diff --git a/server/auth/login.js b/server/auth/login.js index 9736daf..b727170 100644 --- a/server/auth/login.js +++ b/server/auth/login.js @@ -49,7 +49,7 @@ const route = async (req, res) => { } //generate the JWTs - const { accessToken, refreshToken } = tokenGenerateRefresh(account.index, account.email, account.username, account.type, account.admin, account.mod); + const { accessToken, refreshToken } = await tokenGenerateRefresh(account.index, account.email, account.username, account.type, account.admin, account.mod); //set the cookie res.cookie('refreshToken', refreshToken, { path: '/', httpOnly: true, secure: true, sameSite: 'none', maxAge: 60 * 60 * 24 * 30 * 1000 }); //30 days diff --git a/server/auth/token.js b/server/auth/token.js index bf65f06..9c2efe6 100644 --- a/server/auth/token.js +++ b/server/auth/token.js @@ -1,10 +1,8 @@ -const jwt = require('jsonwebtoken'); - const tokenRefresh = require('../utilities/token-refresh'); //auth/token module.exports = async (req, res) => { - return tokenRefresh(req.cookies.refreshToken || '', (err, accessToken, refreshToken) => { + return await tokenRefresh(req.cookies.refreshToken || '', (err, accessToken, refreshToken) => { if (err) { return res.status(err).end(); } diff --git a/server/utilities/token-destroy.js b/server/utilities/token-destroy.js index 8383b77..f11665d 100644 --- a/server/utilities/token-destroy.js +++ b/server/utilities/token-destroy.js @@ -1,7 +1,7 @@ const { tokens } = require('../database/models'); -module.exports = (refreshToken) => { - tokens.destroy({ +module.exports = async (refreshToken) => { + await tokens.destroy({ where: { token: refreshToken || '' } diff --git a/server/utilities/token-generate-refresh.js b/server/utilities/token-generate-refresh.js index 49acbca..d357031 100644 --- a/server/utilities/token-generate-refresh.js +++ b/server/utilities/token-generate-refresh.js @@ -2,7 +2,7 @@ const jwt = require('jsonwebtoken'); const { tokens } = require('../database/models'); //generates a JWT token based on the given arguments -module.exports = (index, email, username, type, admin, mod) => { +module.exports = async (index, email, username, type, admin, mod) => { const content = { index, email, @@ -16,7 +16,7 @@ module.exports = (index, email, username, type, admin, mod) => { const accessToken = jwt.sign(content, process.env.SECRET_ACCESS, { expiresIn: '10m', issuer: 'auth' }); const refreshToken = jwt.sign(content, process.env.SECRET_REFRESH, { expiresIn: '30d', issuer: 'auth' }); - tokens.create({ token: refreshToken, email: email }); + await tokens.create({ token: refreshToken, email: email }); return { accessToken, refreshToken }; }; \ No newline at end of file diff --git a/server/utilities/token-refresh.js b/server/utilities/token-refresh.js index 86d2fef..f4ae593 100644 --- a/server/utilities/token-refresh.js +++ b/server/utilities/token-refresh.js @@ -19,15 +19,15 @@ module.exports = async (oldRefreshToken, callback) => { return callback(403); } - jwt.verify(oldRefreshToken, process.env.SECRET_REFRESH, (err, user) => { + jwt.verify(oldRefreshToken, process.env.SECRET_REFRESH, async (err, user) => { if (err) { return callback(403); } - const { accessToken, refreshToken } = generate(user.index, user.email, user.username, user.type, user.admin, user.mod); + await destroy(oldRefreshToken); - destroy(oldRefreshToken); + const { accessToken, refreshToken } = await generate(user.index, user.email, user.username, user.type, user.admin, user.mod); - return callback(null, accessToken, refreshToken); + return await callback(null, accessToken, refreshToken); }); }; \ No newline at end of file diff --git a/tools/react/token-provider.jsx b/tools/react/token-provider.jsx index 3baa8d8..135e8ff 100644 --- a/tools/react/token-provider.jsx +++ b/tools/react/token-provider.jsx @@ -31,7 +31,7 @@ const TokenProvider = props => { let bearer = accessToken; //if expired (10 minutes, normally) - const expired = new Date(decode(accessToken).exp + 600) < Date.now(); + const expired = new Date(decode(accessToken).exp * 1000) < Date.now(); if (expired) { //BUGFIX: if logging out, just skip over the refresh token