🐞 FIX: refresh token if expired

Author: hyper-dot

src/app/auth/auth.service.ts

@@ -1,6 +1,10 @@
 import jwt from 'jsonwebtoken';
 import bcrypt from 'bcryptjs';
-import { BadRequestError, UnauthorizedError } from '../../utils/exceptions';
+import {
+  BadRequestError,
+  InternalServerError,
+  UnauthorizedError,
+} from '../../utils/exceptions';
 import { userTable } from '../user/user.model';
 import { connectdb } from '../../configs/db';
 import { eq } from 'drizzle-orm';
@@ -19,7 +23,7 @@ export class AuthService {
   constructor() {
     this.accessTokenSecret = process.env.ACCESS_TOKEN_SECRET;
     this.refreshTokenSecret = process.env.REFRESH_TOKEN_SECRET;
-    this.accessTokenExpiry = '12h';
+    this.accessTokenExpiry = '15m';
     this.refreshTokenExpiry = '7d';
   }
 
@@ -87,39 +91,58 @@ export class AuthService {
   }
 
   async login({ email, password }: { email: string; password: string }) {
-    // Check if email and password are provided
     if (!email || !password) {
       throw new BadRequestError('Email and password are required');
     }
 
-    // Fetch the user by email
-    // const user = await UserModel.findOne({ email });
+    // Fetch user by email
     const { db, connection } = await connectdb();
     const [user] = await db
       .select()
       .from(userTable)
       .where(eq(userTable.email, email))
       .execute();
-    await connection.end();
 
     if (!user) {
       throw new UnauthorizedError('Invalid credentials');
     }
 
-    // Compare the plain password with the hashed password in the database
     const isPasswordValid = await this.comparePassword(password, user.hash);
     if (!isPasswordValid) {
       throw new UnauthorizedError('Invalid credentials');
     }
 
-    console.log({ user });
     // Generate access token
     const accessToken = this.generateAccessToken({
       email: user.email,
       id: user.id,
     });
 
-    // Return the generated tokens
+    // Handle refresh token verification or renewal
+    let refreshToken = user.refresh_token;
+    try {
+      this.verifyRefreshToken(refreshToken);
+    } catch (err) {
+      console.log('Refresh token is invalid, generating a new one...');
+      refreshToken = this.generateRefreshToken({
+        id: user.id,
+        email: user.email,
+      });
+
+      try {
+        await db
+          .update(userTable)
+          .set({ refresh_token: refreshToken })
+          .where(eq(userTable.id, user.id))
+          .execute();
+        console.log('Refresh token updated successfully');
+        await connection.end();
+      } catch (updateErr) {
+        console.error('Database update error:', updateErr);
+        throw new InternalServerError("Couldn't refresh token");
+      }
+    }
+
     return {
       message: 'Login successful',
       user: {
@@ -128,7 +151,7 @@ export class AuthService {
       },
       data: {
         accessToken,
-        refreshToken: user.refresh_token,
+        refreshToken,
       },
     };
   }