Added refresh tokens

config.js

@@ -20,7 +20,8 @@ config.mail.from = "name";
  * Session purge settings
 */
 // Maximum session length in days
-config.maxSessionLength = 30;
+config.maxSessionLength = 1;
+config.maxRefreshLength = 360;
 
 /*
  * SSL settings

index.js

@@ -35,6 +35,11 @@ mongoose.connect(config.db.connection, { useNewUrlParser: true, useUnifiedTopolo
 app.use(cors());
 app.use(express.urlencoded({ extended: true }))
 app.use(express.json());
+app.use(function(req, res, next) {
+    res.header("Access-Control-Allow-Origin", "*"); // update to match the domain you will make the request from
+    res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
+    next();
+  });
 
 // Sanitize data to prevent NoSQL injections
 app.use(mongoSanitize());

routes/user.route.js

@@ -235,6 +235,27 @@ userRoutes.route('/favorite/get').post((req, res) => {
     })
 })
 
+userRoutes.route('/refresh').post((req, res) => {
+    utils.account.checkRefresh(req.body.userId, req.body.refresh, valid => {
+        if (valid) {
+            let s = new Session();
+                s.sessionId = generateSession();
+                s.userId = u._id;
+                s.date = new Date();
+
+                s.save()
+                    .then(() => {
+                        res.json(s);
+                    })
+                    .catch(() => {
+                        res.status(500).send("Error logging in user");
+                    });
+        } else {
+            res.status(401).send("Incorrect refresh token");
+        }
+    }
+});
+
 
 module.exports = userRoutes;
 

schema/session.model.js

@@ -11,6 +11,9 @@ let Session = new Schema({
     },
     date: {
         type: Date
+    },
+    type: {
+        type: Number // 0 for sessionID, 1 for refresh token
     }
 }, {
     collection: 'sessions'

utils/account.js

@@ -1,10 +1,22 @@
 let User = require('../schema/user.model');
 let Session = require('../schema/session.model');
+const bcrypt = require('bcrypt');
 
 // checkSession(userId, sessionId) checks if the sessionId is valid for the user
 const checkSession = (userId, sessionId, f) => {
     Session.find({ userId: userId, sessionId: sessionId }, (err, res) => {
-        if (res) {
+        if (res && res.type == 0) {
+            f(true);
+            return;
+        }
+        f(false);
+    });
+}
+
+// checkRefresh(userId, sessionId) checks if the refresh token is valid for the user
+const checkRefresh = (userId, sessionId, f) => {
+    Session.find({ userId: userId, sessionId: sessionId }, (err, res) => {
+        if (res && res.type == 1) {
             f(true);
             return;
         }

utils/cron.js

@@ -1,6 +1,7 @@
 const config = require('../config');
 let Session = require('../schema/session.model');
 const maxSessionLength = config.maxSessionLength;
+const maxRefreshLength = config.maxRefreshLength;
 
 // purgeSessions() purge sessions that have existed for longer than maxSessionLength
 const purgeSessions = () => {
@@ -9,7 +10,12 @@ const purgeSessions = () => {
         for (let i = 0; i < arr.length; i++) {
             let timeDifference = new Date().getTime() - arr[i].date;
             let dayDifference = timeDifference / (1000 * 3600 * 24);
-            if (dayDifference > maxSessionLength) {
+            if (arr[i].type == 0 && dayDifference > maxSessionLength) {
+                arr[i].delete().catch(e => {
+                    console.log(e);
+                });
+            }
+            if (arr[i].type == 1 && dayDifference > maxRefreshLength) {
                 arr[i].delete().catch(e => {
                     console.log(e);
                 });