diff --git a/packages/server/src/controllers/AuthController/endpoints/userLogin.js b/packages/server/src/controllers/AuthController/endpoints/userLogin.js index bf695896..903c46e9 100755 --- a/packages/server/src/controllers/AuthController/endpoints/userLogin.js +++ b/packages/server/src/controllers/AuthController/endpoints/userLogin.js @@ -18,7 +18,13 @@ export default { }) } - const token = await Token.createNewAuthToken(user, options) + const token = await Token.createNewAuthToken({ + username: user.username, + user_id: user._id.toString(), + ip_address: req.headers["x-forwarded-for"].split(",")[0] || req.socket.remoteAddress, + client: req.headers["user-agent"], + signLocation: global.signLocation, + }, options) return res.json({ token: token }) })(req, res) diff --git a/packages/server/src/lib/token/index.js b/packages/server/src/lib/token/index.js index bc1dab82..5a409e07 100755 --- a/packages/server/src/lib/token/index.js +++ b/packages/server/src/lib/token/index.js @@ -1,7 +1,7 @@ import jwt from "jsonwebtoken" -import { Session, RegenerationToken } from "../../models" +import { Session, RegenerationToken } from "@models" -export async function regenerateSession(expiredToken, refreshToken) { +export async function regenerateSession(expiredToken, refreshToken, aggregateData = {}) { // search for a regeneration token with the expired token (Should exist only one) const regenerationToken = await RegenerationToken.findOne({ refreshToken: refreshToken }) @@ -60,7 +60,12 @@ export async function regenerateSession(expiredToken, refreshToken) { } // generate a new token - const newToken = await createNewAuthToken(decodedExpiredToken, { + const newToken = await createNewAuthToken({ + username: decodedExpiredToken.username, + session_uuid: session.session_uuid, + user_id: decodedExpiredToken.user_id, + ip_address: aggregateData.ip_address, + }, { updateSession: session._id, }) @@ -121,18 +126,7 @@ export async function createNewRegenerationToken(expiredToken) { return regenerationToken } -export async function createNewAuthToken(user, options = {}) { - const payload = { - user_id: user._id ?? user.user_id, - username: user.username, - email: user.email, - signLocation: global.signLocation, - } - - return await signNewAuthToken(payload, options) -} - -export async function signNewAuthToken(payload, options = {}) { +export async function createNewAuthToken(payload, options = {}) { if (options.updateSession) { const sessionData = await Session.findOne({ _id: options.updateSession }) @@ -141,7 +135,12 @@ export async function signNewAuthToken(payload, options = {}) { payload.session_uuid = global.nanoid() } - const token = jwt.sign(payload, global.jwtStrategy.secretOrKey, { + const token = jwt.sign({ + session_uuid: payload.session_uuid, + username: payload.username, + user_id: payload.user_id, + signLocation: payload.signLocation, + }, global.jwtStrategy.secretOrKey, { expiresIn: global.jwtStrategy.expiresIn ?? "1h", algorithm: global.jwtStrategy.algorithm ?? "HS256" }) @@ -151,16 +150,14 @@ export async function signNewAuthToken(payload, options = {}) { session_uuid: payload.session_uuid, username: payload.username, user_id: payload.user_id, + location: payload.signLocation, + ip_address: payload.ip_address, + client: payload.client, date: new Date().getTime(), - location: payload.signLocation ?? "rs-auth", } if (options.updateSession) { - await Session.findByIdAndUpdate(options.updateSession, { - token: session.token, - date: session.date, - location: session.location, - }) + await Session.findByIdAndUpdate(options.updateSession, session) } else { let newSession = new Session(session) diff --git a/packages/server/src/models/session/index.js b/packages/server/src/models/session/index.js index 0c8b53e2..39858a03 100755 --- a/packages/server/src/models/session/index.js +++ b/packages/server/src/models/session/index.js @@ -8,5 +8,7 @@ export default { user_id: { type: String, required: true }, date: { type: Number, default: 0 }, location: { type: String, default: "Unknown" }, + ip_address: { type: String, default: "Unknown" }, + client: { type: String, default: "Unknown" }, } } \ No newline at end of file