tokens refresh when jwt is expired and added basic axios config

2025-07-07 06:08:54 +00:00 · 2025-06-25 07:56:30 +02:00 · 2025-06-25 07:56:30 +02:00 · fbf645ba0f
commit fbf645ba0f
parent c48498af95
15 changed files with 470 additions and 289 deletions
--- a/code/backend/src/controllers/userController.ts
+++ b/code/backend/src/controllers/userController.ts
@ -173,7 +173,7 @@ export const loginUser = async (req: Request, res: Response) => {

 // Endpoint to get user data
 export const getUser = async (req: Request, res: Response) => {
-  const username: string = req.query.username as string;
+  const username: string = req.params.username as string;
  if (!username) {
    res.status(StatusCodes.BAD_REQUEST).json({
      error: "no username",
@ -197,9 +197,8 @@ export const getUser = async (req: Request, res: Response) => {
    message: "User found",
    data: {
      username: user.username,
-      email: user.email,
      userId: user.id,
-      userInfo: user.bio,
+      bio: user.bio,
    },
  });
 };
@ -255,9 +254,15 @@ export const refreshToken = async (req: Request, res: Response) => {
          });
          return;
        }
-        await prisma.refreshToken.delete({
+        const existingToken = await prisma.refreshToken.findUnique({
          where: { id: payload.jti },
        });
+
+        if (existingToken) {
+          await prisma.refreshToken.deleteMany({
+            where: { id: payload.jti },
+          });
+        }
        const refreshToken = await generateRefreshToken(storedToken.user.id);
        res.set("Refresh-Token", refreshToken.token);
        const token: string = generateAccessToken(
@ -268,7 +273,8 @@ export const refreshToken = async (req: Request, res: Response) => {
        ); // generate a JWT token with the username and userId as payload
        res.set("Authorization", `Bearer ${token}`); // set the token in the response header
        res.status(StatusCodes.OK).send();
-      } catch {
+      } catch (error) {
+        console.log(error);
        res.status(StatusCodes.INTERNAL_SERVER_ERROR).json({
          error: "Server error",
          details: [{ message: "Server Error" }],
@ -280,13 +286,15 @@ export const refreshToken = async (req: Request, res: Response) => {
 };

 export const logout = async (req: Request, res: Response) => {
-  const jti: string = req.query.jti as string;
+  const jti: string = req.user!.jti as string;
  try {
    await prisma.refreshToken.delete({ where: { id: jti } });
-    res.removeHeader("Authorization");
-    res.removeHeader("Refresh-Token");
    res.status(StatusCodes.NO_CONTENT).send();
-  } catch {
-    res.status(StatusCodes.INTERNAL_SERVER_ERROR);
+  } catch (err) {
+    console.log(err);
+    res.status(StatusCodes.INTERNAL_SERVER_ERROR).json({
+      error: "Server error",
+      details: [{ message: "Server Error" }],
+    });
  }
 };
--- a/code/backend/src/routes/userRoutes.ts
+++ b/code/backend/src/routes/userRoutes.ts
@ -96,7 +96,7 @@ userRouter.post("/login", validateData(userLoginSchema), loginUser);
 *     security:
 *       - bearerAuth: []
 *     parameters:
- *       - in: query
+ *       - in: path
 *         name: username
 *         required: true
 *         schema:
--- a/code/backend/src/server.ts
+++ b/code/backend/src/server.ts
@ -14,12 +14,10 @@ app.use(
  cors({
    origin: "http://localhost:3000",
    credentials: true,
+    exposedHeaders: ["Authorization", "Refresh-Token"],
  })
 );
-app.use((req, res, next) => {
-  res.header("Access-Control-Expose-Headers", "Authorization");
-  next();
-});
+
 // minIO config
 export const minioClient = new Client({
  endPoint: "localhost", // Replace with your MinIO server URL