freeCodeCamp/api-server/server/utils/getSetAccessToken.js

import jwt from 'jsonwebtoken';
import { isBefore } from 'date-fns';

import { jwtSecret as _jwtSecret } from '../../../config/secrets';

export const authHeaderNS = 'X-fcc-access-token';
export const jwtCookieNS = 'jwt_access_token';

export function createCookieConfig(req) {
  return {
    signed: !!req.signedCookies,
    domain: process.env.COOKIE_DOMAIN || 'localhost'
  };
}

export function setAccessTokenToResponse(
  { accessToken },
  req,
  res,
  jwtSecret = _jwtSecret
) {
  const cookieConfig = {
    ...createCookieConfig(req),
    maxAge: accessToken.ttl || 77760000000
  };
  const jwtAccess = jwt.sign({ accessToken }, jwtSecret);
  res.cookie(jwtCookieNS, jwtAccess, cookieConfig);
  return;
}

export function getAccessTokenFromRequest(req, jwtSecret = _jwtSecret) {
  const maybeToken =
    (req.headers && req.headers[authHeaderNS]) ||
    (req.signedCookies && req.signedCookies[jwtCookieNS]) ||
    (req.cookie && req.cookie[jwtCookieNS]);
  if (!maybeToken) {
    return {
      accessToken: null,
      error: errorTypes.noTokenFound
    };
  }
  let token;
  try {
    token = jwt.verify(maybeToken, jwtSecret);
  } catch (err) {
    return { accessToken: null, error: errorTypes.invalidToken };
  }

  const { accessToken } = token;
  const { created, ttl } = accessToken;
  const valid = isBefore(Date.now(), Date.parse(created) + ttl);
  if (!valid) {
    return {
      accessToken: null,
      error: errorTypes.expiredToken
    };
  }
  return { accessToken, error: '', jwt: maybeToken };
}

export function removeCookies(req, res) {
  const config = createCookieConfig(req);
  res.clearCookie(jwtCookieNS, config);
  res.clearCookie('access_token', config);
  res.clearCookie('userId', config);
  res.clearCookie('_csrf', config);
  return;
}

export const errorTypes = {
  noTokenFound: 'No token found',
  invalidToken: 'Invalid token',
  expiredToken: 'Token timed out'
};
feat: Add new accessToken utils 2019-02-20 23:02:51 +00:00			`import jwt from 'jsonwebtoken';`
			`import { isBefore } from 'date-fns';`

			`import { jwtSecret as _jwtSecret } from '../../../config/secrets';`

			`export const authHeaderNS = 'X-fcc-access-token';`
			`export const jwtCookieNS = 'jwt_access_token';`

			`export function createCookieConfig(req) {`
			`return {`
			`signed: !!req.signedCookies,`
			`domain: process.env.COOKIE_DOMAIN \|\| 'localhost'`
			`};`
			`}`

			`export function setAccessTokenToResponse(`
			`{ accessToken },`
			`req,`
			`res,`
			`jwtSecret = _jwtSecret`
			`) {`
			`const cookieConfig = {`
			`...createCookieConfig(req),`
			`maxAge: accessToken.ttl \|\| 77760000000`
			`};`
			`const jwtAccess = jwt.sign({ accessToken }, jwtSecret);`
			`res.cookie(jwtCookieNS, jwtAccess, cookieConfig);`
			`return;`
			`}`

			`export function getAccessTokenFromRequest(req, jwtSecret = _jwtSecret) {`
			`const maybeToken =`
			`(req.headers && req.headers[authHeaderNS]) \|\|`
			`(req.signedCookies && req.signedCookies[jwtCookieNS]) \|\|`
			`(req.cookie && req.cookie[jwtCookieNS]);`
			`if (!maybeToken) {`
			`return {`
			`accessToken: null,`
			`error: errorTypes.noTokenFound`
			`};`
			`}`
			`let token;`
			`try {`
			`token = jwt.verify(maybeToken, jwtSecret);`
			`} catch (err) {`
			`return { accessToken: null, error: errorTypes.invalidToken };`
			`}`

			`const { accessToken } = token;`
			`const { created, ttl } = accessToken;`
			`const valid = isBefore(Date.now(), Date.parse(created) + ttl);`
			`if (!valid) {`
			`return {`
			`accessToken: null,`
			`error: errorTypes.expiredToken`
			`};`
			`}`
			`return { accessToken, error: '', jwt: maybeToken };`
			`}`

			`export function removeCookies(req, res) {`
			`const config = createCookieConfig(req);`
			`res.clearCookie(jwtCookieNS, config);`
			`res.clearCookie('access_token', config);`
			`res.clearCookie('userId', config);`
			`res.clearCookie('_csrf', config);`
			`return;`
			`}`

			`export const errorTypes = {`
			`noTokenFound: 'No token found',`
			`invalidToken: 'Invalid token',`
			`expiredToken: 'Token timed out'`
			`};`