hotfix(mobile): refresh token for mobile

* fix(socket): add path for socket

* fix(mobile): refresh token

Author: MarioRaafat

src/auth/auth.controller.ts

@@ -93,6 +93,8 @@ import {
     verify_update_email_swagger,
 } from './auth.swagger';
 import { ConfirmPasswordDto } from './dto/confirm-password.dto';
+import { RefreshTokenDto } from './dto/refresh-token.dto';
+import { LogoutDto } from './dto/logout.dto';
 
 @ApiTags('Authentication')
 @Controller('auth')
@@ -144,7 +146,7 @@ export class AuthController {
         const { user, access_token, refresh_token } = await this.auth_service.signupStep3(dto);
 
         this.httpOnlyRefreshToken(response, refresh_token);
-        return { user, access_token };
+        return { user, access_token, refresh_token };
     }
 
     @ApiOperation(login_swagger.operation)
@@ -159,7 +161,7 @@ export class AuthController {
         const { access_token, refresh_token, user } = await this.auth_service.login(login_dto);
 
         this.httpOnlyRefreshToken(response, refresh_token);
-        return { access_token, user };
+        return { user, access_token, refresh_token };
     }
 
     @ApiOperation(generate_otp_swagger.operation)
@@ -240,14 +242,19 @@ export class AuthController {
     @ApiBearerAuth('JWT-auth')
     @UseGuards(JwtAuthGuard)
     @ApiOperation(logout_swagger.operation)
+    @ApiBody({ type: LogoutDto, required: false })
     @ApiCookieAuth('refresh_token')
     @ApiOkResponse(logout_swagger.responses.success)
     @ApiBadRequestErrorResponse(ERROR_MESSAGES.NO_REFRESH_TOKEN_PROVIDED)
     @ApiUnauthorizedErrorResponse(ERROR_MESSAGES.INVALID_OR_EXPIRED_TOKEN)
     @ResponseMessage(SUCCESS_MESSAGES.LOGGED_OUT)
     @Post('logout')
-    async logout(@Req() req: Request, @Res({ passthrough: true }) response: Response) {
-        const refresh_token = req.cookies['refresh_token'];
+    async logout(
+        @Body() body: LogoutDto,
+        @Req() req: Request,
+        @Res({ passthrough: true }) response: Response
+    ) {
+        const refresh_token = body.refresh_token || req.cookies['refresh_token'];
         if (!refresh_token) throw new BadRequestException('No refresh token provided');
         return await this.auth_service.logout(refresh_token, response);
     }
@@ -256,31 +263,42 @@ export class AuthController {
     @ApiCookieAuth('refresh_token')
     @UseGuards(JwtAuthGuard)
     @ApiOperation(logout_all_swagger.operation)
+    @ApiBody({ type: LogoutDto, required: false })
     @ApiOkResponse(logout_all_swagger.responses.success)
     @ApiBadRequestErrorResponse(ERROR_MESSAGES.NO_REFRESH_TOKEN_PROVIDED)
     @ApiUnauthorizedErrorResponse(ERROR_MESSAGES.INVALID_OR_EXPIRED_TOKEN)
     @ResponseMessage(SUCCESS_MESSAGES.LOGGED_OUT_ALL)
     @Post('logout-all')
-    async logoutAll(@Req() req: Request, @Res({ passthrough: true }) response: Response) {
-        const refresh_token = req.cookies['refresh_token'];
+    async logoutAll(
+        @Body() body: LogoutDto,
+        @Req() req: Request,
+        @Res({ passthrough: true }) response: Response
+    ) {
+        const refresh_token = body.refresh_token || req.cookies['refresh_token'];
         if (!refresh_token) throw new BadRequestException('No refresh token provided');
         return await this.auth_service.logoutAll(refresh_token, response);
     }
 
     @ApiOperation(refresh_token_swagger.operation)
+    @ApiBody({ type: RefreshTokenDto, required: false })
+    @ApiCookieAuth('refresh_token')
     @ApiOkResponse(refresh_token_swagger.responses.success)
     @ApiBadRequestErrorResponse(ERROR_MESSAGES.NO_REFRESH_TOKEN_PROVIDED)
     @ApiUnauthorizedErrorResponse(ERROR_MESSAGES.INVALID_OR_EXPIRED_TOKEN)
     @ResponseMessage(SUCCESS_MESSAGES.NEW_ACCESS_TOKEN)
     @Post('refresh')
-    async refresh(@Req() req: Request, @Res({ passthrough: true }) response: Response) {
-        const refresh_token_cookie = req.cookies['refresh_token'];
-        if (!refresh_token_cookie) throw new BadRequestException('No refresh token provided');
+    async refresh(
+        @Body() body: RefreshTokenDto,
+        @Req() req: Request,
+        @Res({ passthrough: true }) response: Response
+    ) {
+        const refresh_token_input = body.refresh_token || req.cookies['refresh_token'];
+        if (!refresh_token_input) throw new BadRequestException('No refresh token provided');
 
         const { access_token, refresh_token } =
-            await this.auth_service.refresh(refresh_token_cookie);
+            await this.auth_service.refresh(refresh_token_input);
         this.httpOnlyRefreshToken(response, refresh_token);
-        return { access_token };
+        return { access_token, refresh_token };
     }
 
     @ApiOperation(exchange_token_swagger.operation)
@@ -423,6 +441,7 @@ export class AuthController {
 
         return {
             access_token,
+            refresh_token,
             user: user,
         };
     }
@@ -576,6 +595,7 @@ export class AuthController {
 
         return {
             access_token,
+            refresh_token,
             user: user,
         };
     }
@@ -652,7 +672,7 @@ export class AuthController {
             await this.auth_service.oauthCompletionStep2(dto);
 
         this.httpOnlyRefreshToken(response, refresh_token);
-        return { access_token, user };
+        return { access_token, refresh_token, user };
     }
 
     @ApiBearerAuth('JWT-auth')

src/auth/auth.swagger.ts

@@ -27,6 +27,8 @@ const OAUTH_RESPONSE_EXISTING_USER = {
                 following: 150,
             },
             access_token: "messi doesn't need a token to be authenticated bro",
+            refresh_token:
+                'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImQxMDJkYWRjLTBiMTctNGU4My04MTJiLTAwMTAzYjYwNmExZiIsImp0aSI6IjEyMzQ1Njc4LTkwYWItY2RlZi0xMjM0LTU2Nzg5MGFiY2RlZiIsImlhdCI6MTc1ODE0Nzg2OSwiZXhwIjoxNzU4NzUyNjY5fQ.abc123',
         },
         count: 1,
         message: SUCCESS_MESSAGES.LOGGED_IN,
@@ -168,6 +170,8 @@ Complete your registration by setting a password, choosing a username, and optio
                         },
                         access_token:
                             'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImQxMDJkYWRjLTBiMTctNGU4My04MTJiLTAwMTAzYjYwNmExZiIsImlhdCI6MTc1ODE0Nzg2OSwiZXhwIjoxNzU4MTUxNDY5fQ.DV3oA5Fn-cj-KHrGcafGaoWGyvYFx4N50L9Ke4_n6OU',
+                        refresh_token:
+                            'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImQxMDJkYWRjLTBiMTctNGU4My04MTJiLTAwMTAzYjYwNmExZiIsImp0aSI6IjEyMzQ1Njc4LTkwYWItY2RlZi0xMjM0LTU2Nzg5MGFiY2RlZiIsImlhdCI6MTc1ODE0Nzg2OSwiZXhwIjoxNzU4NzUyNjY5fQ.abc123',
                     },
                     count: 1,
                     message: SUCCESS_MESSAGES.SIGNUP_STEP3_COMPLETED,
@@ -238,7 +242,7 @@ export const login_swagger = {
     operation: {
         summary: 'User login',
         description:
-            'Authenticate user and receive access token. Refresh token is set as httpOnly cookie.',
+            'Authenticate user and receive access token and refresh token. Refresh token is also set as httpOnly cookie for web clients.',
     },
 
     responses: {
@@ -249,6 +253,8 @@ export const login_swagger = {
                     data: {
                         access_token:
                             'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImQxMDJkYWRjLTBiMTctNGU4My04MTJiLTAwMTAzYjYwNmExZiIsImlhdCI6MTc1ODE0Nzg2OSwiZXhwIjoxNzU4MTUxNDY5fQ.DV3oA5Fn-cj-KHrGcafGaoWGyvYFx4N50L9Ke4_n6OU',
+                        refresh_token:
+                            'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImQxMDJkYWRjLTBiMTctNGU4My04MTJiLTAwMTAzYjYwNmExZiIsImp0aSI6IjEyMzQ1Njc4LTkwYWItY2RlZi0xMjM0LTU2Nzg5MGFiY2RlZiIsImlhdCI6MTc1ODE0Nzg2OSwiZXhwIjoxNzU4NzUyNjY5fQ.abc123',
                         user: {
                             id: 'd102dadc-0b17-4e83-812b-00103b606a1f',
                             email: 'amirakhaled928@gmail.com',
@@ -285,17 +291,20 @@ export const login_swagger = {
 export const refresh_token_swagger = {
     operation: {
         summary: 'Refresh access token',
-        description: 'Use refresh token from httpOnly cookie to get a new access token.',
+        description:
+            'Use refresh token from httpOnly cookie or request body to get a new access token. For mobile apps, provide refresh_token in the request body.',
     },
 
     responses: {
         success: {
-            description: 'New access token generated',
+            description: 'New access token and refresh token generated',
             schema: {
                 example: {
                     data: {
                         access_token:
                             'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImNjZTM3YjEzLWQ2ZGUtNDhjZC1iNzQ2LWRmMjY0ODQ1N2E0NiIsImlhdCI6MTc1ODE0OTI2NywiZXhwIjoxNzU4MTUyODY3fQ.M1ennV-LC8xiJpsRKCsUo9Y4o7_6mydG0SPURuNzh6I',
+                        refresh_token:
+                            'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImNjZTM3YjEzLWQ2ZGUtNDhjZC1iNzQ2LWRmMjY0ODQ1N2E0NiIsImp0aSI6Ijk4NzY1NDMyLTEwYWItY2RlZi0xMjM0LTU2Nzg5MGFiY2RlZiIsImlhdCI6MTc1ODE0OTI2NywiZXhwIjoxNzU4NzU0MDY3fQ.xyz789',
                     },
                     count: 1,
                     message: SUCCESS_MESSAGES.NEW_ACCESS_TOKEN,
@@ -975,7 +984,7 @@ export const oauth_completion_step2_swagger = {
         summary: 'OAuth Step 2: Complete registration with username',
         description: `
             Complete OAuth registration step 2. Finalizes user account creation with the chosen username.
-            Returns access token and user data. Refresh token is set as httpOnly cookie.
+            Returns access token, refresh token, and user data. Refresh token is also set as httpOnly cookie for web clients.
         `,
     },
 
@@ -987,6 +996,8 @@ export const oauth_completion_step2_swagger = {
                     data: {
                         access_token:
                             'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImQxMDJkYWRjLTBiMTctNGU4My04MTJiLTAwMTAzYjYwNmExZiIsImlhdCI6MTc1ODE0Nzg2OSwiZXhwIjoxNzU4MTUxNDY5fQ.DV3oA5Fn-cj-KHrGcafGaoWGyvYFx4N50L9Ke4_n6OU',
+                        refresh_token:
+                            'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImQxMDJkYWRjLTBiMTctNGU4My04MTJiLTAwMTAzYjYwNmExZiIsImp0aSI6IjEyMzQ1Njc4LTkwYWItY2RlZi0xMjM0LTU2Nzg5MGFiY2RlZiIsImlhdCI6MTc1ODE0Nzg2OSwiZXhwIjoxNzU4NzUyNjY5fQ.abc123',
                         user: {
                             id: 'd102dadc-0b17-4e83-812b-00103b606a1f',
                             email: 'mariorafat10@gmail.com',

src/auth/dto/logout.dto.ts

@@ -0,0 +1,14 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { IsNotEmpty, IsOptional, IsString } from 'class-validator';
+
+export class LogoutDto {
+    @ApiProperty({
+        description: 'Refresh token (optional - can be provided in body or cookie)',
+        example: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...',
+        required: false,
+    })
+    @IsOptional()
+    @IsString()
+    @IsNotEmpty()
+    refresh_token?: string;
+}

src/auth/dto/refresh-token.dto.ts

@@ -0,0 +1,13 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { IsNotEmpty, IsString } from 'class-validator';
+
+export class RefreshTokenDto {
+    @ApiProperty({
+        description: 'Refresh token (optional - can be provided in body or cookie)',
+        example: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...',
+        required: false,
+    })
+    @IsString()
+    @IsNotEmpty()
+    refresh_token?: string;
+}

src/user/user.controller.ts

@@ -1,4 +1,5 @@
 import {
+    BadRequestException,
     Body,
     Controller,
     Delete,
@@ -7,10 +8,13 @@ import {
     Patch,
     Post,
     Query,
+    Req,
+    Res,
     UploadedFile,
     UseGuards,
     UseInterceptors,
 } from '@nestjs/common';
+import type { Request, Response } from 'express';
 import { UserService } from './user.service';
 import {
     ApiBearerAuth,
@@ -119,7 +123,14 @@ export class UserController {
     @ApiNotFoundErrorResponse(ERROR_MESSAGES.USER_NOT_FOUND)
     @ResponseMessage(SUCCESS_MESSAGES.USER_RETRIEVED)
     @Get('me')
-    async getMe(@GetUserId() user_id: string) {
+    async getMe(
+        @GetUserId() user_id: string,
+        @Req() req: Request,
+        @Query('refresh_token') refresh_token_query?: string
+    ) {
+        const refresh_token = refresh_token_query || req.cookies['refresh_token'];
+        if (!refresh_token) throw new BadRequestException('No refresh token provided');
+
         return await this.user_service.getMe(user_id);
     }
 

src/user/user.service.ts

@@ -118,6 +118,11 @@ export class UserService {
     }
 
     async getMe(user_id: string): Promise<UserProfileDto> {
+        const user = await this.user_repository.findOne({ where: { id: user_id } });
+        if (!user) {
+            throw new NotFoundException(ERROR_MESSAGES.USER_NOT_FOUND);
+        }
+
         const result = await this.user_repository.getMyProfile(user_id);
 
         return plainToInstance(UserProfileDto, result, {