vivy-agent/AnimeTV-Backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔒 security: add auth token validation via Redis and DB check

Browse Source
This commit is contained in:
Rafi Arrafif
2026-02-17 21:51:14 +07:00
parent 3122f34093
commit 9686153a82
4 changed files with 54 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/modules/auth/services/http/tokenValidation.service.ts
View File

@ -1,12 +1,34 @@
import { AppError } from "../../../../helpers/error/instances/app";
import { ErrorForwarder } from "../../../../helpers/error/instances/forwarder";
import { jwtDecode } from "../../../../helpers/http/jwt/decode";
import { redis } from "../../../../utils/databases/redis/connection";
import { checkUserSessionInDBService } from "../../../userSession/services/internal/checkUserSessionInDB.service";
export const tokenValidationService = (payload: string) => {
export const tokenValidationService = async (payload: string) => {
try {
if (!payload || payload.trim() === "")
throw new AppError(401, "Unauthorized: No token provided");
const decoded = jwtDecode(payload);
const redisValidationResult = await redis.hgetall(
`${process.env.APP_NAME}:users:${decoded.user.id}:sessions:${decoded.id}`,
);
if (
!redisValidationResult ||
Object.keys(redisValidationResult).length === 0
) {
const dbValidationResult = await checkUserSessionInDBService(decoded.id);
if (!dbValidationResult)
throw new AppError(403, "Unauthorized: Invalid session");
const createRedisKey = `${process.env.APP_NAME}:users:${decoded.user.id}:sessions:${decoded.id}`;
await redis.hset(createRedisKey, {
userId: decoded.user.id,
sessionId: decoded.id,
validUntil: decoded.validUntil,
});
await redis.expire(createRedisKey, Number(process.env.SESSION_EXPIRE));
}
return decoded;
} catch (error) {
ErrorForwarder(error);