Feature: Simplify refresh token logic and improve error handling

src/actions/auth/refreshToken/index.ts

@@ -7,16 +7,18 @@ import {
     RefreshTokenResult 
 } from "./types";
 
-const refreshToken = async (userId: string, token: string): Promise<RefreshTokenResult> => {
+const refreshToken = async (token: string): Promise<RefreshTokenResult> => {
     try {
-        if (!userId || !token) {
+        if (!token) {
             return {
-                message: "userId and refreshToken required",
+                message: "refreshToken-required",
                 code: 400
             };
         }
 
-        const user = await User.findById(userId);
+        const user = await User.findOne({
+            refreshToken: token 
+        });
         if (!user) {
             return {
                 message: "user-not-found",
@@ -24,11 +26,12 @@ const refreshToken = async (userId: string, token: string): Promise<RefreshToken
             };
         }
 
+        const userID = user._id.toString();
+
         let decoded: {
             companyName: string;
             fullName: string;
-            userId: string;
-            mail: string;
+            userID: string;
         };
 
         try {
@@ -43,19 +46,11 @@ const refreshToken = async (userId: string, token: string): Promise<RefreshToken
             };
         }
 
-        if (decoded.userId !== userId) {
-            return {
-                message: "invalid-refresh-token", 
-                code: 401
-            };
-        }
-
         const newAccessToken = jwt.sign(
             {
                 companyName: user.companyName,
                 fullName: user.fullName,
-                userId: user._id,
-                mail: user.mail,
+                userID: user._id
             },
             process.env.JWT_SECRET as string,
             {
@@ -67,8 +62,7 @@ const refreshToken = async (userId: string, token: string): Promise<RefreshToken
             {
                 companyName: user.companyName,
                 fullName: user.fullName,
-                userId: user._id,
-                mail: user.mail,
+                userID: user._id
             },
             process.env.JWT_SECRET as string,
             {
@@ -76,8 +70,7 @@ const refreshToken = async (userId: string, token: string): Promise<RefreshToken
             }
         );
 
-        await redis.del(`${userId}`);
-        await redis.setex(`${userId}`, 14400, newAccessToken);
+        await redis.setex(userID, 14400, newAccessToken);
 
         user.refreshToken = newRefreshToken;
         await user.save();
@@ -86,8 +79,8 @@ const refreshToken = async (userId: string, token: string): Promise<RefreshToken
             code: 200,
             message: "token-refreshed",
             payload: {
-                accessToken: newAccessToken,
                 refreshToken: newRefreshToken,
+                accessToken: newAccessToken,
             },
         };
     } catch (error) {

src/actions/auth/refreshToken/types.ts

@@ -2,7 +2,7 @@ export interface RefreshTokenResult {
     code: number;
     message: string;
     payload?: {
-        accessToken: string;
         refreshToken: string;
+        accessToken: string;
     };
 }

src/controllers/authController.ts

@@ -33,17 +33,19 @@ export const register = async (req: Request, res: Response): Promise<void> => {
             mail
         });
 
-        res.status(result.code).json({
-            message: result.message,
-            code: result.code
-        });
+        res.status(result.code)
+            .json({
+                message: result.message,
+                code: result.code
+            });
 
     } catch (error) {
         console.error("Register error:", error);
-        res.status(500).json({
-            message: "Internal server error",
-            code: 500,
-        });
+        res.status(500)
+            .json({
+                message: "internal-server-error",
+                code: 500,
+            });
     }
 };
 
@@ -90,11 +92,11 @@ export const logout = async (req: AuthRequest, res: Response): Promise<void> =>
         }
 
         const {
-            userId,
+            userID,
             token
         } = context;
 
-        if (!userId || !token) {
+        if (!userID || !token) {
             res.status(401).json({
                 message: "Unauthorized: Missing user information",
                 code: 401
@@ -102,7 +104,7 @@ export const logout = async (req: AuthRequest, res: Response): Promise<void> =>
             return;
         }
 
-        const result = await _logout(userId, token);
+        const result = await _logout(userID, token);
 
         res.status(result.code).json({
             message: result.message,
@@ -121,14 +123,14 @@ export const me = async (req: AuthRequest, res: Response): Promise<void> => {
     try {
         const context = req.context;
 
-        if (!context || !context.userId) {
+        if (!context || !context.userID) {
             res.status(401).json({
                 message: "Unauthorized", code: 401
             });
             return;
         }
 
-        const result = await _me(context.userId);
+        const result = await _me(context.userID);
 
         res.status(result.code).json({
             message: result.message,
@@ -144,26 +146,28 @@ export const me = async (req: AuthRequest, res: Response): Promise<void> => {
     }
 };
 
-export const refreshTokenController = async (req: Request, res: Response): Promise<void> => {
+export const refreshToken = async (req: Request, res: Response): Promise<void> => {
     try {
         const {
-            userId, refreshToken 
+            refreshToken
         } = req.body;
 
-        const result = await _refreshToken(userId, refreshToken);
+        const result = await _refreshToken(refreshToken);
 
-        res.status(result.code).json({
-            message: result.message,
-            code: result.code,
-            ...(result.payload && {
-                payload: result.payload,
-            }),
-        });
+        res.status(result.code)
+            .json({
+                message: result.message,
+                code: result.code,
+                ...(result.payload && {
+                    payload: result.payload,
+                }),
+            });
     } catch (error) {
         console.error("RefreshToken controller error:", error);
-        res.status(500).json({
-            message: "internal-server-error",
-            code: 500,
-        });
+        res.status(500)
+            .json({
+                message: "internal-server-error",
+                code: 500,
+            });
     }
 };

src/middlewares/authMiddleware.ts

@@ -8,7 +8,9 @@ import {
 } from "../models/User";
 export interface AuthRequest extends Request {
     context?: {
-        userId: string;
+        companyName: string;
+        fullName: string;
+        userID: string;
         token: string;
     };
 }
@@ -18,62 +20,86 @@ export const authMiddleware = async (req: AuthRequest, res: Response, next: Next
         const token = req.headers.authorization;
 
         if (!token) {
-            res.status(401).json({
-                message: "token-not-found",
-                code: 401
-            });
+            res.status(401)
+                .json({
+                    message: "token-not-found",
+                    code: 401
+                });
             return;
         }
 
-        let decoded: { userId: string };
+        let decoded: { 
+            userID: string;
+            fullName: string;
+            companyName: string;
+        };
+        
         try {
-            decoded = jwt.verify(token, process.env.JWT_SECRET as string) as { userId: string };
+            decoded = jwt.verify(token, process.env.JWT_SECRET as string) as { 
+                userID: string,
+                fullName: string;
+                companyName: string;
+            };
         } catch (err) {
-            res.status(401).json({
-                message: "expired-token", code: 401
-            });
+            res.status(401)
+                .json({
+                    message: "expired-token", 
+                    code: 401
+                });
             return;
         }
 
-        if (!decoded || !decoded.userId) {
-            res.status(401).json({
-                message: "invalid-token", code: 401
-            });
+        if (!decoded || !decoded.userID) {
+            res.status(401)
+                .json({
+                    message: "invalid-token", 
+                    code: 401
+                });
             return;
         }
 
-        const cachedToken = await redis.get(`${decoded.userId}`);
+        const cachedToken = await redis.get(`${decoded.userID}`);
         if (!cachedToken) {
-            res.status(401).json({
-                message: "expired-token", code: 401
-            });
+            res.status(401)
+                .json({
+                    message: "expired-token", 
+                    code: 401
+                });
             return;
         }
 
         if (cachedToken !== token) {
-            res.status(401).json({
-                message: "invalid-token", code: 401
-            });
+            res.status(401)
+                .json({
+                    message: "invalid-token",
+                    code: 401
+                });
             return;
         }
 
-        const user = await User.findById(decoded.userId);
+        const user = await User.findById(decoded.userID);
         if (!user) {
-            res.status(401).json({
-                message: "user-not-found", code: 401
-            });
+            res.status(401)
+                .json({
+                    message: "user-not-found", 
+                    code: 401
+                });
             return;
         }
 
         req.context = {
-            userId: decoded.userId,
+            companyName: decoded.companyName,
+            fullName: decoded.fullName,
+            userID: decoded.userID,
             token: token
         };
         next();
 
     } catch (error) {
-        res.status(401).json({
-            message: "invalid-token", code: 401
-        });
+        res.status(401)
+            .json({
+                message: "invalid-token", 
+                code: 401
+            });
     }
 };

src/routes/authRoutes.ts

@@ -2,7 +2,7 @@ import {
     Router
 } from "express";
 import {
-    refreshTokenController,
+    refreshToken,
     register,
     logout,
     login,
@@ -21,14 +21,15 @@ router.post("/register", register);
 router.post("/login", login);
 
 router.get("/validate-token", authMiddleware, (req:AuthRequest, res) => {
-    res.status(200).json({
-        message: "token-valid",
-        context: req.context,
-        code: 200
-    });
+    res.status(200)
+        .json({
+            message: "token-valid",
+            context: req.context,
+            code: 200
+        });
 });
 
-router.post("/refresh-token", refreshTokenController);
+router.post("/refresh-token", refreshToken);
 
 
 export default router;