update refreshToken
This commit is contained in:
parent
5bc8a7e072
commit
167d2e096a
@ -3,7 +3,7 @@ import { registerAs, ConfigType } from '@nestjs/config'
|
|||||||
export const securityConfig = registerAs('security', () => ({
|
export const securityConfig = registerAs('security', () => ({
|
||||||
jwt_access_secret: process.env.JWT_ACCESS_SECRET || 'JWT_ACCESS_SECRET',
|
jwt_access_secret: process.env.JWT_ACCESS_SECRET || 'JWT_ACCESS_SECRET',
|
||||||
jwt_refresh_secret: process.env.JWT_REFRESH_SECRET || 'JWT_REFRESH_SECRET',
|
jwt_refresh_secret: process.env.JWT_REFRESH_SECRET || 'JWT_REFRESH_SECRET',
|
||||||
expiresIn: process.env.expiresIn || '30m',
|
expiresIn: process.env.expiresIn || '15m',
|
||||||
refreshIn: process.env.refreshIn || '7d',
|
refreshIn: process.env.refreshIn || '7d',
|
||||||
bcryptSaltOrRound: Number(process.env.bcryptSaltOrRound) || 10,
|
bcryptSaltOrRound: Number(process.env.bcryptSaltOrRound) || 10,
|
||||||
}))
|
}))
|
||||||
|
|||||||
@ -17,3 +17,10 @@ export class TokenRefreshPayload {
|
|||||||
export class TokenPayload {
|
export class TokenPayload {
|
||||||
userId: string
|
userId: string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
export class TokenContnet extends TokenPayload {
|
||||||
|
/** Issued at */
|
||||||
|
iat: number
|
||||||
|
/** Expiration time */
|
||||||
|
exp: number
|
||||||
|
}
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
import { Inject, Injectable, ForbiddenException } from '@nestjs/common'
|
import { Inject, Injectable, UnauthorizedException } from '@nestjs/common'
|
||||||
import * as bcrypt from 'bcrypt'
|
import * as bcrypt from 'bcrypt'
|
||||||
import { PrismaService } from 'nestjs-prisma'
|
import { PrismaService } from 'nestjs-prisma'
|
||||||
import { Token, TokenPayload } from './dto/token.dto'
|
import { Token, TokenPayload, TokenContnet } from './dto/token.dto'
|
||||||
import { JwtService } from '@nestjs/jwt'
|
import { JwtService } from '@nestjs/jwt'
|
||||||
import { securityConfig, SecurityConfig } from 'src/common/configs'
|
import { securityConfig, SecurityConfig } from 'src/common/configs'
|
||||||
|
|
||||||
@ -22,17 +22,32 @@ export class TokenService {
|
|||||||
const passwordValid = await bcrypt.compare(password, user.password)
|
const passwordValid = await bcrypt.compare(password, user.password)
|
||||||
|
|
||||||
if (!passwordValid) {
|
if (!passwordValid) {
|
||||||
throw new ForbiddenException('Invalid password')
|
throw new UnauthorizedException('Invalid password')
|
||||||
}
|
}
|
||||||
|
|
||||||
return this.generateTokens({ userId: user.id })
|
return this.generateTokens({ userId: user.id })
|
||||||
}
|
}
|
||||||
|
|
||||||
async refreshToken(token: string) {
|
async refreshToken(token: string) {
|
||||||
const { userId } = this.jwtService.verify<TokenPayload>(token, {
|
const { userId, iat } = this.jwtService.verify<TokenContnet>(token, {
|
||||||
secret: this.secureConfig.jwt_refresh_secret,
|
secret: this.secureConfig.jwt_refresh_secret,
|
||||||
})
|
})
|
||||||
return this.generateTokens({ userId })
|
const user = await this.prismaService.user.findUniqueOrThrow({
|
||||||
|
where: { id: userId },
|
||||||
|
})
|
||||||
|
if (iat * 1000 < user.updatedAt.getTime()) {
|
||||||
|
throw new UnauthorizedException('token失效,请重新登录')
|
||||||
|
}
|
||||||
|
return {
|
||||||
|
refreshToken: token,
|
||||||
|
accessToken: this.jwtService.sign(
|
||||||
|
{ userId },
|
||||||
|
{
|
||||||
|
secret: this.secureConfig.jwt_refresh_secret,
|
||||||
|
expiresIn: this.secureConfig.refreshIn,
|
||||||
|
},
|
||||||
|
),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
generateTokens(payload: TokenPayload): Token {
|
generateTokens(payload: TokenPayload): Token {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user