Compare commits
4 Commits
ec81b4b311
...
fe5241a1e1
| Author | SHA1 | Date | |
|---|---|---|---|
| fe5241a1e1 | |||
| 8375c0c2f2 | |||
| 1987508887 | |||
| f4580c42ee |
@@ -29,8 +29,8 @@ class AuthController {
|
||||
// Set refresh token in cookie
|
||||
res.cookie('refreshToken', tokens.refreshToken, {
|
||||
httpOnly: true,
|
||||
secure: process.env.NODE_ENV === 'production',
|
||||
sameSite: 'strict',
|
||||
secure: false, //masih dev
|
||||
sameSite: 'lax',
|
||||
maxAge: 7 * 24 * 60 * 60 * 1000 // 7 hari
|
||||
});
|
||||
|
||||
@@ -71,8 +71,8 @@ class AuthController {
|
||||
// Set refresh token in cookie
|
||||
res.cookie('refreshToken', tokens.refreshToken, {
|
||||
httpOnly: true,
|
||||
secure: process.env.NODE_ENV === 'production',
|
||||
sameSite: 'strict',
|
||||
secure: false, // masih dev
|
||||
sameSite: 'lax',
|
||||
maxAge: 7 * 24 * 60 * 60 * 1000 // 7 hari
|
||||
});
|
||||
|
||||
@@ -98,8 +98,9 @@ class AuthController {
|
||||
|
||||
return res.status(200).json(setResponse(result, 'Token refreshed successfully', 200));
|
||||
} catch (err) {
|
||||
return res.status(err.statusCode || 500).json(
|
||||
setResponse(null, err.message || 'Refresh token failed', err.statusCode || 500)
|
||||
const status = err.statusCode && err.statusCode < 500 ? err.statusCode : 401;
|
||||
return res.status(status).json(
|
||||
setResponse(null, err.message || 'Refresh token invalid', status)
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -109,8 +110,8 @@ class AuthController {
|
||||
try {
|
||||
res.clearCookie('refreshToken', {
|
||||
httpOnly: true,
|
||||
secure: process.env.NODE_ENV === 'production',
|
||||
sameSite: 'strict',
|
||||
sameSite: 'none',
|
||||
secure: true
|
||||
});
|
||||
return res.status(200).json(setResponse(null, 'Logged out successfully', 200));
|
||||
} catch (err) {
|
||||
|
||||
@@ -29,10 +29,15 @@ function verifyAccessToken(req, res, next) {
|
||||
setUser(req, decoded);
|
||||
next();
|
||||
} catch (error) {
|
||||
if (error.name === 'TokenExpiredError' || error.name === 'JsonWebTokenError') {
|
||||
return next(new ErrorHandler(401, error.message));
|
||||
if (error.name === 'TokenExpiredError') {
|
||||
return next(new ErrorHandler(401, 'Access token expired'));
|
||||
}
|
||||
next(new ErrorHandler(500, 'Authenticate verification failed'));
|
||||
|
||||
if (error.name === 'JsonWebTokenError') {
|
||||
return next(new ErrorHandler(401, 'Invalid access token'));
|
||||
}
|
||||
|
||||
return next(new ErrorHandler(500, 'Internal authentication error'));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -76,17 +76,22 @@ class AuthService {
|
||||
|
||||
// Refresh Token
|
||||
static async refreshToken(refreshToken) {
|
||||
if (!refreshToken) {
|
||||
throw new ErrorHandler(401, 'Refresh token is required');
|
||||
}
|
||||
if (!refreshToken) throw new ErrorHandler(401, 'Refresh token is required');
|
||||
|
||||
const decoded = JWTService.verifyRefreshToken(refreshToken);
|
||||
let decoded;
|
||||
try {
|
||||
decoded = JWTService.verifyRefreshToken(refreshToken);
|
||||
} catch (err) {
|
||||
if (err.message.includes('expired')) throw new ErrorHandler(401, 'Refresh token expired');
|
||||
throw new ErrorHandler(401, 'Invalid refresh token');
|
||||
}
|
||||
|
||||
const payload = {
|
||||
user_id: decoded.user_id,
|
||||
user_fullname: decoded.user_fullname,
|
||||
user_name: decoded.user_name,
|
||||
user_email: decoded.user_email,
|
||||
user_phone: decoded.user_phone,
|
||||
role_id: decoded.role_id,
|
||||
role_name: decoded.role_name,
|
||||
is_sa: decoded.is_sa
|
||||
@@ -94,7 +99,11 @@ class AuthService {
|
||||
|
||||
const accessToken = JWTService.generateAccessToken(payload);
|
||||
|
||||
return { accessToken, tokenType: 'Bearer', expiresIn: 900 };
|
||||
return {
|
||||
accessToken,
|
||||
tokenType: 'Bearer',
|
||||
expiresIn: 900
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
14
utils/jwt.js
14
utils/jwt.js
@@ -32,15 +32,9 @@ function generateToken(payload, type) {
|
||||
|
||||
function verifyTokenType(token, type) {
|
||||
const settings = tokenSettings[type];
|
||||
try {
|
||||
const decoded = jwt.verify(token, settings.secret);
|
||||
if (decoded.type !== type) throw new Error('Invalid token type');
|
||||
return decoded;
|
||||
} catch (error) {
|
||||
if (error.name === 'TokenExpiredError') throw new Error(`${type} token has expired`);
|
||||
if (error.name === 'JsonWebTokenError') throw new Error(`Invalid ${type} token`);
|
||||
throw error;
|
||||
}
|
||||
const decoded = jwt.verify(token, settings.secret);
|
||||
if (decoded.type !== type) throw new Error('Invalid token type');
|
||||
return decoded;
|
||||
}
|
||||
|
||||
function generateAccessToken(payload) {
|
||||
@@ -67,8 +61,6 @@ function generateTokenPair(payload) {
|
||||
accessToken,
|
||||
refreshToken,
|
||||
tokenType: 'Bearer',
|
||||
expiresIn: 900,
|
||||
refreshExpiresIn: 604800
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user