diff --git a/.env b/.env index b2a0019..9bb4d9b 100644 --- a/.env +++ b/.env @@ -1,3 +1,3 @@ AUTH_API_URL=http://localhost:4444 -JWT_SECRET=secret123 +ACCESS_TOKEN_SECRET=secret123 NODE_ENV=production diff --git a/.env.example b/.env.example index cbbabb1..e8a9f58 100644 --- a/.env.example +++ b/.env.example @@ -1,3 +1,3 @@ AUTH_API_URL= -JWT_SECRET= +ACCESS_TOKEN_SECRET= NODE_ENV= diff --git a/middleware.ts b/middleware.ts index 4cff6b4..3fab9f3 100644 --- a/middleware.ts +++ b/middleware.ts @@ -1,7 +1,12 @@ import { jwtVerify } from 'jose' import { NextRequest, NextResponse } from 'next/server' -const SECRET_KEY = new TextEncoder().encode(process.env.JWT_SECRET) +const ACCESS_TOKEN_SECRET = new TextEncoder().encode( + process.env.ACCESS_TOKEN_SECRET, +) +const REFRESH_TOKEN_SECRET = new TextEncoder().encode( + process.env.REFRESH_TOKEN_SECRET, +) const parseCookies = (cookieHeader: string): Record => { return cookieHeader.split('; ').reduce( @@ -15,21 +20,18 @@ const parseCookies = (cookieHeader: string): Record => { } export async function middleware(request: NextRequest) { - console.log('Middleware triggered for:', request.nextUrl.pathname) - const cookiesHeader = request.headers.get('cookie') || '' const cookies = parseCookies(cookiesHeader) const accessToken = cookies['accessToken']?.trim() const refreshToken = cookies['refreshToken']?.trim() if (!accessToken || !refreshToken) { - console.log('Tokens are missing') return NextResponse.redirect(new URL('/login', request.url)) } try { - const { payload } = await jwtVerify(accessToken, SECRET_KEY) - console.log('Decoded token:', payload) + // Validate access token + await jwtVerify(accessToken, ACCESS_TOKEN_SECRET) return NextResponse.next() } catch (err) { console.error('Access token invalid or expired:', err) @@ -41,7 +43,7 @@ export async function middleware(request: NextRequest) { headers: { 'Content-Type': 'application/json', }, - body: JSON.stringify({ token: refreshToken }), // Correctly send the refresh token + body: JSON.stringify({ token: refreshToken }), }) if (response.ok) { @@ -51,7 +53,12 @@ export async function middleware(request: NextRequest) { const responseNext = NextResponse.next() responseNext.cookies.set('accessToken', newAccessToken) - responseNext.cookies.set('refreshToken', newRefreshToken) + + // Обновление refreshToken в cookies, если сервер его предоставляет + if (newRefreshToken) { + responseNext.cookies.set('refreshToken', newRefreshToken) + } + return responseNext } else { throw new Error('Failed to refresh token') diff --git a/src/services/api/profileApi.ts b/src/services/api/profileApi.ts index a98cff5..bb9a8e2 100644 --- a/src/services/api/profileApi.ts +++ b/src/services/api/profileApi.ts @@ -2,13 +2,11 @@ import { apiClient, handleApiError } from './apiClient' export const fetchProfileData = async (accessToken: string) => { try { - console.log('Making request to /auth/me with accessToken') const response = await apiClient.get('/auth/me', { headers: { Authorization: `Bearer ${accessToken}`, }, }) - console.log('Received response from /auth/me:', response.data) return response.data } catch (error) { console.error('Error fetching profile data:', error) diff --git a/src/services/profileService.ts b/src/services/profileService.ts index e79e4a3..2bfa91d 100644 --- a/src/services/profileService.ts +++ b/src/services/profileService.ts @@ -11,10 +11,8 @@ const handleTokenRefresh = async ( fetchData: (token: string) => Promise, ): Promise => { try { - console.log('Access token expired, attempting to refresh...') const newAccessToken = await refreshToken() const data = await fetchData(newAccessToken) - console.log('Profile data received after refreshing token:', data) return data.fullName || '' } catch (refreshError) { if (axios.isAxiosError(refreshError)) { @@ -32,9 +30,7 @@ const handleTokenRefresh = async ( export const getProfile = async (accessToken: string): Promise => { try { - console.log('Fetching profile data with accessToken:', accessToken) const data: ProfileData = await fetchProfileData(accessToken) - console.log('Profile data received:', data) return data.fullName || '' } catch (error) { if (axios.isAxiosError(error)) {