Role nd token Based Routing completed for Project,trash,home which is in Controller. Token, Auth Purpose,Rolebased middlewares created. Auth API,Project token Based API, Home Token Based API, Trash Token Based API In v1 AuthRoutes

src/shared/utils/token.ts

@@ -0,0 +1,143 @@
+import { Request, Response, NextFunction } from "express";
+import Jwt from "jsonwebtoken";
+import dotenv from "dotenv";
+import { extractOrg } from "../services/auth/authServices.ts";
+import AuthModel from "../V1Models/Auth/userAuthModel.ts";
+dotenv.config();
+
+export interface AuthenticatedRequest extends Request {
+  user?: {
+    Email: string;
+    role: string;
+    userId: string;
+    organization: string;
+  };
+}
+const jwt_secret = process.env.JWT_SECRET as string;
+const refresh_jwt_secret = process.env.REFRESH_JWT_SECRET as string;
+const tokenGenerator = (
+  Email: string,
+  role: string,
+  userId: string,
+  organization: string
+) => {
+  const token = Jwt.sign(
+    { Email: Email, role: role, userId, organization: organization },
+    jwt_secret,
+    {
+      expiresIn: "3h",
+    }
+  );
+  return token;
+};
+const tokenRefreshGenerator = (
+  Email: string,
+  role: string,
+  userId: string,
+  organization: string
+) => {
+  const token = Jwt.sign(
+    { Email: Email, role: role, userId, organization: organization },
+    refresh_jwt_secret,
+    {
+      expiresIn: "30d",
+    }
+  );
+  return token;
+};
+const tokenValidator = async (
+  req: AuthenticatedRequest,
+  res: Response,
+  next: NextFunction
+): Promise<void> => {
+  const token: string | undefined = req.headers.token as string | undefined;
+  const refresh_token = req.headers["refresh_token"] as string | undefined;
+  if (!token) {
+    res.status(403).json({
+      msg: "No token present",
+    });
+    return;
+  }
+
+  try {
+    const decoded = Jwt.verify(token, jwt_secret) as {
+      Email: string;
+      role: string;
+      userId: string;
+      organization: string;
+    };
+    if (!decoded) {
+      res.status(403).json({
+        success: false,
+        status: 403,
+        message: "Invalid Token",
+      });
+      return;
+    }
+    req.user = decoded;
+    next();
+  } catch (err) {
+    // res.status(401).json({
+    //   msg: "Invalid Token",
+    // });
+    if (!refresh_token) {
+      res.status(403).json({
+        success: false,
+        status: 403,
+        message: "No refresh token present",
+      });
+      return;
+    }
+    try {
+      const decodedRefresh = Jwt.verify(refresh_token, refresh_jwt_secret) as {
+        Email: string;
+        role: string;
+        userId: string;
+        organization: string;
+      };
+      if (!decodedRefresh) {
+        res.status(403).json({
+          success: false,
+          status: 403,
+          message: "Invalid Token",
+        });
+        return;
+      }
+      const newAccessToken = tokenGenerator(
+        decodedRefresh.Email,
+        decodedRefresh.role,
+        decodedRefresh.userId,
+        decodedRefresh.organization
+      );
+      res.setHeader("x-access-token", newAccessToken);
+      req.user = decodedRefresh;
+      return next();
+    } catch (err) {
+      const decodedAny = Jwt.decode(token || refresh_token) as {
+        Email?: string;
+        role: string;
+        userId: string;
+        organization: string;
+      };
+      if (decodedAny?.Email) {
+        const organization = extractOrg(decodedAny?.Email);
+        const user = await AuthModel(organization).findOne({
+          Email: decodedAny.Email,
+          isArchieve: false,
+        });
+        if (user) {
+          user.visitorBrowserID = "";
+          await user.save();
+        }
+      }
+      res.status(403).json({
+        success: false,
+        status: 403,
+        message: "Invalid Token",
+      });
+      return;
+    }
+  }
+};
+
+export { tokenValidator, tokenGenerator, tokenRefreshGenerator };