Merge pull request #17 from flycatch/fix/phase-3

fix(oauth): upadate oauth2 workflow to fix cookie cors issue

Author: shree-ni

README.md

@@ -67,12 +67,19 @@ app.use(
       prefix: "/auth",
       successRedirect: "http://localhost:3000/oauth-success",
       failureRedirect: "http://localhost:3000/oauth-failure",
-      autoProvision: true,
       defaultRole: "ROLE_USER",
-      setRefreshCookie: true,
-      appendTokensInRedirect: false,
-      includeAuthorities: true,
-      issueJwt: true,
+      onSuccess(info)=>{
+        const {profile, existingUser,} =info;
+        if(existingUser){
+          return existingUser;
+        }
+
+        // Logic to create new user
+        reateUser(profile)
+      },
+      onfailure(info)=>{
+      // Logic to be executed onFailure
+      },
       providers: {
         google: {
           clientID: "GOOGLE_CLIENT_ID",
@@ -82,15 +89,6 @@ app.use(
         },
       },
     },
-    cookies: {
-      enabled: true,
-      name: "AuthRefreshToken",
-      httpOnly: true,
-      secure: false,
-      sameSite: "Strict",
-      maxAge: 7 * 24 * 60 * 60 * 1000,
-      path: "/",
-    },
     twoFA: {
       enabled: false,
       prefix: "/auth/2fa",
@@ -250,7 +248,6 @@ oauth2: {
 - **defaultRole**: Default role assigned to new users.
 - **providers**: Supported providers (e.g., Google, GitHub).
 
-
 ### **Two-Factor Authentication**
 
 ```javascript
@@ -334,6 +331,7 @@ All endpoints use the configured prefix. Default prefixes shown below:
 - **GET** `/auth/{provider}` - Initiate OAuth login
 - **GET** `/auth/{provider}/callback` - OAuth callback
 - **GET** `/auth/error` - OAuth error redirect
+- **POST** `/auth/token` - to get token from temporary code
 
 ### **Two-Factor Authentication**
 
@@ -368,6 +366,15 @@ All endpoints use the configured prefix. Default prefixes shown below:
 3. Server processes authentication and auto-creates user if add any logic onSuccess.
 4. Server redirects to success URL with tokens as cookies.
 5. Subsequent requests use JWT or session authentication.
+6. After successful provider authentication, the temporary code will be set as a query parameter on the redirect URL.
+7. Frontend can then trigger `{prefix}/token` with a `POST` request and payload:
+
+```json
+{
+  "code": "code-from-redirect-url"
+}
+```
+
 
 ## Logout Behavior
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@flycatch/auth-core",
-  "version": "1.3.0",
+  "version": "1.4.0",
   "description": "A unified authentication module for Express.js, NestJS frameworks, supporting JWT, session-based, and Google OAuth login.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

src/index.ts

@@ -1,7 +1,7 @@
 import { NextFunction, Request, Response, Router } from "express";
 import { Config } from "./interfaces/config.interface";
 import express from "express";
-import createLogger from "./lib/wintson.logger";
+import createLogger from "./lib/winston.logger";
 import jwtRoutes from "./routes/jwt.routes";
 import sessionRoutes from "./routes/session.routes";
 import setupSession from "./config/session.config";

src/lib/wintson.logger.ts src/lib/winston.logger.tssrc/lib/wintson.logger.ts renamed to src/lib/winston.logger.ts

@@ -2,8 +2,8 @@
 import { Request, Response, NextFunction } from "express";
 import jwt from "jsonwebtoken";
 import { Config } from "../interfaces/config.interface";
-import createLogger from "../lib/wintson.logger";
-import { isTokenBlacklisted } from "../routes/jwt.routes";
+import createLogger from "../lib/winston.logger";
+import { isInBlacklist } from "../utils/jwt-blacklist";
 
 /**
  * Express middleware for validating JWT access tokens.
@@ -16,7 +16,7 @@ import { isTokenBlacklisted } from "../routes/jwt.routes";
  * @returns {import("express").RequestHandler} Express middleware function.
  */
 export default (config: Config) => {
-  return (req: Request, res: Response, next: NextFunction) => {
+  return async (req: Request, res: Response, next: NextFunction) => {
     const logger = createLogger(config);
 
     if (!config.jwt) {
@@ -51,8 +51,10 @@ export default (config: Config) => {
       });
     }
 
+    const isBlackisted = await isInBlacklist(token)
+
     // Check if token is blacklisted (only if blacklisting is enabled)
-    if (config.jwt.tokenBlacklist?.enabled && isTokenBlacklisted(token)) {
+    if (config.jwt.tokenBlacklist?.enabled && isBlackisted) {
       logger.warn("JWT middleware: Blacklisted token used");
       return res.status(401).json({
         error: "Unauthorized",

src/middlewares/jwt.middleware.ts

@@ -1,6 +1,6 @@
 import { NextFunction, Request, Response } from "express";
 import { Config } from "../interfaces/config.interface";
-import createLogger from "../lib/wintson.logger";
+import createLogger from "../lib/winston.logger";
 
 /**
  * Express middleware for validating user sessions.

src/middlewares/session.middleware.ts

@@ -3,7 +3,7 @@ import { Request, Response, Router } from "express";
 import { Config } from "../interfaces/config.interface";
 import jwt from "jsonwebtoken";
 import express from "express";
-import createLogger from "../lib/wintson.logger";
+import createLogger from "../lib/winston.logger";
 import apiResponse from "../utils/api-response";
 import { createJwtTokens } from "../utils/jwt";
 import twoFactorAuth, {
@@ -15,35 +15,8 @@ import {
   setBlacklistStorage,
 } from "../utils/jwt-blacklist";
 
-/**
- * In-memory token blacklist
- * Used only if no custom storage is configured
- */
-const tokenBlacklist = new Set<string>();
-
-/**
- * Add a token to the in-memory blacklist
- * @param token JWT token string
- */
-export const blacklistToken = (token: string): void => {
-  tokenBlacklist.add(token);
-};
 
-/**
- * Check if a token exists in the in-memory blacklist
- * @param token JWT token string
- * @returns boolean indicating if token is blacklisted
- */
-export const isTokenBlacklisted = (token: string): boolean => {
-  return tokenBlacklist.has(token);
-};
 
-/**
- * Clear all tokens from the in-memory blacklist
- */
-export const clearBlacklist = (): void => {
-  tokenBlacklist.clear();
-};
 
 /**
  * JWT Routes