Change refresh tokens to expire in Redis and to delete based on session id

Author: hwgilbert16

apps/api/src/app/auth/auth.controller.ts

@@ -33,7 +33,6 @@ import { RedisService } from "@liaoliaots/nestjs-redis";
 import Redis from "ioredis";
 import { DeleteApiKeyDto } from "./dto/deleteApiKey.dto";
 import { CreateApiKeyDto } from "./dto/createApiKey.dto";
-import { AccessTokenAuthenticatedGuard } from "./guards/accessTokenAuthenticated.guard";
 import { ResetEmailDto } from "./dto/resetEmail.dto";
 
 @ApiTags("Authentication")
@@ -484,7 +483,6 @@ export class AuthController {
    *
    * @returns Void
    */
-  @UseGuards(AccessTokenAuthenticatedGuard)
   @Post("logout")
   logout(
     @Req() req: ExpressRequest,

apps/api/src/app/auth/auth.service.ts

@@ -117,9 +117,11 @@ export class AuthService {
         },
         { expiresIn: "182d" }
     );
+    const refreshTokenExpiry = new Date(new Date().setDate(new Date().getDate() + 182));
 
-    res.cookie("refresh_token", refreshToken, { httpOnly: true, expires: new Date(new Date().setDate(new Date().getDate() + 182)) });
+    res.cookie("refresh_token", refreshToken, { httpOnly: true, expires: refreshTokenExpiry });
     this.refreshTokenRedis.set(sessionId, refreshToken);
+    this.refreshTokenRedis.expire(sessionId, (refreshTokenExpiry.getTime() - new Date().getTime()) / 1000);
 
     res.cookie("access_token", this.jwtService.sign(
         {
@@ -143,7 +145,7 @@ export class AuthService {
 
     const user = jwt.decode(req.cookies.access_token);
     if (user && "email" in (user as jwt.JwtPayload)) {
-      this.refreshTokenRedis.del(user["email"]);
+      this.refreshTokenRedis.del(user["sessionId"]);
     }
   }
 }

apps/api/src/app/providers/token-refresh.middleware.ts

@@ -56,21 +56,16 @@ export class TokenRefreshMiddleware implements NestMiddleware {
   }
 
   renewAccessToken(req: Request, res: Response): boolean {
-    let refreshToken: { id: string; email: string; type: "refresh" };
+    let refreshToken: { id: string; sessionId: string; email: string; type: "refresh" };
 
-    if (!req.cookies["refresh_token"] || !req.cookies["refresh_token"].sessionId) {
-      this.authService.logout(req, res);
-      return true;
-    }
-
-    if (!this.redis.get(req.cookies["refresh_token"].sessionId)) {
+    try {
+      refreshToken = jwt.verify(req.cookies["refresh_token"], this.configService.get<string>("JWT_SECRET")) as { id: string; sessionId: string; email: string; type: "refresh" };
+    } catch (e) {
       this.authService.logout(req, res);
       return true;
     }
 
-    try {
-      refreshToken = jwt.verify(req.cookies["refresh_token"], this.configService.get<string>("JWT_SECRET")) as { id: string; email: string; type: "refresh" };
-    } catch (e) {
+    if (!refreshToken.sessionId || !this.redis.get(req.cookies["refresh_token"].sessionId)) {
       this.authService.logout(req, res);
       return true;
     }