cambios en el refresh token

2025-10-01 15:13:57 -04:00
parent d71c25f0ff
commit e2105ccbf5
5 changed files with 21 additions and 8 deletions
--- a/apps/api/src/features/auth/auth.controller.ts
+++ b/apps/api/src/features/auth/auth.controller.ts
@@ -1,3 +1,4 @@
+// auth.controllers
 import { Public } from '@/common/decorators';
 import { JwtRefreshGuard } from '@/common/guards/jwt-refresh.guard';
 import { RefreshTokenDto } from '@/features/auth/dto/refresh-token.dto';
@@ -51,7 +52,7 @@ export class AuthController {
  //   return { message: 'Password reset link sent to your email' };
  // }

-  @UseGuards(JwtRefreshGuard)
+  // @UseGuards(JwtRefreshGuard)
  @Public()
  @HttpCode(200)
  @Patch('refresh')
@@ -63,7 +64,7 @@ export class AuthController {
    // console.log("refreshTokenDto",refreshTokenDto);
    // console.log(typeof refreshTokenDto);

-    const data = await this.authService.refreshToken(refreshTokenDto,req['user'].sub);
+    const data = await this.authService.refreshToken(refreshTokenDto);
    // console.log("data",data);
    
    if (!data) {
--- a/apps/api/src/features/auth/auth.service.ts
+++ b/apps/api/src/features/auth/auth.service.ts
@@ -1,3 +1,4 @@
+// auth.service
 import { envs } from '@/common/config/envs';
 import { Env, validateString } from '@/common/utils';
 import { DRIZZLE_PROVIDER } from '@/database/drizzle-provider';
@@ -261,10 +262,16 @@ export class AuthService {
  }

  //Refresh User Access Token
-  async refreshToken(dto: RefreshTokenDto,user_id:number): Promise<RefreshTokenInterface> {
-    // const { user_id } = dto;
+  async refreshToken(dto: RefreshTokenDto): Promise<RefreshTokenInterface> {
+    const { user_id, refresh_token } = dto;
    // const user_id = 1;

+    const validation = await this.jwtService.verifyAsync(refresh_token, {
+        secret: envs.refresh_token_secret,
+    });
+
+    if (!validation) throw new UnauthorizedException('Invalid refresh token');
+
    const session = await this.drizzle
      .select()
      .from(sessions)
--- a/apps/api/src/features/auth/dto/refresh-token.dto.ts
+++ b/apps/api/src/features/auth/dto/refresh-token.dto.ts
@@ -1,3 +1,4 @@
+// refresh-token
 import { ApiProperty } from '@nestjs/swagger';
 import { IsNumber, IsString } from 'class-validator';

@@ -8,7 +9,7 @@ export class RefreshTokenDto {
  })
  refresh_token: string;

-  // @ApiProperty()
-  // @IsNumber()
-  // user_id: number;
+  @ApiProperty()
+  @IsNumber()
+  user_id: number;
 }
--- a/apps/web/feactures/auth/schemas/refreshToken.ts
+++ b/apps/web/feactures/auth/schemas/refreshToken.ts
@@ -1,8 +1,10 @@
+// refreshtoken
 import { z } from 'zod';
 import { tokensSchema } from './login';

 // Esquema para el refresh token
 export const refreshTokenSchema = z.object({
+  user_id: z.number(),
  token: z.string(),
 });

--- a/apps/web/lib/auth.config.ts
+++ b/apps/web/lib/auth.config.ts
@@ -1,3 +1,4 @@
+//auth.config
 import { SignInAction } from '@/feactures/auth/actions/login-action';
 import { resfreshTokenAction } from '@/feactures/auth/actions/refresh-token-action';
 import { CredentialsSignin, NextAuthConfig, Session, User } from 'next-auth';
@@ -146,7 +147,7 @@ const authConfig: NextAuthConfig = {
      // 4. Si el token de acceso ha expirado pero el refresh token es válido, renovar
      // console.log("Renovando token de acceso...");
      try {
-        const res = await resfreshTokenAction({ token: token.refresh_token as string });
+        const res = await resfreshTokenAction({ token: token.refresh_token as string, user_id: token.user.id as number});

        if (!res || !res.tokens) {
          throw new Error('Fallo en la respuesta de la API de refresco.');
@@ -185,6 +186,7 @@ const authConfig: NextAuthConfig = {
      return session;
    },
  },
+
 } satisfies NextAuthConfig;

 export default authConfig;