diff --git a/docker-compose.yaml b/docker-compose.yaml index ddf000e..82c692f 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -57,7 +57,7 @@ services: - URLS_LOGOUT=http://127.0.0.1:9020/logout - DSN=postgres://hydra:secret@postgres:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4 - SECRETS_SYSTEM=${SECRETS_SYSTEM} - - TTL_ACCESS_TOKEN=30s # 1 hour before expiration + - TTL_ACCESS_TOKEN=1h # 1 hour before expiration - TTL_REFRESH_TOKEN=720h # 30 days before expiration - OIDC_SUBJECT_IDENTIFIERS_SUPPORTED_TYPES=public,pairwise - OIDC_SUBJECT_IDENTIFIERS_PAIRWISE_SALT=youReallyNeedToChangeThis diff --git a/prisma/schema.prisma b/prisma/schema.prisma index e809236..d9aeaaa 100644 --- a/prisma/schema.prisma +++ b/prisma/schema.prisma @@ -19,13 +19,13 @@ model Token { id Int @id @default(autoincrement()) userId String user User @relation(fields: [userId], references: [id]) - accessToken String @unique - refreshToken String @unique + accessToken String + refreshToken String accessTokenExpirationDate DateTime refreshTokenExpirationDate DateTime? rawData Json - @@index([accessToken, refreshToken]) + @@unique([userId, accessToken, refreshToken]) } model User { diff --git a/src/auth/jwt.ts b/src/auth/jwt.ts index 631bfed..de1a96e 100644 --- a/src/auth/jwt.ts +++ b/src/auth/jwt.ts @@ -59,11 +59,15 @@ export default async function registerBearerTokenStrategy(server: Hapi.Server) { try { + // Keep track of previous access and refresh tokens + const prevAccessToken: string = oauthToken.accessToken + const prevRefreshToken: string = oauthToken.refreshToken + // Try to refresh access code const refreshedOauthToken = await oauthToken.refresh() // Update new tokens to database - await TokenRepository.updateTokenUserBind(userId, oauthToken, refreshedOauthToken) + await TokenRepository.updateTokenUserBind(userId, prevAccessToken, prevRefreshToken, refreshedOauthToken) // Exit if JWT secret is not set if (!process.env.JWT_SECRET) { @@ -77,9 +81,6 @@ export default async function registerBearerTokenStrategy(server: Hapi.Server) { accessToken: refreshedOauthToken.accessToken }, process.env.JWT_SECRET) - // TODO remove - console.log(jwtToken) - // Notify client to change access token for next requests return { isValid: true, credentials: { token: jwtToken } } @@ -106,6 +107,6 @@ export default async function registerBearerTokenStrategy(server: Hapi.Server) { response.header('Authorization', request.auth.credentials.token) } return h.continue; - }) as Method); + }) as Method) } diff --git a/src/repositories/core/oauth2/token-repository.ts b/src/repositories/core/oauth2/token-repository.ts index 7374be4..deb42a2 100644 --- a/src/repositories/core/oauth2/token-repository.ts +++ b/src/repositories/core/oauth2/token-repository.ts @@ -34,9 +34,9 @@ export default class TokenRepository { ) } - public static async updateTokenUserBind(userId: string, previousOAuthToken: ClientOAuth2.Token, newOAuthToken: ClientOAuth2.Token): Promise { - PrismaProvider.getClient().token.update({ - where: { accessToken: previousOAuthToken.accessToken, refreshToken: previousOAuthToken.refreshToken }, + public static async updateTokenUserBind(userId: string, previousAccessToken: string, previousRefreshToken: string, newOAuthToken: ClientOAuth2.Token): Promise { + return PrismaProvider.getClient().token.update({ + where: { userId_accessToken_refreshToken: { userId, accessToken: previousAccessToken, refreshToken: previousRefreshToken } }, data: { userId, accessToken: newOAuthToken.accessToken, diff --git a/src/seed.ts b/src/seed.ts index c2eab82..064b6ed 100644 --- a/src/seed.ts +++ b/src/seed.ts @@ -1,6 +1,5 @@ import PrismaProvider from "./repositories/core/prisma/prisma-provider"; - async function createFirstUser() { return PrismaProvider.getClient().user.create({ data: {