Added accessToken to httpOnly cookies and changed tests with swagger …

…settings (#631) * added accessToken to httponly cookies * removed console.log
ita-social-projects · Nov 17, 2023 · 5f14954 · 5f14954
1 parent 8c8a7c4
commit 5f14954
Show file tree

Hide file tree

Showing 42 changed files with 351 additions and 340 deletions.
diff --git a/consts/auth.js b/consts/auth.js
@@ -6,6 +6,7 @@ const roles = {
 }
 
 const tokenNames = {
+  ACCESS_TOKEN: 'accessToken',
   REFRESH_TOKEN: 'refreshToken',
   RESET_TOKEN: 'resetToken',
   CONFIRM_TOKEN: 'confirmToken'

diff --git a/controllers/auth.js b/controllers/auth.js
@@ -4,7 +4,7 @@ const {
   config: { COOKIE_DOMAIN }
 } = require('~/configs/config')
 const {
-  tokenNames: { REFRESH_TOKEN }
+  tokenNames: { REFRESH_TOKEN, ACCESS_TOKEN }
 } = require('~/consts/auth')
 
 const COOKIE_OPTIONS = {
@@ -29,6 +29,7 @@ const login = async (req, res) => {
 
   const tokens = await authService.login(email, password)
 
+  res.cookie(ACCESS_TOKEN, tokens.accessToken, COOKIE_OPTIONS)
   res.cookie(REFRESH_TOKEN, tokens.refreshToken, COOKIE_OPTIONS)
 
   delete tokens.refreshToken
@@ -42,6 +43,7 @@ const googleAuth = async (req, res) => {
 
   const tokens = await authService.googleAuth(token.credential, role, lang)
 
+  res.cookie(ACCESS_TOKEN, tokens.accessToken, COOKIE_OPTIONS)
   res.cookie(REFRESH_TOKEN, tokens.refreshToken, COOKIE_OPTIONS)
 
   delete tokens.refreshToken
@@ -53,7 +55,9 @@ const logout = async (req, res) => {
   const { refreshToken } = req.cookies
 
   await authService.logout(refreshToken)
+
   res.clearCookie(REFRESH_TOKEN)
+  res.clearCookie(ACCESS_TOKEN)
 
   res.status(204).end()
 }
@@ -69,7 +73,15 @@ const confirmEmail = async (req, res) => {
 const refreshAccessToken = async (req, res) => {
   const { refreshToken } = req.cookies
 
+  if (!refreshToken) {
+    res.clearCookie(ACCESS_TOKEN)
+
+    return res.status(401).end()
+  }
+
   const tokens = await authService.refreshAccessToken(refreshToken)
+
+  res.cookie(ACCESS_TOKEN, tokens.accessToken, COOKIE_OPTIONS)
   res.cookie(REFRESH_TOKEN, tokens.refreshToken, COOKIE_OPTIONS)
 
   delete tokens.refreshToken

diff --git a/docs/adminInvitation/admin-invitation.yaml b/docs/adminInvitation/admin-invitation.yaml
@@ -2,7 +2,7 @@ paths:
   /admin-invitations:
     post:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Admin invitations
       summary: Invite admins
@@ -62,7 +62,7 @@ paths:
                 message: You do not have permission to perform this action.
     get:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Admin invitations
       summary: Find all admin invitations

diff --git a/docs/attachments/attachment.yaml b/docs/attachments/attachment.yaml
@@ -2,7 +2,7 @@ paths:
   /attachments:
     get:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Attachments
       summary: Find all attachments.
@@ -70,7 +70,7 @@ paths:
                 message: You do not have permission to perform this action.
     post:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Attachments
       summary: Create new attachments.
@@ -130,7 +130,7 @@ paths:
   /attachments/{id}:
     patch:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Attachments
       summary: Finds and updates an attachment.
@@ -214,7 +214,7 @@ paths:
                 message: Attachment with the specified id was not found.
     delete:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Attachments
       summary: Delete attachment by ID

diff --git a/docs/auth/auth.yaml b/docs/auth/auth.yaml
@@ -55,7 +55,7 @@ paths:
       tags:
         - Auth
       summary: User authentication
-      description: Authenticates a user, returns an access token and sets cookie with a refresh token.
+      description: Authenticates a user, returns an access token and sets cookie with a refresh and access tokens.
       produces:
         - application/json
       requestBody:
@@ -75,7 +75,7 @@ paths:
             Set-Cookie:
               schema:
                 type: string
-                example: refreshToken=eyJhbGciOiJIUzI1NiIsInRI.0IiwiaXNatalXJzdExvZ2A5Mjg4ODMsImV4cCI6MWomanzMjQ4M30.gn_hJqB9zVi5Ux5oRu22hGQ9W4z2njkdnx4O; Max-Age=86400; Domain=s2s-back-stage.azurewebsites.net; Path=/; Expires=Sat, 20 Aug 2022 17:32:57 GMT; HttpOnly; Secure; SameSite=None
+                example: refreshToken=eyJhbGciOiJIUzI1NiIsInRI.0IiwiaXNatalXJzdExvZ2A5Mjg4ODMsImV4cCI6MWomanzMjQ4M30.gn_hJqB9zVi5Ux5oRu22hGQ9W4z2njkdnx5O; refreshToken=eyJhbGciOiJIUzI1NiIsInRI.0IiwiaXNatalXJzdExvZ2A5Mjg4ODMsImV4cCI6MWomanzMjQ4M30.gn_hJqB9zVi5Ux5oRu22hGQ9W4z2njkdnx4O; Max-Age=86400; Domain=s2s-back-stage.azurewebsites.net; Path=/; Expires=Sat, 20 Aug 2022 17:32:57 GMT; HttpOnly; Secure; SameSite=None
           content:
             application/json:
               schema:
@@ -104,7 +104,7 @@ paths:
       tags:
         - Auth
       summary: Logs the current user out
-      description: Logs the current user out, deletes a refresh token from the DB and clears cookie.
+      description: Logs the current user out, deletes a refresh and access tokens from the DB and clears cookie.
       produces:
         - application/json
       parameters:

diff --git a/docs/category/category.yaml b/docs/category/category.yaml
@@ -2,7 +2,7 @@ paths:
   /categories:
     get:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Categories
       summary: Find all categories
@@ -61,7 +61,7 @@ paths:
                 message: The requested URL requires user authorization.
     post:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Category
       summary: Create new category.
@@ -129,7 +129,7 @@ paths:
   /categories/{id}/subjects/names:
     get:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Categories
       summary: Find subjects' names for category
@@ -177,7 +177,7 @@ paths:
   /categories/{id}:
     get:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Categories
       summary: Find category by ID
@@ -239,7 +239,7 @@ paths:
   /categories/{categoryId}/subject/{subjectId}/price-range:
     get:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Offers
       summary: Find and return min and max price.
@@ -288,7 +288,7 @@ paths:
   /categories/{id}/subjects:
     get:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Categories
       summary: Find subjects by category

diff --git a/docs/chat/chat.yaml b/docs/chat/chat.yaml
@@ -2,7 +2,7 @@ paths:
   /chats:
     post:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Chats
       summary: Create a new chat.
@@ -46,7 +46,7 @@ paths:
                 message: The requested URL requires user authorization.
     get:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Chats
       summary: Find all chats for current user.
@@ -80,7 +80,7 @@ paths:
   /chats/{id}/messages:
     get:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Chats
       summary: Find your messages in chat
@@ -144,7 +144,7 @@ paths:
                 message: Chat with the specified id was not found.
     delete:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Chats
       summary: Delete all messages from the specified chat
@@ -248,7 +248,7 @@ paths:
   /chats/{id}:
     delete:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Chats
       summary: Deletes Chat by ID
@@ -306,7 +306,7 @@ paths:
                 message: Chat with the specified id was not found.
     patch:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Chats
       summary: Marks chat as deleted by ID for current user

diff --git a/docs/comment/comment.yaml b/docs/comment/comment.yaml
@@ -2,7 +2,7 @@ paths:
   /cooperations/{id}/comments:
     get:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Comments
       summary: Find your comments of cooperation
@@ -64,7 +64,7 @@ paths:
                 message: Cooperation with the specified id was not found.
     post:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Comments
       summary: Create new comment.

diff --git a/docs/cooperation/cooperation.yaml b/docs/cooperation/cooperation.yaml
@@ -2,7 +2,7 @@ paths:
   /cooperations:
     get:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Cooperations
       summary: Find all cooperations
@@ -51,7 +51,7 @@ paths:
                 message: 'The requested URL requires user authorization.'
     post:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Cooperations
       summary: Create new cooperation.
@@ -112,7 +112,7 @@ paths:
   /cooperations/{id}:
     get:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Cooperations
       summary: Find cooperation by ID
@@ -176,7 +176,7 @@ paths:
                 message: Cooperation with the specified id was not found.
     patch:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Cooperations
       summary: Update cooperation by ID

diff --git a/docs/course/course.yaml b/docs/course/course.yaml
@@ -2,7 +2,7 @@ paths:
   /courses:
     get:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Courses
       summary: Find all courses.
@@ -66,7 +66,7 @@ paths:
                 message: You do not have permission to perform this action.
     post:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Courses
       summary: Creates a new course.
@@ -124,7 +124,7 @@ paths:
   /courses/{id}:
     patch:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Courses
       summary: Update a course.
@@ -185,7 +185,7 @@ paths:
                 message: Course with the specified id was not found.
     get:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Courses
       summary: Find course by id.
@@ -236,7 +236,7 @@ paths:
                 message: Course with the specified id was not found.
     delete:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Courses
       summary: Delete a course.

diff --git a/docs/finishedQuiz/finishedQuiz.yaml b/docs/finishedQuiz/finishedQuiz.yaml
@@ -2,7 +2,7 @@ paths:
   /finished-quizzes:
     get:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Finished quizzes
       summary: Find all finished quizzes.
@@ -80,7 +80,7 @@ paths:
                 message: You do not have permission to perform this action.
     post:
       security:
-        - bearerAuth: []
+        - cookieAuth: []
       tags:
         - Finished quizzes
       summary: Creates a new finished quiz.