refreshtoken implemented, i think?

2025-04-07 13:16:48 +02:00 · 2025-04-07 13:16:48 +02:00 · 4be7977c11
commit 4be7977c11
parent 1f372355d4
6 changed files with 68 additions and 15 deletions
--- a/backend/Api/BusinessLogic/UserLogic.cs
+++ b/backend/Api/BusinessLogic/UserLogic.cs
@ -197,7 +197,9 @@ namespace Api.BusinessLogic
        {
            User user = await _dbAccess.ReadUserByRefreshToken(refreshToken);
            if (user == null) { return new ConflictObjectResult(new { message = "Could not match refreshtoken" }); }
-            return new OkObjectResult(GenerateJwtToken(user));
+            user = await UpdateRefreshToken(user);
+            string jwtToken = GenerateJwtToken(user);
+            return new OkObjectResult(new { token = jwtToken, refreshToken = user.RefreshToken });
        }

        /// <summary>
@ -265,7 +267,7 @@ namespace Api.BusinessLogic
        private async Task<User> UpdateRefreshToken(User user)
        {
            user.RefreshToken = Guid.NewGuid().ToString();
-            user.RefreshTokenExpiresAt = DateTime.Now.AddDays(7);
+            user.RefreshTokenExpiresAt = DateTime.Now.AddDays(30);
            await _dbAccess.UpdateUser(user);
            return user;
        }
--- a/backend/Api/Controllers/UserController.cs
+++ b/backend/Api/Controllers/UserController.cs
@ -74,5 +74,11 @@ namespace Api.Controllers
            return await _userLogic.DeleteUser(userId);
        }

+        [HttpPost("RefreshToken/{refreshToken}")]
+        public async Task<IActionResult> RefreshToken(string refreshToken)
+        {
+            return await _userLogic.RefreshToken(refreshToken);
+        }
+
    }
 }
--- a/frontend/scripts/home.js
+++ b/frontend/scripts/home.js
@ -1,5 +1,4 @@
 import { logout } from "../shared/utils.js";
-import { getUser } from "../shared/utils.js";
 import { getDevices, getLogsOnDeviceId } from "./services/devices.service.js";

 let chart;
--- a/frontend/scripts/login.js
+++ b/frontend/scripts/login.js
@ -11,7 +11,7 @@ document.getElementById("loginForm").addEventListener("submit", function(event)
    login(emailOrUsername, password)
        .then(response => {
            document.cookie = `auth-token=${response.token}; Path=/`;
-
+            document.cookie = `refresh-token=${response.refreshToken}; Path=/`;
            localStorage.setItem("user", JSON.stringify({
                id: response.id,
                username: response.userName,
--- a/frontend/scripts/services/users.service.js
+++ b/frontend/scripts/services/users.service.js
@ -1,4 +1,5 @@
 import { request } from "../../shared/utils.js";
+import { address } from "../../shared/constants.js";


 export function get() {
@ -6,9 +7,18 @@ export function get() {
 }

 export function login(usernameOrEmail, password) {
-    return request("POST", "/user/login", {
-        EmailOrUsrn: usernameOrEmail,
-        Password: password,
+    return fetch(`${address}/user/login`, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json"
+        },
+        body: JSON.stringify({ password: password, EmailOrUsrn: usernameOrEmail })
+    })
+    .then(response => {
+        if (!response.ok) {
+            return("Request failed with HTTP code " + response.status);
+        }
+        return response.json();
    });
 }

@ -35,3 +45,5 @@ export function updatePassword(oldPassword, newPassword){
    });
 }

+
+
--- a/frontend/shared/utils.js
+++ b/frontend/shared/utils.js
@ -1,13 +1,12 @@
 import { address } from "./constants.js";

 export async function request(method, path, body = null) {
-    const token = document.cookie.match(/\bauth-token=([^;\s]+)/);
-
+    const token = await checkTokens()
    const headers = {};
+    headers["Authorization"] = `Bearer ${token}`;
+
    if (body)
        headers["Content-Type"] = "application/json";
-    if (token?.length > 1)
-        headers["Authorization"] = `Bearer ${token[1]}`;

    return new Promise((resolve, reject) => {
        fetch(address + path, {
@ -16,9 +15,9 @@ export async function request(method, path, body = null) {
            body: body ? JSON.stringify(body) : undefined,
        })
            .then(async response => {
-                if (response.status === 401) {
-                    location.href = "/login";
-                }
+                // if (response.status === 401) {
+                //     location.href = "/login";
+                // }

                try {
                    const json = await response.json();
@ -40,9 +39,44 @@ export async function request(method, path, body = null) {
    });
 }

+export function checkTokens() {
+    var token = document.cookie.match(/\bauth-token=([^;\s]+)/);
+    if(token != null){
+        return token[1]
+    }
+    const match = document.cookie.match(/\brefresh-token=([^;\s]+)/);
+    token = match ? match[1] : null;
+    console.log("refresh "+token); 
+   if(token != null){
+    return fetch(`${address}/user/refreshtoken/${token}`, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json"
+        },
+    })
+    .then(async response => {
+        if (!response.ok) {
+            window.location.href = "/login";
+            return;
+        }
+    
+        const json = await response.json()
+    
+        document.cookie = `auth-token=${json.token}; Path=/`;
+        document.cookie = `refresh-token=${json.refreshToken}; Path=/`;
+    
+        return json.token;
+    });
+   }
+   else{
+    window.location.href = "/login";
+   }
+}
+
 export function logout() {
    localStorage.removeItem("user");
    document.cookie = "auth-token=";
+    document.cookie = "refresh-token=";
    window.location.href = "/";
 }

@ -51,6 +85,6 @@ export function getUser() {
 }

 export function isLoggedIn() {
-    return document.cookie.match(/\bauth-token=/) && localStorage.getItem("user");
+    return (document.cookie.match(/\bauth-token=/) && localStorage.getItem("user"));  
 }