Jackie/rentall-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

csrf token handling, two jwt tokens

Browse Source
This commit is contained in:
jackiettran
2025-11-26 14:25:49 -05:00
parent f3a356d64b
commit 8b10103ae4
8 changed files with 114 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
backend/routes/auth.js
View File

@@ -128,13 +128,13 @@ router.post(
const token = jwt.sign(
{ id: user.id, jwtVersion: user.jwtVersion },
process.env.JWT_SECRET,
process.env.JWT_ACCESS_SECRET,
{ expiresIn: "15m" } // Short-lived access token
);
const refreshToken = jwt.sign(
{ id: user.id, jwtVersion: user.jwtVersion, type: "refresh" },
process.env.JWT_SECRET,
process.env.JWT_REFRESH_SECRET,
{ expiresIn: "7d" }
);
@@ -223,13 +223,13 @@ router.post(
const token = jwt.sign(
{ id: user.id, jwtVersion: user.jwtVersion },
process.env.JWT_SECRET,
process.env.JWT_ACCESS_SECRET,
{ expiresIn: "15m" } // Short-lived access token
);
const refreshToken = jwt.sign(
{ id: user.id, jwtVersion: user.jwtVersion, type: "refresh" },
process.env.JWT_SECRET,
process.env.JWT_REFRESH_SECRET,
{ expiresIn: "7d" }
);
@@ -392,13 +392,13 @@ router.post(
// Generate JWT tokens
const token = jwt.sign(
{ id: user.id, jwtVersion: user.jwtVersion },
process.env.JWT_SECRET,
process.env.JWT_ACCESS_SECRET,
{ expiresIn: "15m" }
);
const refreshToken = jwt.sign(
{ id: user.id, jwtVersion: user.jwtVersion, type: "refresh" },
process.env.JWT_SECRET,
process.env.JWT_REFRESH_SECRET,
{ expiresIn: "7d" }
);
@@ -550,7 +550,7 @@ router.post(
});
}
const decoded = jwt.verify(accessToken, process.env.JWT_SECRET);
const decoded = jwt.verify(accessToken, process.env.JWT_ACCESS_SECRET);
const user = await User.findByPk(decoded.id);
if (!user) {
@@ -625,7 +625,7 @@ router.post("/refresh", async (req, res) => {
}
// Verify refresh token
const decoded = jwt.verify(refreshToken, process.env.JWT_SECRET);
const decoded = jwt.verify(refreshToken, process.env.JWT_REFRESH_SECRET);
if (!decoded.id || decoded.type !== "refresh") {
return res.status(401).json({ error: "Invalid refresh token" });
@@ -648,7 +648,7 @@ router.post("/refresh", async (req, res) => {
// Generate new access token
const newAccessToken = jwt.sign(
{ id: user.id, jwtVersion: user.jwtVersion },
process.env.JWT_SECRET,
process.env.JWT_ACCESS_SECRET,
{ expiresIn: "15m" }
);