search

phish-directory / api

API for phish.directory, a community-driven anti-phishing tool. Helping catch, prevent, and catalog phishing links & attempts.
4 stars 1 forks source link

JWT refresh tokens #12

Closed jaspermayone closed 3 months ago

jaspermayone commented 3 months ago 
// Token issuance endpoint
app.post('/login', (req, res) => {
  // Authenticate user
  const user = authenticateUser(req.body);
  if (user) {
    const accessToken = generateAccessToken(user);
    const refreshToken = generateRefreshToken(user);
    saveRefreshToken(user, refreshToken);
    res.json({ accessToken, refreshToken });
  } else {
    res.status(401).send('Unauthorized');
  }
});

// Token refresh endpoint
app.post('/token/refresh', (req, res) => {
  const { refreshToken } = req.body;
  if (!refreshToken || !isValidRefreshToken(refreshToken)) {
    return res.status(403).send('Forbidden');
  }
  const user = getUserFromRefreshToken(refreshToken);
  const newAccessToken = generateAccessToken(user);
  res.json({ accessToken: newAccessToken });
});