Merge pull request #12 from cstaleror/main

feat: possibility of adding a name to the refreshToken and passing abilities to the new refresh token

Author: MaximeMRF

README.md

@@ -204,8 +204,9 @@ const refreshToken = await User.refreshTokens.create(user)
 // if you use the refresh token
 router.post('jwt/refresh', async ({ auth }) => {
   // this will authenticate the user using the refresh token
-  // it will delete the old refresh token and generate a new one
-  const user = await auth.use('jwt').authenticateWithRefreshToken()
+  // it will delete the old refresh token and generate a new one with the same abilities
+  // You could pass a name for the new token as well
+  const user = await auth.use('jwt').authenticateWithRefreshToken('optional_name')
   const newRefreshToken = user.currentToken
   const newToken = await auth.use('jwt').generate(user)
 

src/jwt.ts

@@ -177,9 +177,9 @@ export class JwtGuard<UserProvider extends JwtUserProviderContract<unknown>>
     return this.getUserOrFail()
   }
 
-  async authenticateWithRefreshToken(): Promise<
-    UserProvider[typeof symbols.PROVIDER_REAL_USER] & { currentToken: string }
-  > {
+  async authenticateWithRefreshToken(
+    name?: string
+  ): Promise<UserProvider[typeof symbols.PROVIDER_REAL_USER] & { currentToken: string }> {
     /**
      * Avoid re-authentication when it has been done already
      * for the given request
@@ -240,6 +240,11 @@ export class JwtGuard<UserProvider extends JwtUserProviderContract<unknown>>
       currentToken: string
     }
 
+    /**
+     * Get the same abilities for the new refresh token
+     */
+    const abilities = accessToken.abilities
+
     /**
      * Delete the refresh token from the database
      */
@@ -250,7 +255,9 @@ export class JwtGuard<UserProvider extends JwtUserProviderContract<unknown>>
       })
     }
 
-    const newRefreshToken = await this.#refreshTokenUserProvider.createToken(this.user)
+    const newRefreshToken = await this.#refreshTokenUserProvider.createToken(this.user, abilities, {
+      name,
+    })
 
     if (!newRefreshToken.value) {
       throw new errors.E_UNAUTHORIZED_ACCESS('Unauthorized access', {