encrypt tokens

Author: DylanBulmer

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@codrjs/core",
-  "version": "1.0.3",
+  "version": "1.0.4",
   "description": "An open-sourced customizable annotation tool",
   "main": "index.js",
   "repository": "git@github.com:CodrJS/Core.git",
@@ -9,7 +9,7 @@
   "private": false,
   "scripts": {
     "test": "jest --config jest.config.json --passWithNoTests --coverage",
-    "build": "yarn clean && swc src -d lib && tsc && cp package.json lib/",
+    "build": "yarn clean && swc src -d lib && tsc && cp package.json README.md lib/",
     "clean": "rm -rf ./lib",
     "format": "prettier --write \"src/**/*.(ts|js)\"",
     "lint": "eslint -c .eslintrc.json --ignore-path .eslintignore --ext .ts src",

src/classes/Mail/Template/Generic.ts

@@ -92,14 +92,14 @@ export default class GenericTemplate<T extends string>
    */
   private wrapperHTML({ content }: { content: string }) {
     return `<body
-  style="background: #f3f4f6; padding: 2em; font-size:16px; font-family:source-sans-pro, Roboto, sans-serif;"
+  style="background: #f3f4f6; padding: 2em 1em; font-size:16px; font-family:source-sans-pro, Roboto, sans-serif;"
 >
   <div style=" text-align: center;">
     <div
-      style="background: white; padding: 2em; border-radius: 0.5em; max-width: 500px; text-align: left; margin: auto;"
+      style="background: white; padding: 2em; border-radius: 0.5em; max-width: 65ch; text-align: left; margin: auto;"
     >
       ${content}
-      <br />
+      <br /><br />
       Best,<br />
       Your Codr Team<br />
       support@codrjs.com<br />
@@ -114,7 +114,7 @@ export default class GenericTemplate<T extends string>
  *
  * <img
  *   src="cid:logo"
- *   alt="TrustedRentr Logo"
+ *   alt="Codr Logo"
  *   style="display: block; width: 100%; height: 48px; margin-bottom: 2em; object-fit: contain;"
  * />
  */

src/models/User.ts

@@ -1,34 +1,13 @@
 import { EmailRegex } from "../classes/Email";
 import { Schema, model } from "mongoose";
-import { v4 as uuidv4 } from "uuid";
-// import { sign } from "jsonwebtoken";
 
 const UserProvider = new Schema({
   photo: { type: String },
   phone: { type: String },
-  email: { type: String },
+  email: { type: String, required: true },
   uid: { type: String, required: [true, "Provider's user id is required"] },
 });
 
-const UserAccessToken = new Schema({
-  value: {
-    type: String,
-    required: false,
-    unique: false,
-    default: uuidv4,
-  },
-  createdAt: {
-    type: String,
-    required: false,
-    unique: false,
-    default: new Date().toISOString(),
-  },
-  used: {
-    type: Boolean,
-    default: false,
-  },
-});
-
 /* UserSchema will correspond to a collection in your MongoDB database. */
 const UserSchema = new Schema(
   {
@@ -52,7 +31,8 @@ const UserSchema = new Schema(
       unique: true,
       index: true,
     },
-    accessToken: UserAccessToken,
+    accessToken: { type: String },
+    refreshToken: { type: String },
     providers: {
       type: [UserProvider],
     },

src/services/auth.ts

@@ -11,6 +11,16 @@ import User from "../models/User";
 import Response from "classes/Response";
 import { generateToken } from "classes/JWT";
 import Error from "../classes/Error";
+import crypto from "crypto";
+
+const md5 = (text: string) => {
+  return crypto.createHash("md5").update(text).digest();
+};
+
+interface IAccessCode {
+  email: string;
+  token: string;
+}
 
 class Authentication {
   private app: App;
@@ -22,26 +32,44 @@ class Authentication {
 
   // }
 
-  async signinWithEmail({
-    email,
-    accessToken,
-  }: {
-    email: Email;
-    accessToken?: string;
-  }): Promise<Response<undefined | { token: string }>> {
+  // for encrypting AccessCode object into a string
+  private encrypt(text: string) {
+    let secretKey = md5(process.env.SECRET as string);
+    secretKey = Buffer.concat([secretKey, secretKey.subarray(0, 8)]);
+    const cipher = crypto.createCipheriv("des-ede3", secretKey, "");
+    const encrypted = cipher.update(text, "utf8", "hex");
+    return encrypted + cipher.final("hex");
+  }
+
+  // for decrypting AccessCode string into an object
+  private decrypt(text: string) {
+    let secretKey = md5(process.env.SECRET as string);
+    secretKey = Buffer.concat([secretKey, secretKey.subarray(0, 8)]);
+    const decipher = crypto.createDecipheriv("des-ede3", secretKey, "");
+    let decrypted = decipher.update(text, "utf8", "hex");
+    decrypted += decipher.final();
+    return decrypted;
+  }
+
+  async signinWithEmail(
+    accessCode: string,
+  ): Promise<Response<undefined | { token: string }>> {
+    const { email, token: accessToken } = JSON.parse(
+      this.decrypt(accessCode),
+    ) as IAccessCode;
     if (!email)
       throw new Error({
         status: 400,
         message: "No email address was received",
       });
-    if (!email.isValid)
+    if (!new Email(email).isValid)
       throw new Error({
         status: 400,
         message: "Invalid email address provided",
       });
 
     try {
-      const user = await User.findOne({ email: email.email });
+      const user = await User.findOne({ email });
       if (!user) {
         // is user cannot be found, then they are not allowed in.
         throw new Error({
@@ -53,28 +81,25 @@ class Authentication {
         try {
           // init access token
           const accessToken = uuidv4();
-          await User.findOneAndUpdate(
-            { email: email.email },
-            {
-              accessToken: {
+          await user.update({
+            accessToken: this.encrypt(
+              JSON.stringify({
                 value: accessToken,
                 createdAt: new Date().toISOString(),
-                used: false,
-              },
-            },
-          );
+                exprired: false,
+              }),
+            ),
+          });
 
           // send email with magic link
           const link =
             process.env["DOMAIN"] +
-            "/auth/email/verify?email=" +
-            email.email +
-            "&token=" +
-            accessToken;
+            "/auth/email/verify?token=" +
+            this.encrypt(JSON.stringify({ email: email, token: accessToken }));
           const template = new SigninTemplate();
           await Mail.send(await template.html({ link }), {
             ...template.config,
-            to: email.email,
+            to: email,
           });
           return new Response({
             message: "An email has been sent to your inbox.",
@@ -85,20 +110,42 @@ class Authentication {
             message: e?.message || "An unknown error occured",
           });
         }
-      } else if (
-        user.accessToken?.value == accessToken &&
-        new Date().getTime() <
-          new Date(user.accessToken?.createdAt).getTime() + 5 * 60 * 1000
-      ) {
-        const token = generateToken(user.toJSON());
-        await User.findOneAndUpdate(
-          { email: email.email },
-          { "accessToken.used": true },
-        );
-        return new Response<{ token: string }>({
-          message: `Welcome, ${user.name}`,
-          details: { token },
-        });
+      } else if (user.accessToken) {
+        const accessCode = JSON.parse(this.decrypt(user.accessToken)) as {
+          value: string;
+          createdAt: string;
+          expired: boolean;
+        };
+        if (
+          accessCode?.value == accessToken &&
+          new Date().getTime() <
+            new Date(accessCode?.createdAt).getTime() + 5 * 60 * 1000
+        ) {
+          // generate JWT token
+          const token = generateToken(user.toJSON());
+
+          // update user
+          await user.updateOne({
+            accessToken: this.encrypt(
+              JSON.stringify({ ...accessCode, expired: true }),
+            ),
+            refreshToken: this.encrypt(
+              JSON.stringify({
+                value: uuidv4(),
+                createdAt: new Date().toISOString(),
+                expired: false,
+              }),
+            ),
+          });
+          return new Response<{ token: string }>({
+            message: `Login successful.`,
+            details: { token },
+          });
+        } else
+          throw new Error({
+            status: 500,
+            message: "Login link expired or is invalid.",
+          });
       } else
         throw new Error({
           status: 500,