Bugfix: Refactor authentication logic to include subscription and plan details in tokens

src/actions/auth/login/index.ts

@@ -1,7 +1,9 @@
 import jwt from "jsonwebtoken";
 import {
-    User
-} from "../../../models/User";
+    Subscription,
+    User,
+    Plan
+} from "../../../models/index";
 import {
     LoginResult,
     LoginInput
@@ -21,14 +23,14 @@ const login = async (input: LoginInput): Promise<LoginResult> => {
     if (!user) {
         return {
             message: "user-not-found",
-            code: 404,
+            code: 404
         };
     }
 
     if (user.password !== password) {
         return {
             message: "wrong-password",
-            code: 401,
+            code: 401
         };
     }
 
@@ -45,17 +47,41 @@ const login = async (input: LoginInput): Promise<LoginResult> => {
     if (!user.isApproved) {
         return {
             message: "your-account-is-currently-under-review-we-will-get-back-to-you",
-            code: 200,
+            code: 200
         };
     }
 
+    const activeSubscription = await Subscription.findOne({
+        userID: user._id.toString(),
+        status: "active",
+        isActive: true
+    });
+
+    let planLimits = null;
+
+    if (activeSubscription) {
+        const plan = await Plan.findById(activeSubscription.planID);
+        if (plan) {
+            planLimits = {
+                recommendedProductLimit: plan.recommendedProductLimit,
+                categoryLimit: plan.categoryLimit,
+                productLimit: plan.productLimit,
+                planID: plan._id.toString(),
+                menuLimit: plan.menuLimit
+            };
+        }
+    }
+
+    const tokenPayload = {
+        companyName: user.companyName,
+        fullName: user.fullName,
+        planDetails: planLimits,
+        userID: user._id,
+        mail: user.mail
+    };
+
     const accessToken = jwt.sign(
-        {
-            companyName: user.companyName,
-            fullName: user.fullName,
-            userID: user._id,
-            mail: user.mail
-        },
+        tokenPayload,
         process.env.JWT_SECRET as string,
         {
             expiresIn: "4h"
@@ -65,12 +91,7 @@ const login = async (input: LoginInput): Promise<LoginResult> => {
     await redis.setex(user._id.toString(), 14400, accessToken);
 
     const refreshToken = jwt.sign(
-        {
-            companyName: user.companyName,
-            fullName: user.fullName,
-            userID: user._id,
-            mail: user.mail
-        },
+        tokenPayload,
         process.env.JWT_SECRET as string,
         {
             expiresIn: "30d"

src/actions/auth/refreshToken/index.ts

@@ -1,11 +1,13 @@
 import jwt from "jsonwebtoken";
 import redis from "../../../config/redis";
 import {
-    User
-} from "../../../models/User";
+    Subscription,
+    User,
+    Plan
+} from "../../../models/index";
 import {
-    RefreshTokenInput,
-    RefreshTokenResult
+    RefreshTokenResult,
+    RefreshTokenInput
 } from "./types";
 
 const refreshToken = async (input: RefreshTokenInput): Promise<RefreshTokenResult> => {
@@ -23,18 +25,11 @@ const refreshToken = async (input: RefreshTokenInput): Promise<RefreshTokenResul
 
         const userID = user._id.toString();
 
-        let decoded: {
-            companyName: string;
-            fullName: string;
-            userID: string;
-            token: string;
-        };
-
         try {
-            decoded = jwt.verify(
+            jwt.verify(
                 token,
                 process.env.JWT_SECRET as string
-            ) as typeof decoded;
+            );
         } catch {
             return {
                 message: "invalid-refresh-token",
@@ -42,13 +37,37 @@ const refreshToken = async (input: RefreshTokenInput): Promise<RefreshTokenResul
             };
         }
 
+        const activeSubscription = await Subscription.findOne({
+            userID: userID,
+            status: "active",
+            isActive: true
+        });
+
+        let planLimits = null;
+
+        if (activeSubscription) {
+            const plan = await Plan.findById(activeSubscription.planID);
+            if (plan) {
+                planLimits = {
+                    recommendedProductLimit: plan.recommendedProductLimit,
+                    categoryLimit: plan.categoryLimit,
+                    productLimit: plan.productLimit,
+                    planID: plan._id.toString(),
+                    menuLimit: plan.menuLimit
+                };
+            }
+        }
+
+        const freshTokenPayload = {
+            companyName: user.companyName,
+            fullName: user.fullName,
+            planDetails: planLimits,
+            userID: user._id,
+            mail: user.mail
+        };
+
         const newAccessToken = jwt.sign(
-            {
-                companyName: decoded.companyName,
-                fullName: decoded.fullName,
-                userID: decoded.userID,
-                token: token
-            },
+            freshTokenPayload,
             process.env.JWT_SECRET as string,
             {
                 expiresIn: "4h"
@@ -56,12 +75,7 @@ const refreshToken = async (input: RefreshTokenInput): Promise<RefreshTokenResul
         );
 
         const newRefreshToken = jwt.sign(
-            {
-                companyName: decoded.companyName,
-                fullName: decoded.fullName,
-                userID: decoded.userID,
-                token: token
-            },
+            freshTokenPayload,
             process.env.JWT_SECRET as string,
             {
                 expiresIn: "30d"

src/models/Plan.ts

@@ -1,11 +1,13 @@
 import mongoose, {
-    Schema, Document 
+    Document,
+    Schema
 } from "mongoose";
 
 export interface IPlan extends Document {
+    recommendedProductLimit: number;
     type: {
         price: number;
-        type: string; 
+        type: string;
     }[];
     categoryLimit: number;
     productLimit: number;
@@ -38,6 +40,9 @@ const PlanSchema = new Schema<IPlan>(
         productLimit: {
             type: Number
         },
+        recommendedProductLimit: {
+            type: Number
+        },
         type: [
             {
                 type: {
@@ -50,7 +55,7 @@ const PlanSchema = new Schema<IPlan>(
         ],
     },
     {
-        timestamps: true 
+        timestamps: true
     }
 );
 

src/models/index.ts

@@ -0,0 +1,21 @@
+export {
+    User
+} from "./User";
+export {
+    Category
+} from "./Category";
+export {
+    Product
+} from "./Product";
+export {
+    Menu
+} from "./Menu";
+export {
+    default as Plan
+} from "./Plan";
+export {
+    default as Subscription
+} from "./Subscription";
+export {
+    RecommendedProduct
+} from "./RecommendedProduct";