From 167d2e096a25686cc1831fb09f169580af15b052 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=A7=A6=E7=A7=8B=E6=97=AD?= <qiuxu.qin@outlook.com>
Date: Wed, 22 Feb 2023 16:41:46 +0800
Subject: [PATCH] update refreshToken

---
 src/common/configs/security.config.ts |  2 +-
 src/users/dto/token.dto.ts            |  7 +++++++
 src/users/token.service.ts            | 25 ++++++++++++++++++++-----
 3 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/src/common/configs/security.config.ts b/src/common/configs/security.config.ts
index f2f7275..191891d 100644
--- a/src/common/configs/security.config.ts
+++ b/src/common/configs/security.config.ts
@@ -3,7 +3,7 @@ import { registerAs, ConfigType } from '@nestjs/config'
 export const securityConfig = registerAs('security', () => ({
   jwt_access_secret: process.env.JWT_ACCESS_SECRET || 'JWT_ACCESS_SECRET',
   jwt_refresh_secret: process.env.JWT_REFRESH_SECRET || 'JWT_REFRESH_SECRET',
-  expiresIn: process.env.expiresIn || '30m',
+  expiresIn: process.env.expiresIn || '15m',
   refreshIn: process.env.refreshIn || '7d',
   bcryptSaltOrRound: Number(process.env.bcryptSaltOrRound) || 10,
 }))
diff --git a/src/users/dto/token.dto.ts b/src/users/dto/token.dto.ts
index 7204272..8a3824d 100644
--- a/src/users/dto/token.dto.ts
+++ b/src/users/dto/token.dto.ts
@@ -17,3 +17,10 @@ export class TokenRefreshPayload {
 export class TokenPayload {
   userId: string
 }
+
+export class TokenContnet extends TokenPayload {
+  /** Issued at */
+  iat: number
+  /** Expiration time */
+  exp: number
+}
diff --git a/src/users/token.service.ts b/src/users/token.service.ts
index b9f4064..c863d29 100644
--- a/src/users/token.service.ts
+++ b/src/users/token.service.ts
@@ -1,7 +1,7 @@
-import { Inject, Injectable, ForbiddenException } from '@nestjs/common'
+import { Inject, Injectable, UnauthorizedException } from '@nestjs/common'
 import * as bcrypt from 'bcrypt'
 import { PrismaService } from 'nestjs-prisma'
-import { Token, TokenPayload } from './dto/token.dto'
+import { Token, TokenPayload, TokenContnet } from './dto/token.dto'
 import { JwtService } from '@nestjs/jwt'
 import { securityConfig, SecurityConfig } from 'src/common/configs'
 
@@ -22,17 +22,32 @@ export class TokenService {
     const passwordValid = await bcrypt.compare(password, user.password)
 
     if (!passwordValid) {
-      throw new ForbiddenException('Invalid password')
+      throw new UnauthorizedException('Invalid password')
     }
 
     return this.generateTokens({ userId: user.id })
   }
 
   async refreshToken(token: string) {
-    const { userId } = this.jwtService.verify<TokenPayload>(token, {
+    const { userId, iat } = this.jwtService.verify<TokenContnet>(token, {
       secret: this.secureConfig.jwt_refresh_secret,
     })
-    return this.generateTokens({ userId })
+    const user = await this.prismaService.user.findUniqueOrThrow({
+      where: { id: userId },
+    })
+    if (iat * 1000 < user.updatedAt.getTime()) {
+      throw new UnauthorizedException('token失效，请重新登录')
+    }
+    return {
+      refreshToken: token,
+      accessToken: this.jwtService.sign(
+        { userId },
+        {
+          secret: this.secureConfig.jwt_refresh_secret,
+          expiresIn: this.secureConfig.refreshIn,
+        },
+      ),
+    }
   }
 
   generateTokens(payload: TokenPayload): Token {