Add token blacklist check in JWT middlewares to enhance session management and security

2025-12-09 12:07:03 +05:30
parent a020a28993
commit e957fc5c50
6 changed files with 97 additions and 34 deletions
--- a/src/common/middlewares/jwt/authForHost.ts
+++ b/src/common/middlewares/jwt/authForHost.ts
@@ -49,6 +49,17 @@ export async function verifyHostToken(token: string): Promise<{ id: number; role
      include: { role: true },
    });

+    const latestToken = await prisma.token.findFirst({
+      where: {
+        userXid: userId
+      },
+      orderBy: { id: 'desc' }
+    })
+
+    if (latestToken.isBlackListed == true) {
+      throw new ApiError(401, "This session is expired. Please login.")
+    }
+
    if (!user) {
      throw new ApiError(httpStatus.UNAUTHORIZED, 'User not found');
    }
--- a/src/common/middlewares/jwt/authForMinglarAdmin.ts
+++ b/src/common/middlewares/jwt/authForMinglarAdmin.ts
@@ -49,6 +49,17 @@ export async function verifyMinglarAdminToken(token: string): Promise<{ id: numb
      include: { role: true },
    });

+    const latestToken = await prisma.token.findFirst({
+      where: {
+        userXid: userId
+      },
+      orderBy: { id: 'desc' }
+    })
+
+    if (latestToken.isBlackListed == true) {
+      throw new ApiError(401, "This session is expired. Please login.")
+    }
+
    if (!user) {
      throw new ApiError(httpStatus.UNAUTHORIZED, 'User not found');
    }
--- a/src/common/middlewares/jwt/authForMinglarAdminHost.ts
+++ b/src/common/middlewares/jwt/authForMinglarAdminHost.ts
@@ -51,6 +51,17 @@ export async function verifyMinglarAdminHostToken(token: string): Promise<{ id:
            include: { role: true },
        });

+        const latestToken = await prisma.token.findFirst({
+            where: {
+                userXid: userId
+            },
+            orderBy: { id: 'desc' }
+        })
+
+        if (latestToken.isBlackListed == true) {
+            throw new ApiError(401, "This session is expired. Please login.")
+        }
+
        if (!user) {
            throw new ApiError(httpStatus.UNAUTHORIZED, 'User not found');
        }
--- a/src/common/middlewares/jwt/authForOnlyMinglarAdmin.ts
+++ b/src/common/middlewares/jwt/authForOnlyMinglarAdmin.ts
@@ -49,6 +49,17 @@ export async function verifyOnlyMinglarAdminToken(token: string): Promise<{ id:
      include: { role: true },
    });

+    const latestToken = await prisma.token.findFirst({
+      where: {
+        userXid: userId
+      },
+      orderBy: { id: 'desc' }
+    })
+
+    if (latestToken.isBlackListed == true) {
+      throw new ApiError(401, "This session is expired. Please login.")
+    }
+
    if (!user) {
      throw new ApiError(httpStatus.UNAUTHORIZED, 'User not found');
    }
--- a/src/common/middlewares/jwt/authForUser.ts
+++ b/src/common/middlewares/jwt/authForUser.ts
@@ -50,6 +50,17 @@ export async function verifyUserToken(token: string): Promise<{ id: number; role
      include: { role: true },
    });

+    const latestToken = await prisma.token.findFirst({
+      where: {
+        userXid: userId
+      },
+      orderBy: { id: 'desc' }
+    })
+
+    if (latestToken.isBlackListed == true) {
+      throw new ApiError(401, "This session is expired. Please login.")
+    }
+
    if (!user) {
      throw new ApiError(httpStatus.UNAUTHORIZED, 'User not found');
    }
--- a/src/modules/host/services/token.service.ts
+++ b/src/modules/host/services/token.service.ts
@@ -53,6 +53,10 @@ export class TokenService {
      config.jwt.secret
    );

+    await this.prisma.token.deleteMany({
+      where: { userXid: user_xid }
+    })
+
    await this.prisma.token.create({
      data: {
        token: refreshToken.token,
@@ -100,6 +104,10 @@ export class TokenService {
      config.jwt.secret
    );

+    await this.prisma.token.deleteMany({
+      where: { userXid: user_xid }
+    })
+
    await this.prisma.token.create({
      data: {
        token: refreshToken.token,