50 lines
1.1 KiB
TypeScript
50 lines
1.1 KiB
TypeScript
import { createError, eventHandler, readBody, sendRedirect } from 'h3';
|
|
import jwt from 'jsonwebtoken';
|
|
|
|
const SECRET = 'SECRETTUEITKEY'
|
|
|
|
interface User {
|
|
username: string;
|
|
id: string;
|
|
}
|
|
|
|
interface JwtPayload extends User {
|
|
exp: number;
|
|
}
|
|
|
|
export default eventHandler(async (event) => {
|
|
const body = await readBody<{ refreshToken: string }>(event);
|
|
|
|
if (!body.refreshToken) {
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: 'Unauthorized, no refreshToken in payload'
|
|
});
|
|
};
|
|
|
|
const decoded = jwt.verify(body.refreshToken, SECRET) as JwtPayload | undefined;
|
|
|
|
if (!decoded) {
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: 'Unauthorized, refreshToken can`t be verified'
|
|
});
|
|
};
|
|
|
|
|
|
// decoded.userId exists on JwtPayload, TS falsely wants decoded.id
|
|
const user: User = {
|
|
username: decoded.username,
|
|
id: decoded.userId,
|
|
};
|
|
|
|
const authToken = jwt.sign( user, SECRET, { expiresIn: 60 * 5 }); // expires in 5 min
|
|
const refreshToken = jwt.sign( user, SECRET, { expiresIn: 60 * 60 * 24 * 7 }); // expires in 7 days
|
|
|
|
return {
|
|
token: {
|
|
authToken,
|
|
refreshToken
|
|
}
|
|
};
|
|
}) |