npm - propro-utils - Versions diffs - 1.3.14 → 1.3.15 - Mend

propro-utils 1.3.14 → 1.3.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json +1 -1
package/src/server/index.js +85 -41
package/src/server/middleware/refreshToken.js +6 -6

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "propro-utils",
-  "version": "1.3.14",
+  "version": "1.3.15",
   "description": "Auth middleware for propro-auth",
   "main": "src/index.js",
   "scripts": {

package/src/server/index.js CHANGED Viewed

@@ -4,8 +4,90 @@ const {
   exchangeToken,
   VerifyAccount,
 } = require("./middleware/verifyToken");
-const {refreshTokenMiddleware} = require("./middleware");
-// Main middleware function
+// const {refreshTokenMiddleware} = require("./middleware");
+const refreshLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 100, // Limit each IP to 100 requests per 15 minutes
+  message: "Too many refresh requests from this IP, please try again after 15 minutes",
+});
+const refreshTokenCache = new Map();
+/**
+ * Middleware to refresh access token using refresh token.
+ *
+ * @param {Object} req - The request object.
+ * @param {Object} res - The response object.
+ * @param {Function} next - The next middleware function.
+ * @returns {void}
+ */
+async function refreshTokenMiddleware(req, res, next) {
+  refreshLimiter(req, res, async () => {
+    const refreshToken = req.cookies['x-refresh-token'];
+    if (!refreshToken) {
+      return res.status(401).json({ error: "No refresh token provided" });
+    }
+    if (!isValidRefreshTokenFormat(refreshToken)) {
+      return res.status(400).json({ error: "Invalid refresh token format" });
+    }
+    if (refreshTokenCache.has(refreshToken)) {
+      req.newAccessToken = refreshTokenCache.get(refreshToken);
+      return next();
+    }
+    try {
+      const response = await axios.post(
+          `${process.env.AUTH_URL}/oauth/token`,
+          new URLSearchParams({
+            grant_type: "refresh_token",
+            refresh_token: refreshToken,
+            client_id: process.env.CLIENT_ID,
+            client_secret: process.env.CLIENT_SECRET,
+          }),
+          { headers: { "Content-Type": "application/x-www-form-urlencoded" } }
+      );
+      if (response.data && response.data.access_token) {
+        refreshTokenCache.set(refreshToken, response.data.access_token);
+        req.newAccessToken = response.data.access_token;
+        next();
+      } else {
+        res.status(401).json({ error: "Unable to refresh token" });
+      }
+    } catch (error) {
+      const statusCode = error.response?.status || 500;
+      res.status(statusCode).json({ error: error.response?.data?.error || "Error refreshing token" });
+    }
+  });
+}
+/**
+ * Checks if the given token has a valid refresh token format.
+ *
+ * @param {string} token - The token to validate.
+ *
+ * @return {boolean} - Returns true if the token has a valid refresh token format, otherwise false.
+ */
+function isValidRefreshTokenFormat(token) {
+  const jwtPattern = /^[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+$/;
+  return jwtPattern.test(token);
+}
+/**
+ * Middleware for handling authentication and authorization.
+ *
+ * @param {object} [options={}] - The options for configuring the authentication middleware.
+ * @param {string} [options.secret="RESTFULAPIs"] - The secret key used for authentication.
+ * @param {string} [options.authUrl=process.env.AUTH_URL] - The authentication URL.
+ * @param {string} [options.clientId=process.env.CLIENT_ID] - The client ID.
+ * @param {string} [options.clientSecret=process.env.CLIENT_SECRET] - The client secret.
+ * @param {string} [options.clientUrl=process.env.CLIENT_URL] - The client URL.
+ * @param {string} [options.redirectUri=process.env.REDIRECT_URI] - The redirect URI.
+ * @param {string} [options.appName=process.env.APP_NAME] - The application name.
+ * @returns {Function} - Express middleware function.
+ */
 function proproAuthMiddleware(options = {}) {
   const {
     secret = "RESTFULAPIs",
@@ -19,44 +101,6 @@ function proproAuthMiddleware(options = {}) {
   return async (req, res, next) => {
     try {
-      let token;
-      if (req.headers.authorization?.startsWith("Bearer ")) {
-        token = req.headers.authorization.split(" ")[1];
-      }  else if (req.cookies && req.cookies['x-access-token']) {
-        token = req.cookies['x-access-token'];
-      }
-      if (token) {
-        console.log("verifying access token", token);
-        const verifiedToken = await verifyJWT(token);
-        console.log("verifiedToken", verifiedToken);
-        if (verifiedToken) {
-          req.account = verifiedToken;
-          return next();
-        } else if (req.cookies && req.cookies['x-refresh-token']) {
-          const refreshToken = req.cookies['x-refresh-token'];
-          if (refreshToken) {
-            const newTokenData = await refreshTokenMiddleware(req, res, next);
-            if (newTokenData) {
-              res.cookie("x-refresh-token", newTokenData.tokens.refresh.token, {
-                httpOnly: true,
-                secure: process.env.NODE_ENV === "production",
-              });
-              res.cookie("x-access-token", newTokenData.tokens.access.token, {
-                httpOnly: true,
-                secure: process.env.NODE_ENV === "production",
-              });
-              req.account = verifyJWT(newTokenData.tokens.access.token, secret);
-            }
-          }
-        }
-      } else {
-        req.account = undefined;
-        res.status(401).send("Unauthorized: Invalid or expired token");
-      }
       if (!["/api/auth", "/api/callback"].includes(req.path)) {
         return next();
       }
@@ -106,4 +150,4 @@ function proproAuthMiddleware(options = {}) {
   };
 }
-module.exports = proproAuthMiddleware;
+module.exports = {proproAuthMiddleware, refreshTokenMiddleware};

package/src/server/middleware/refreshToken.js CHANGED Viewed

@@ -31,20 +31,20 @@ const refreshTokenMiddleware = async (req, res, next) => {
     console.log("refreshToken", refreshToken);
     if (!refreshToken) {
-      return res.status(401).json({ error: "No refresh token provided" });
+      res.status(401).json({ error: "No refresh token provided" });
     }
     console.log("isValidRefreshTokenFormat(refreshToken)", isValidRefreshTokenFormat(refreshToken));
     if (!isValidRefreshTokenFormat(refreshToken)) {
-      return res.status(400).json({ error: "Invalid refresh token format" });
+      res.status(400).json({ error: "Invalid refresh token format" });
     }
     console.log("refreshTokenCache.has(refreshToken)", refreshTokenCache.has(refreshToken));
     if (refreshTokenCache.has(refreshToken)) {
       req.newAccessToken = refreshTokenCache.get(refreshToken);
-      return next();
+      next();
     }
     console.log("process.env.AUTH_URL", process.env.AUTH_URL);
@@ -66,14 +66,14 @@ const refreshTokenMiddleware = async (req, res, next) => {
       if (response.data && response.data.access_token) {
         refreshTokenCache.set(refreshToken, response.data.access_token);
         req.newAccessToken = response.data.access_token;
-        return next();
+        next();
       } else {
-        return res.status(401).json({ error: "Unable to refresh token" });
+        res.status(401).json({ error: "Unable to refresh token" });
       }
     } catch (error) {
       const statusCode = error.response?.status || 500;
       const message = error.response?.data?.error || "Error refreshing token";
-      return res.status(statusCode).json({ error: message });
+      res.status(statusCode).json({ error: message });
     }
   });
 };