
+            expect(User.create).toHaveBeenCalled();
+            <% } else { %>
+            expect(true).toBe(true);
+            <% } %>
+        });
+
+        it('githubCallback should redirect to login on error', async () => {
+            const error = new Error('Callback failed');
+            mockReq.query = { code: 'code', state: 'test-state' };
+            mockReq.cookies = { oauth_state: 'test-state' };
+            <% if (architecture === 'Clean Architecture') { %>
+            const mockUseCase = {
+                execute: jest.fn().mockRejectedValue(error)
+            };
+            SocialLoginUseCase.mockImplementation(() => mockUseCase);
+            <% } else { %>
+            SocialAuthService.getGithubProfile.mockRejectedValue(error);
+            <% } %>
 
-            expect(mockRes.json).toHaveBeenCalledWith({ message: 'Logged out successfully' });
+            await controller.githubCallback(mockReq, mockRes, next);
+            expect(mockRes.redirect).toHaveBeenCalledWith('/login?error=social_auth_failed');
         });
+        <% } %>
     });
+<% } -%>
 });

package/templates/common/auth/js/middleware/authMiddleware.js.ejs

@@ -27,28 +27,32 @@ const authMiddleware = async (req, res, next) => {
   }
 
   if (decoded.jti) {
-    <%_ if (caching !== 'None') { -%>
+    <%_ if (caching !== 'None') { _%>
     const isBlacklisted = await cacheService.get(`blacklist:${decoded.jti}`);
     if (isBlacklisted) {
       return res.status(HTTP_STATUS.UNAUTHORIZED).json({ message: 'Token revoked' });
-    }<%_ } else { -%>
+    }
+    <%_ } else { _%>
     const expiryDate = JwtService.blacklistedTokens.get(decoded.jti);
     if (expiryDate && Date.now() < expiryDate) {
       return res.status(HTTP_STATUS.UNAUTHORIZED).json({ message: 'Token revoked' });
-    }<% } %>
+    }
+    <%_ } _%>
   }
 
   if (decoded.sid) {
-    <%_ if (caching !== 'None') { %>
+    <%_ if (caching !== 'None') { _%>
     const cacheKey = `refresh_tokens:${decoded.id}`;
     const activeTokens = await cacheService.get(cacheKey) || [];
     if (!activeTokens.includes(decoded.sid)) {
       return res.status(HTTP_STATUS.UNAUTHORIZED).json({ message: 'Session expired' });
-    }<%_ } else { -%>
+    }
+    <%_ } else { _%>
     const activeTokens = JwtService.activeRefreshTokens.get(String(decoded.id)) || [];
     if (!activeTokens.includes(decoded.sid)) {
       return res.status(HTTP_STATUS.UNAUTHORIZED).json({ message: 'Session expired' });
-    }<%_ } -%>
+    }
+    <%_ } _%>
   }
 
   req.user = decoded;

package/templates/common/auth/js/routes/authRoutes.js.ejs

@@ -12,5 +12,16 @@ const authController = new AuthController();
 router.post('/login', (req, res, next) => authController.login(req, res, next));
 router.post('/refresh', (req, res, next) => authController.refresh(req, res, next));
 router.post('/logout', authMiddleware, (req, res, next) => authController.logout(req, res, next));
+<%_ if (socialAuth && socialAuth.filter(a => a !== 'None').length > 0) { _%>
+router.post('/social/exchange', (req, res, next) => authController.socialExchange(req, res, next));
+<%_ if (socialAuth.includes('Google')) { _%>
+router.get('/google', (req, res) => authController.googleLogin(req, res));
+router.get('/google/callback', (req, res, next) => authController.googleCallback(req, res, next));
+<%_ } _%>
+<%_ if (socialAuth.includes('GitHub')) { _%>
+router.get('/github', (req, res) => authController.githubLogin(req, res));
+router.get('/github/callback', (req, res, next) => authController.githubCallback(req, res, next));
+<%_ } _%>
+<%_ } _%>
 
 module.exports = router;

package/templates/common/auth/js/services/jwtService.spec.js.ejs

@@ -58,6 +58,12 @@ describe('JwtService', () => {
             expect(jwt.verify).toHaveBeenCalledWith(token, secret);
             expect(result).toEqual(payload);
         });
+
+        it('should return null for an invalid token', () => {
+            jwt.verify.mockImplementation(() => { throw new Error('Invalid token'); });
+            const result = JwtService.verifyToken(token);
+            expect(result).toBeNull();
+        });
     });
 
     describe('verifyRefreshToken', () => {
@@ -69,6 +75,12 @@ describe('JwtService', () => {
             expect(jwt.verify).toHaveBeenCalledWith(token, 'test-refresh-secret');
             expect(result).toEqual(payload);
         });
+
+        it('should return null for an invalid refresh token', () => {
+            jwt.verify.mockImplementation(() => { throw new Error('Invalid token'); });
+            const result = JwtService.verifyRefreshToken(token);
+            expect(result).toBeNull();
+        });
     });
 
     describe('decodeToken', () => {
@@ -80,5 +92,23 @@ describe('JwtService', () => {
             expect(jwt.decode).toHaveBeenCalledWith(token);
             expect(result).toEqual(payload);
         });
+
+        it('should return null if decode fails', () => {
+            jwt.decode.mockImplementation(() => { throw new Error('Decode failed'); });
+            const result = JwtService.decodeToken(token);
+            expect(result).toBeNull();
+        });
+    });
+
+    describe('fallback values', () => {
+        it('should use default values if env not set', () => {
+            delete process.env.JWT_SECRET;
+            delete process.env.JWT_REFRESH_SECRET;
+            delete process.env.JWT_EXPIRES_IN;
+            delete process.env.JWT_REFRESH_EXPIRES_IN;
+            
+            expect(JwtService.SECRET).toBeDefined();
+            expect(JwtService.REFRESH_SECRET).toBeDefined();
+        });
     });
 });