140 lines
6.2 KiB
JavaScript
140 lines
6.2 KiB
JavaScript
"use strict";
|
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
};
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.authService = void 0;
|
|
const bcryptjs_1 = __importDefault(require("bcryptjs"));
|
|
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
const client_1 = require("@prisma/client");
|
|
const database_1 = require("../../config/database");
|
|
const env_1 = require("../../config/env");
|
|
const error_handler_1 = require("../../middleware/error-handler");
|
|
const metrics_1 = require("../../utils/metrics");
|
|
exports.authService = {
|
|
async login(email, password) {
|
|
const user = await database_1.prisma.user.findUnique({ where: { email } });
|
|
if (!user) {
|
|
(0, metrics_1.recordLoginAttempt)('failure');
|
|
throw new error_handler_1.AppError(401, 'Invalid email or password', 'INVALID_CREDENTIALS');
|
|
}
|
|
const valid = await bcryptjs_1.default.compare(password, user.password);
|
|
if (!valid) {
|
|
(0, metrics_1.recordLoginAttempt)('failure');
|
|
throw new error_handler_1.AppError(401, 'Invalid email or password', 'INVALID_CREDENTIALS');
|
|
}
|
|
if (user.status !== client_1.UserStatus.ACTIVE) {
|
|
(0, metrics_1.recordLoginAttempt)('failure');
|
|
throw new error_handler_1.AppError(403, `Account is ${user.status.toLowerCase()}`, 'ACCOUNT_INACTIVE');
|
|
}
|
|
if (user.expiresAt && user.expiresAt < new Date()) {
|
|
(0, metrics_1.recordLoginAttempt)('failure');
|
|
throw new error_handler_1.AppError(403, 'Account has expired', 'ACCOUNT_EXPIRED');
|
|
}
|
|
(0, metrics_1.recordLoginAttempt)('success');
|
|
await database_1.prisma.user.update({
|
|
where: { id: user.id },
|
|
data: { lastLoginAt: new Date() },
|
|
});
|
|
const tokens = await this.generateTokenPair(user);
|
|
const { password: _, ...userWithoutPassword } = user;
|
|
return { user: userWithoutPassword, ...tokens };
|
|
},
|
|
async register(data) {
|
|
const existing = await database_1.prisma.user.findUnique({ where: { email: data.email } });
|
|
if (existing) {
|
|
throw new error_handler_1.AppError(409, 'Email already registered', 'EMAIL_EXISTS');
|
|
}
|
|
const hashedPassword = await bcryptjs_1.default.hash(data.password, 12);
|
|
const user = await database_1.prisma.user.create({
|
|
data: {
|
|
email: data.email,
|
|
password: hashedPassword,
|
|
name: data.name,
|
|
phone: data.phone,
|
|
role: client_1.UserRole.USER, // Always USER for public registration
|
|
},
|
|
});
|
|
const tokens = await this.generateTokenPair(user);
|
|
const { password: _, ...userWithoutPassword } = user;
|
|
return { user: userWithoutPassword, ...tokens };
|
|
},
|
|
async refreshTokens(refreshToken) {
|
|
let payload;
|
|
try {
|
|
payload = jsonwebtoken_1.default.verify(refreshToken, env_1.env.JWT_REFRESH_SECRET);
|
|
}
|
|
catch {
|
|
throw new error_handler_1.AppError(401, 'Invalid refresh token', 'INVALID_REFRESH_TOKEN');
|
|
}
|
|
const stored = await database_1.prisma.refreshToken.findUnique({
|
|
where: { token: refreshToken },
|
|
include: { user: true },
|
|
});
|
|
if (!stored) {
|
|
throw new error_handler_1.AppError(401, 'Refresh token not found', 'INVALID_REFRESH_TOKEN');
|
|
}
|
|
if (stored.expiresAt < new Date()) {
|
|
await database_1.prisma.refreshToken.delete({ where: { id: stored.id } });
|
|
throw new error_handler_1.AppError(401, 'Refresh token expired', 'REFRESH_TOKEN_EXPIRED');
|
|
}
|
|
// Rotate: delete old and create new atomically
|
|
const tokens = await database_1.prisma.$transaction(async (tx) => {
|
|
await tx.refreshToken.delete({ where: { id: stored.id } });
|
|
// Generate new token pair
|
|
const accessToken = this.generateAccessToken(stored.user);
|
|
const refreshPayload = {
|
|
id: stored.user.id,
|
|
email: stored.user.email,
|
|
role: stored.user.role
|
|
};
|
|
const refreshToken = jsonwebtoken_1.default.sign(refreshPayload, env_1.env.JWT_REFRESH_SECRET, {
|
|
expiresIn: env_1.env.JWT_REFRESH_EXPIRY,
|
|
});
|
|
const decoded = jsonwebtoken_1.default.decode(refreshToken);
|
|
const expiresAt = new Date(decoded.exp * 1000);
|
|
await tx.refreshToken.create({
|
|
data: {
|
|
token: refreshToken,
|
|
userId: stored.user.id,
|
|
expiresAt,
|
|
},
|
|
});
|
|
return { accessToken, refreshToken };
|
|
});
|
|
const { password: _, ...userWithoutPassword } = stored.user;
|
|
return { user: userWithoutPassword, ...tokens };
|
|
},
|
|
async logout(refreshToken) {
|
|
await database_1.prisma.refreshToken.deleteMany({ where: { token: refreshToken } });
|
|
},
|
|
generateAccessToken(user) {
|
|
const payload = { id: user.id, email: user.email, role: user.role };
|
|
return jsonwebtoken_1.default.sign(payload, env_1.env.JWT_ACCESS_SECRET, {
|
|
expiresIn: env_1.env.JWT_ACCESS_EXPIRY,
|
|
});
|
|
},
|
|
async generateRefreshToken(user) {
|
|
const payload = { id: user.id, email: user.email, role: user.role };
|
|
const token = jsonwebtoken_1.default.sign(payload, env_1.env.JWT_REFRESH_SECRET, {
|
|
expiresIn: env_1.env.JWT_REFRESH_EXPIRY,
|
|
});
|
|
// Parse expiry to get a Date
|
|
const decoded = jsonwebtoken_1.default.decode(token);
|
|
const expiresAt = new Date(decoded.exp * 1000);
|
|
await database_1.prisma.refreshToken.create({
|
|
data: {
|
|
token,
|
|
userId: user.id,
|
|
expiresAt,
|
|
},
|
|
});
|
|
return token;
|
|
},
|
|
async generateTokenPair(user) {
|
|
const accessToken = this.generateAccessToken(user);
|
|
const refreshToken = await this.generateRefreshToken(user);
|
|
return { accessToken, refreshToken };
|
|
},
|
|
};
|
|
//# sourceMappingURL=auth.service.js.map
|