From 509031bbfe9b657dceb20670be4e193d8f1cc4c7 Mon Sep 17 00:00:00 2001
From: Dan Ribbens <dan.ribbens@gmail.com>
Date: Sun, 29 Mar 2020 08:55:51 -0400
Subject: [PATCH] add refresh endpoint to refresh auth token

---
 src/auth/requestHandlers.js | 49 +++++++++++++++++++++++++++++++------
 src/auth/routes.js          |  4 +++
 2 files changed, 45 insertions(+), 8 deletions(-)

diff --git a/src/auth/requestHandlers.js b/src/auth/requestHandlers.js
index 461fbc8e2d..4cfbcc3090 100644
--- a/src/auth/requestHandlers.js
+++ b/src/auth/requestHandlers.js
@@ -20,7 +20,11 @@ module.exports = (userConfig, User) => ({
         return next(error);
       }
       return passport.authenticate('local')(req, res, () => {
-        return res.json({ [usernameField]: user[usernameField], role: user.role, createdAt: user.createdAt });
+        return res.json({
+          [usernameField]: user[usernameField],
+          role: user.role,
+          createdAt: user.createdAt
+        });
       });
     });
   },
@@ -37,10 +41,12 @@ module.exports = (userConfig, User) => ({
     const { password } = req.body;
 
     User.findByUsername(username, (err, user) => {
-      if (err || !user) return res.status(401).json({ message: 'Auth Failed' });
+      if (err || !user) {
+        return new APIError('Authentication Failed', httpStatus.UNAUTHORIZED);
+      }
 
       return user.authenticate(password, (authErr, model, passwordError) => {
-        if (authErr || passwordError) return res.status(401).json({ message: 'Auth Failed' });
+        if (authErr || passwordError) return new APIError('Authentication Failed', httpStatus.UNAUTHORIZED);
 
         const opts = {};
         opts.expiresIn = process.env.tokenExpiration || 7200;
@@ -54,14 +60,40 @@ module.exports = (userConfig, User) => ({
         });
 
         const token = jwt.sign(fieldsToSign, secret, opts);
-        return res.status(200).json({
-          message: 'Auth Passed',
-          token,
-        });
+        return res.status(200)
+          .json({
+            message: 'Auth Passed',
+            token,
+          });
       });
     });
   },
 
+  /**
+   * Refresh an expired or soon to be expired auth token
+   * @param req
+   * @param res
+   * @param next
+   */
+  refresh: (req, res, next) => {
+    const { token } = req.body;
+    const secret = process.env.secret || 'SECRET_KEY';
+    const opts = {};
+    opts.expiresIn = process.env.tokenExpiration || 7200;
+
+    try {
+      jwt.verify(token, secret, {});
+      const refreshToken = jwt.sign(token, secret);
+      res.status(200)
+        .json({
+          message: 'Token Refresh Successful',
+          refreshToken,
+        });
+    } catch (e) {
+      next(new APIError('Authentication error', httpStatus.UNAUTHORIZED));
+    }
+  },
+
   /**
    * Returns User if user session is still open
    * @param req
@@ -69,7 +101,8 @@ module.exports = (userConfig, User) => ({
    * @returns {*}
    */
   me: (req, res) => {
-    return res.status(200).send(req.user);
+    return res.status(200)
+      .send(req.user);
   },
 
   /**
diff --git a/src/auth/routes.js b/src/auth/routes.js
index bb82de60b0..3617d71e48 100644
--- a/src/auth/routes.js
+++ b/src/auth/routes.js
@@ -13,6 +13,10 @@ const authRoutes = (userConfig, User) => {
     .route('/login')
     .post(auth.login);
 
+  router
+    .route('/refresh')
+    .post(auth.refresh);
+
   router
     .route('/me')
     .post(passport.authenticate(userConfig.auth.strategy, { session: false }), auth.me);