Updated auth route. (#296)

Co-authored-by: weskubo-cgi <[email protected]>
bcgov · Jul 19, 2024 · b9b7542 · b9b7542
1 parent ebe74b6
commit b9b7542
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 21 deletions.
diff --git a/backend/package-lock.json b/backend/package-lock.json
diff --git a/backend/package.json b/backend/package.json
@@ -40,7 +40,7 @@
     "express": "^4.18.2",
     "express-prometheus-middleware": "^0.8.5",
     "express-session": "^1.17.1",
-    "express-validator": "^6.9.2",
+    "express-validator": "^7.1.0",
     "fast-safe-stringify": "^2.0.7",
     "form-data": "^4.0.0",
     "has-ansi": "^4.0.0",

diff --git a/backend/src/routes/auth.js b/backend/src/routes/auth.js
@@ -6,11 +6,18 @@ const express = require('express')
 const auth = require('../components/auth')
 const log = require('../components/logger')
 const { v4: uuidv4 } = require('uuid')
-const { getUserGuid, isIdirUser } = require('../components/utils')
+const { getUserGuid } = require('../components/utils')
 
-const { body, validationResult } = require('express-validator')
+const { checkExact, checkSchema, validationResult } = require('express-validator')
 const router = express.Router()
 
+const refreshSchema = {
+  refreshToken: {
+    in: ['body'],
+    exists: { errorMessage: '[refreshToken] is required' },
+  },
+}
+
 router.get('/', (_req, res) => {
   res.status(200).json({
     endpoints: ['/callback', '/callback_idir', '/login', '/logout', '/refresh', '/token'],
@@ -80,7 +87,7 @@ const UnauthorizedRsp = {
 }
 
 //refreshes jwt on refresh if refreshToken is valid
-router.post('/refresh', [body('refreshToken').exists()], async (req, res) => {
+router.post('/refresh', checkExact(checkSchema(refreshSchema)), async (req, res) => {
   const errors = validationResult(req)
 
   if (!errors.isEmpty()) {