Merge pull request #107 from GMHarish285/qse_googlerefresh3

Refresh tokens added for GoogleOAuth template

Author: Ashrockzzz2003

templates/express_oauth_google/controller/appController.js

@@ -1,6 +1,6 @@
 const getUserHomePage = (req, res) => {
     const user = req.user;
-    const token = req.cookies?.token;
+    const token = req.cookies?.access_token;
     return res.send(
         `Your name is: ${user.name}<br>Your email is: ${user.email}<br>Your token is: ${token}<br><br><a href="/auth/logout">Logout</a>`,
     );

templates/express_oauth_google/controller/authController.js

@@ -5,21 +5,22 @@ import { errorHandlerFunc } from "../errorHandler/errorHandler.js";
 import { googleConfig } from "../config/config.js";
 
 const checkLogin = (req, res) => {
-    const token = req.cookies?.token;
-    if (token) {
+    const accessToken = req.cookies?.access_token;
+    const refreshToken = req.cookies?.refresh_token;
+
+    if (accessToken) {
         try {
-            jwt.verify(token, process.env.JWT_SECRET);
+            jwt.verify(accessToken, process.env.JWT_SECRET);
             return res.redirect("/");
         } catch (err) {
-            errorHandlerFunc(
-                err,
-                "controller/authController",
-                401,
-                "Authentication failed",
-            );
+            console.log("[INFO]: Access token expired or invalid.");
         }
     }
 
+    if (refreshToken) {
+        return refreshAccessToken(req, res);
+    }
+
     const options = {
         redirect_uri: process.env.GOOGLE_CALLBACK_URL,
         client_id: process.env.GOOGLE_CLIENT_ID,
@@ -40,30 +41,82 @@ const handleAuth = async (req, res) => {
         return res.redirect("/");
     }
 
-    // Exchange code for tokens.
-    const { data: tokens } = await axios.post(googleConfig.tokenUrl, {
-        code,
-        client_id: process.env.GOOGLE_CLIENT_ID,
-        client_secret: process.env.GOOGLE_CLIENT_SECRET,
-        redirect_uri: process.env.GOOGLE_CALLBACK_URL,
-        grant_type: "authorization_code",
-    });
-
-    // Fetch user profile.
-    const { data: googleUser } = await axios.get(
-        `${googleConfig.userInfoUrl}&access_token=${tokens.access_token}`,
-    );
-
-    const user = { email: googleUser.email, name: googleUser.name };
-    const token = jwt.sign(user, process.env.JWT_SECRET, { expiresIn: "1h" });
-    res.cookie("token", token, { httpOnly: true });
-    // res.cookie('token', token, { httpOnly: true, secure: true }) // Use in production.
-    return res.redirect("/");
+    try {
+        // Exchange code for tokens.
+        const { data: tokens } = await axios.post(googleConfig.tokenUrl, {
+            code,
+            client_id: process.env.GOOGLE_CLIENT_ID,
+            client_secret: process.env.GOOGLE_CLIENT_SECRET,
+            redirect_uri: process.env.GOOGLE_CALLBACK_URL,
+            grant_type: "authorization_code",
+        });
+
+        // Fetch user profile.
+        const { data: googleUser } = await axios.get(
+            `${googleConfig.userInfoUrl}&access_token=${tokens.access_token}`,
+        );
+
+        const user = { email: googleUser.email, name: googleUser.name };
+        const accessToken = jwt.sign(user, process.env.JWT_SECRET, {
+            expiresIn: "10s",
+        });
+
+        // Set cookies for access and refresh tokens.
+        res.cookie("access_token", accessToken, { httpOnly: true });
+        res.cookie("refresh_token", tokens.refresh_token, { httpOnly: true });
+
+        return res.redirect("/");
+    } catch (err) {
+        errorHandlerFunc(
+            err,
+            res,
+            "controller/authController.log",
+            500,
+            "Authentication failed",
+        );
+    }
+};
+
+const refreshAccessToken = async (req, res) => {
+    try {
+        const refreshToken = req.cookies.refresh_token;
+
+        // Use refresh token to get a new access token.
+        const { data: tokens } = await axios.post(googleConfig.tokenUrl, {
+            client_id: process.env.GOOGLE_CLIENT_ID,
+            client_secret: process.env.GOOGLE_CLIENT_SECRET,
+            refresh_token: refreshToken,
+            grant_type: "refresh_token",
+        });
+
+        // Decode user information from the token.
+        const { data: googleUser } = await axios.get(
+            `${googleConfig.userInfoUrl}&access_token=${tokens.access_token}`,
+        );
+
+        const user = { email: googleUser.email, name: googleUser.name };
+        const newAccessToken = jwt.sign(user, process.env.JWT_SECRET, {
+            expiresIn: "10s",
+        });
+
+        // Update access token cookie.
+        res.cookie("access_token", newAccessToken, { httpOnly: true });
+        return res.redirect("/");
+    } catch (err) {
+        errorHandlerFunc(
+            err,
+            res,
+            "controller/authController.log",
+            401,
+            "Failed to refresh access token",
+        );
+    }
 };
 
 const logout = (req, res) => {
-    res.clearCookie("token");
+    res.clearCookie("access_token");
+    res.clearCookie("refresh_token"); // Clear refresh token as well.
     return res.redirect("/");
 };
 
-export { checkLogin, handleAuth, logout };
+export { checkLogin, handleAuth, logout, refreshAccessToken };

templates/express_oauth_google/middleware/authenticate.js

@@ -1,41 +1,28 @@
 import jwt from "jsonwebtoken";
-
+import { refreshAccessToken } from "../controller/authController.js";
 import { errorHandlerFunc } from "../errorHandler/errorHandler.js";
 
-// Cookie token authentication.
 const authenticateUser = (req, res, next) => {
-    const token = req.cookies?.token;
-    if (!token) {
+    const accessToken = req.cookies?.access_token;
+    const refreshToken = req.cookies?.refresh_token;
+
+    if (!accessToken && refreshToken) {
+        return refreshAccessToken(req, res); // Refresh access token if expired.
+    }
+    if (!accessToken) {
         return res.redirect("/auth/login");
     }
 
     try {
-        const user = jwt.verify(token, process.env.JWT_SECRET);
+        const user = jwt.verify(accessToken, process.env.JWT_SECRET);
         req.user = user;
         next();
     } catch (err) {
-        // Renew token if it gets expired.
-        if (err.name === "TokenExpiredError") {
-            try {
-                const user = jwt.decode(token);
-                const newToken = jwt.sign(user, process.env.JWT_SECRET, {
-                    expiresIn: "1h",
-                });
-                res.cookie("token", newToken, { httpOnly: true });
-                req.user = user;
-                return next();
-            } catch (decodeErr) {
-                console.error(`[ERROR]: ${decodeErr.message}`);
-                errorHandlerFunc(
-                    err,
-                    res,
-                    "middleware/authenticate.log",
-                    401,
-                    "Authentication failed",
-                );
-                return res.redirect("/auth/login");
-            }
+        if (err.name === "TokenExpiredError" && refreshToken) {
+            console.log("[INFO]: Access token expired. Refreshing...");
+            return refreshAccessToken(req, res);
         }
+
         errorHandlerFunc(
             err,
             res,