// routes/auth
router.get("/refresh-token", auth.refreshToken);
// controllers/auth
export const refreshToken = async (req, res) => {
try {
// console.log("you hit refresh token endpoint => ", req.headers);
const { _id } = jwt.verify(req.headers.refresh_token, config.JWT_SECRET);
const user = await User.findById(_id);
const token = jwt.sign({ _id: user._id }, config.JWT_SECRET, {
expiresIn: "7d",
});
const refreshToken = jwt.sign({ _id: user._id }, config.JWT_SECRET, {
expiresIn: "365d",
});
// send user and token as response excluding password
user.password = undefined;
user.resetCode = undefined;
res.json({
user,
token,
refreshToken,
});
} catch (err) {
console.log("===> ", err.name);
return res.status(403).json({ error: "Refresh token failed" }); // 403 is important
}
};
To test this, send refresh_token
in headers using Postman.