admin/src/app/app.ts

@@ -3,7 +3,6 @@ import { Router, RouterOutlet } from '@angular/router';
 import { MainMenu } from './components/main-menu/main-menu';
 import { AuthService } from './auth/auth.service';
 import { AdminLayout } from './layout/admin-layout/admin-layout';
-import { finalize } from 'rxjs/operators';
 
 @Component({
   selector: 'app-root',
@@ -17,17 +16,7 @@ export class App {
   constructor(private authService: AuthService, private router: Router) {}
 
   logout(): void {
-    // With the interceptor fixed, this is now the correct and robust way.
+    this.authService.logout();
-    // The error from a failed server logout will propagate here.
+    this.router.navigate(['/login']);
-    this.authService.serverSideLogout().subscribe({
-      next: () => {
-        console.log('Server-side logout successful.');
-        this.authService.clientSideLogout();
-      },
-      error: (err) => {
-        console.error('Server-side logout failed, logging out client-side anyway.', err);
-        this.authService.clientSideLogout();
-      },
-    });
   }
 }

admin/src/app/auth/auth.service.ts

@@ -1,76 +1,36 @@
 import { Injectable } from '@angular/core';
 import { HttpClient } from '@angular/common/http';
-import { Observable, of, throwError } from 'rxjs';
+import { Observable } from 'rxjs';
 import { tap } from 'rxjs/operators';
-import { Router } from '@angular/router';
 
 @Injectable({
   providedIn: 'root',
 })
 export class AuthService {
-  private readonly ACCESS_TOKEN_KEY = 'accessToken';
+  private readonly TOKEN_KEY = 'access_token';
-  private readonly REFRESH_TOKEN_KEY = 'refreshToken';
   private apiUrl = 'http://localhost:4200/api/auth'; // Adjust if your server URL is different
 
-  constructor(private http: HttpClient, private router: Router) {}
+  constructor(private http: HttpClient) {}
 
   login(credentials: { username: string; password: string }): Observable<any> {
-    return this.http.post<{ accessToken: string; refreshToken: string }>(`${this.apiUrl}/login`, credentials).pipe(
+    return this.http.post<{ access_token: string }>(`${this.apiUrl}/login`, credentials).pipe(
-      tap((response) => this.setTokens(response.accessToken, response.refreshToken))
+      tap((response) => this.setToken(response.access_token))
     );
   }
 
-  /**
+  logout(): void {
-   * Makes a best-effort call to the server to invalidate the refresh token.
+    localStorage.removeItem(this.TOKEN_KEY);
-   */
-  serverSideLogout(): Observable<any> {
-    return this.http.post(`${this.apiUrl}/logout`, {});
   }
 
-  /**
+  getToken(): string | null {
-   * Performs the client-side cleanup, removing tokens and redirecting to login.
+    return localStorage.getItem(this.TOKEN_KEY);
-   * This is the definitive logout action from the user's perspective.
-   */
-  clientSideLogout(): void {
-    console.info("clientSideLogout")
-    this.removeTokens();
-    this.router.navigate(['/login']);
-  }
-
-  refreshToken(): Observable<any> {
-    const refreshToken = this.getRefreshToken();
-    if (!refreshToken) {
-      // If no refresh token is present, logout and return an error.
-      this.clientSideLogout();
-      return throwError(() => new Error('No refresh token available'));
-    }
-
-    return this.http.post<{ accessToken: string; refreshToken: string }>(`${this.apiUrl}/refresh`, {}, {
-      headers: { Authorization: `Bearer ${refreshToken}` }
-    }).pipe(
-      tap((response) => this.setTokens(response.accessToken, response.refreshToken))
-    );
-  }
-
-  getAccessToken(): string | null {
-    return localStorage.getItem(this.ACCESS_TOKEN_KEY);
-  }
-
-  getRefreshToken(): string | null {
-    return localStorage.getItem(this.REFRESH_TOKEN_KEY);
   }
 
   isLoggedIn(): boolean {
-    return this.getAccessToken() !== null;
+    return this.getToken() !== null;
   }
 
-  private setTokens(accessToken: string, refreshToken: string): void {
+  private setToken(token: string): void {
-    localStorage.setItem(this.ACCESS_TOKEN_KEY, accessToken);
+    localStorage.setItem(this.TOKEN_KEY, token);
-    localStorage.setItem(this.REFRESH_TOKEN_KEY, refreshToken);
-  }
-
-  private removeTokens(): void {
-    localStorage.removeItem(this.ACCESS_TOKEN_KEY);
-    localStorage.removeItem(this.REFRESH_TOKEN_KEY);
   }
 }

admin/src/app/auth/jwt.interceptor.ts

@@ -4,81 +4,26 @@ import {
   HttpHandler,
   HttpInterceptor,
   HttpRequest,
-  HttpErrorResponse,
 } from '@angular/common/http';
-import { Observable, throwError, BehaviorSubject } from 'rxjs';
+import { Observable } from 'rxjs';
-import { catchError, switchMap, filter, take, finalize } from 'rxjs/operators'; // Import finalize
 import { AuthService } from './auth.service';
 
 @Injectable()
 export class JwtInterceptor implements HttpInterceptor {
-  private isRefreshing = false;
-  // Initialize refreshTokenSubject with null
-  private refreshTokenSubject: BehaviorSubject<any> = new BehaviorSubject<any>(null);
-
   constructor(private authService: AuthService) {}
 
   intercept(
     request: HttpRequest<any>,
     next: HttpHandler
   ): Observable<HttpEvent<any>> {
-    if (request.url.includes('/auth/refresh')) {
+    const token = this.authService.getToken();
-      return next.handle(request);
+    if (token) {
+      request = request.clone({
+        setHeaders: {
+          Authorization: `Bearer ${token}`,
+        },
+      });
     }
-
+    return next.handle(request);
-    const accessToken = this.authService.getAccessToken();
-    if (accessToken) {
-      request = this.addToken(request, accessToken);
-    }
-
-    return next.handle(request).pipe(
-      catchError((error) => {
-        if (error instanceof HttpErrorResponse && error.status === 401) {
-          return this.handle401Error(request, next);
-        }
-          return throwError(() => error);
-      })
-    );
-  }
-
-  private handle401Error(request: HttpRequest<any>, next: HttpHandler): Observable<any> {
-    if (!this.isRefreshing) {
-      this.isRefreshing = true;
-      // Reset the refreshTokenSubject to null so that subsequent requests will wait
-      // this.refreshTokenSubject.next(null);
-      this.refreshTokenSubject  = new BehaviorSubject<any>(null);
-
-
-      return this.authService.refreshToken().pipe(
-        switchMap((token: any) => {
-          this.refreshTokenSubject.next(token.accessToken);
-          return next.handle(this.addToken(request, token.accessToken));
-        }),
-        catchError((err) => {
-          // If refresh fails, logout the user
-          this.authService.clientSideLogout();
-          return throwError(() => err);
-        }),
-        finalize(() => {
-          // When the refresh attempt completes, set isRefreshing to false
-          this.isRefreshing = false;
-        })
-      );
-    } else {
-      // If a refresh is already in progress, wait for it to complete
-      return this.refreshTokenSubject.pipe(
-        filter(token => token != null),
-        take(1),
-        switchMap(jwt => next.handle(this.addToken(request, jwt)))
-      );
-    }
-  }
-
-  private addToken(request: HttpRequest<any>, token: string) {
-    return request.clone({
-      setHeaders: {
-        Authorization: `Bearer ${token}`,
-      },
-    });
   }
 }

server/api.http

@@ -1,4 +1,4 @@
-POST {{apiBaseUrl}}/auth/login
+POST http://localhost:3000/auth/login
 Content-Type: application/json
 
 {
@@ -6,17 +6,10 @@ Content-Type: application/json
   "password": "123456"
 }
 
-> {% client.global.set("auth_token", response.body.accessToken); %}
+> {% client.global.set("auth_token", response.body.access_token); %}
 
 
 ### GET request with parameter
-GET {{apiBaseUrl}}/users
+GET http://localhost:3000/users
-Accept: application/json
-Authorization: Bearer {{auth_token}}
-
-
-
-### GET request with parameter
-POST {{apiBaseUrl}}/auth/logout
 Accept: application/json
 Authorization: Bearer {{auth_token}}

server/http-client.env.json

@@ -1,5 +0,0 @@
-{
-  "dev": {
-    "apiBaseUrl": "http://localhost:3000/api"
-  }
-}

server/src/auth/auth.controller.ts

@@ -1,16 +1,6 @@
-import {
+import { Controller, Post, Body, ValidationPipe } from '@nestjs/common';
-  Controller,
-  Post,
-  Body,
-  ValidationPipe,
-  UseGuards,
-  Req,
-} from '@nestjs/common';
-import { LoginRequestDto } from './dto/login-request.dto';
-import { JwtAuthGuard } from './jwt-auth.guard';
-import { JwtRefreshAuthGuard } from './jwt-refresh-auth.guard';
-import express from 'express';
 import { AuthService } from './auth.service';
+import { LoginRequestDto } from './dto/login-request.dto';
 
 @Controller('auth')
 export class AuthController {
@@ -20,18 +10,4 @@ export class AuthController {
   async login(@Body(new ValidationPipe()) body: LoginRequestDto) {
     return await this.authService.login(body);
   }
-
-  @UseGuards(JwtAuthGuard)
-  @Post('logout')
-  async logout(@Req() req: express.Request) {
-    const user = req.user as { sub: number };
-    return await this.authService.logout(user.sub);
-  }
-
-  @UseGuards(JwtRefreshAuthGuard)
-  @Post('refresh')
-  async refresh(@Req() req: express.Request) {
-    const user = req.user as { sub: number; refreshToken: string };
-    return await this.authService.refreshToken(user.sub, user.refreshToken);
-  }
 }

server/src/auth/auth.module.ts

@@ -6,27 +6,22 @@ import { AuthService } from './auth.service';
 import { AuthController } from './auth.controller';
 import { JwtStrategy } from './jwt.strategy';
 import { ConfigModule, ConfigService } from '@nestjs/config';
-import { JwtRefreshTokenStrategy } from './jwt-refresh.strategy';
-import { StringValue } from 'ms';
 
 @Module({
   imports: [
-    ConfigModule,
+    ConfigModule, // <--- Import ConfigModule here
     UserModule,
     PassportModule,
-    // Restore the correct async registration for JwtModule
     JwtModule.registerAsync({
       imports: [ConfigModule],
       inject: [ConfigService],
       useFactory: (configService: ConfigService) => ({
         secret: configService.get<string>('JWT_SECRET'),
-        signOptions: {
+        signOptions: { expiresIn: '60m' },
-          expiresIn: configService.get<StringValue>('JWT_EXPIRATION_TIME'),
-        },
       }),
     }),
   ],
-  providers: [AuthService, JwtStrategy, JwtRefreshTokenStrategy],
+  providers: [AuthService, JwtStrategy],
   controllers: [AuthController],
 })
 export class AuthModule {}

server/src/auth/auth.service.ts

@@ -4,15 +4,12 @@ import { JwtService } from '@nestjs/jwt';
 import * as bcrypt from 'bcrypt';
 import { User } from '../entity/user';
 import { LoginRequest, LoginResponse } from '../types';
-import { ConfigService } from '@nestjs/config';
-import type { StringValue } from 'ms';
 
 @Injectable()
 export class AuthService {
   constructor(
     private userService: UserService,
     private jwtService: JwtService,
-    private configService: ConfigService,
   ) {}
 
   async validateUser(username: string, pass: string): Promise<User | null> {
@@ -37,84 +34,19 @@ export class AuthService {
       throw new UnauthorizedException();
     }
 
-    const tokens = await this.getTokens(user);
-    await this.userService.setRefreshToken(user.id, tokens.refreshToken);
-    return tokens;
-  }
-
-  async logout(userId: number): Promise<void> {
-    await this.userService.setRefreshToken(userId, null);
-  }
-
-  async refreshToken(
-    userId: number,
-    refreshToken: string,
-  ): Promise<LoginResponse> {
-    const user = await this.userService.findOne(userId);
-    if (!user || !user.hashedRefreshToken) {
-      throw new UnauthorizedException('Access Denied');
-    }
-
-    const refreshTokenMatches = await bcrypt.compare(
-      refreshToken,
-      user.hashedRefreshToken,
-    );
-
-    if (!refreshTokenMatches) {
-      throw new UnauthorizedException('Access Denied');
-    }
-
-    const tokens = await this.getTokens(user);
-    await this.userService.setRefreshToken(user.id, tokens.refreshToken);
-    return tokens;
-  }
-
-  private async getTokens(user: User): Promise<LoginResponse> {
     const roles: Set<string> = new Set<string>();
     for (const group of user.groups ?? []) {
       for (const role of group.roles ?? []) {
         roles.add(role.name);
       }
     }
-
+    const payload = {
-    const jwtSecret = this.configService.get<string>('JWT_SECRET');
+      username: user.username,
-    const jwtexpirationtime = this.configService.get<string>(
+      sub: user.id,
-      'JWT_EXPIRATION_TIME',
+      roles: Array.from(roles),
-    );
+    };
-
-    console.info(
-      'creating. jwt secret is: ' + jwtSecret + ',' + jwtexpirationtime,
-    );
-
-    // let accessToken: string, refreshToken: string;
-    const [accessToken, refreshToken] = await Promise.all([
-      this.jwtService.signAsync(
-        {
-          username: user.username,
-          sub: user.id,
-          roles: Array.from(roles),
-        },
-        {
-          secret: this.configService.get<string>('JWT_SECRET'),
-          expiresIn: +this.configService.get<StringValue>('JWT_EXPIRATION_TIME')!,
-        },
-      ),
-      this.jwtService.signAsync(
-        {
-          sub: user.id,
-        },
-        {
-          secret: this.configService.get<string>('JWT_REFRESH_SECRET'),
-          expiresIn: this.configService.get<StringValue>(
-            'JWT_REFRESH_EXPIRATION_TIME',
-          ),
-        },
-      ),
-    ]);
-
     return {
-      accessToken,
+      access_token: this.jwtService.sign(payload),
-      refreshToken,
     };
   }
 }

server/src/auth/jwt-refresh-auth.guard.ts

@@ -1,5 +0,0 @@
-import { Injectable } from '@nestjs/common';
-import { AuthGuard } from '@nestjs/passport';
-
-@Injectable()
-export class JwtRefreshAuthGuard extends AuthGuard('jwt-refresh') {}

server/src/auth/jwt-refresh.strategy.ts

@@ -1,47 +0,0 @@
-import { PassportStrategy } from '@nestjs/passport';
-import { ExtractJwt, Strategy, StrategyOptionsWithRequest } from 'passport-jwt';
-import { Request } from 'express';
-import { Injectable } from '@nestjs/common';
-import { ConfigService } from '@nestjs/config';
-
-// Define the shape of the JWT payload
-interface JwtPayload {
-  sub: number;
-  // iat and exp are automatically added by passport-jwt
-  iat: number;
-  exp: number;
-}
-
-// Define the shape of the object returned by the validate function
-interface JwtPayloadWithRefreshToken extends JwtPayload {
-  refreshToken: string;
-}
-
-@Injectable()
-export class JwtRefreshTokenStrategy extends PassportStrategy(
-  Strategy,
-  'jwt-refresh',
-) {
-  constructor(private configService: ConfigService) {
-    super({
-      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
-      secretOrKey: configService.get<string>('JWT_REFRESH_SECRET'),
-      passReqToCallback: true,
-    } as StrategyOptionsWithRequest);
-  }
-
-  validate(req: Request, payload: JwtPayload): JwtPayloadWithRefreshToken {
-    const refreshToken = req.get('Authorization')?.replace('Bearer', '').trim();
-
-    // Ensure refreshToken is not undefined before returning
-    if (!refreshToken) {
-      // This case should be rare given the guard is used, but it's good practice
-      // to handle it. Depending on strictness, you might throw an error.
-      // For now, we'll proceed, but in a real-world scenario, logging or an error
-      // might be better.
-      return { ...payload, refreshToken: '' };
-    }
-
-    return { ...payload, refreshToken };
-  }
-}

server/src/auth/jwt.strategy.ts

@@ -3,32 +3,18 @@ import { PassportStrategy } from '@nestjs/passport';
 import { ExtractJwt, Strategy } from 'passport-jwt';
 import { ConfigService } from '@nestjs/config';
 import { Role } from './role.enum';
-import { Request } from 'express';
 
 @Injectable()
-export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
+export class JwtStrategy extends PassportStrategy(Strategy) {
-  constructor(private configService: ConfigService) {
+  constructor(configService: ConfigService) {
     super({
       jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
       ignoreExpiration: false,
-      // DO NOT use secretOrKey here. It causes a race condition with ConfigService.
+      secretOrKey: configService.get<string>('JWT_SECRET') as string,
-      // Instead, use secretOrKeyProvider to look up the secret dynamically
-      // at request time, ensuring ConfigService is ready.
-      secretOrKeyProvider: (
-        request: Request,
-        rawJwtToken: any,
-        done: (err: any, secretOrKey?: string | Buffer) => void,
-      ) => {
-        const secretKey = this.configService.get<string>('JWT_SECRET');
-        console.info('secretKey', secretKey);
-        done(null, secretKey);
-      },
     });
   }
 
-  // The payload is already validated by passport-jwt at this point,
+  validate(payload: { sub: string; username: string; roles: Role[] }) {
-  // so we can trust its contents.
-  validate(payload: { sub: number; username: string; roles: Role[] }) {
     return {
       userId: payload.sub,
       username: payload.username,

server/src/entity/user.ts

@@ -24,7 +24,4 @@ export class User {
   @ManyToMany(() => UserGroup)
   @JoinTable()
   groups: UserGroup[];
-
-  @Column({ type: 'varchar', nullable: true })
-  hashedRefreshToken: string | null;
 }

server/src/migration/1763106308120-add_refresh_token_to_user_object.ts

@@ -1,14 +0,0 @@
-import { MigrationInterface, QueryRunner } from "typeorm";
-
-export class AddRefreshTokenToUserObject1763106308120 implements MigrationInterface {
-    name = 'AddRefreshTokenToUserObject1763106308120'
-
-    public async up(queryRunner: QueryRunner): Promise<void> {
-        await queryRunner.query(`ALTER TABLE "user" ADD "hashedRefreshToken" character varying`);
-    }
-
-    public async down(queryRunner: QueryRunner): Promise<void> {
-        await queryRunner.query(`ALTER TABLE "user" DROP COLUMN "hashedRefreshToken"`);
-    }
-
-}

server/src/types.ts

@@ -4,7 +4,8 @@ export interface LoginRequest{
   password: string;
 }
 
-export interface LoginResponse {
+export interface LoginResponse{
-  accessToken: string;
+  access_token: string;
-  refreshToken: string;
 }
+
+

server/src/user/user.service.ts

@@ -54,20 +54,4 @@ export class UserService {
     this.logger.log(`Removing user with id: ${id}`, 'UserService');
     await this.usersRepository.delete(id);
   }
-
-  async setRefreshToken(
-    id: number,
-    refreshToken: string | null,
-  ): Promise<void> {
-    this.logger.log(
-      `Updating refresh token for user with id: ${id}`,
-      'UserService',
-    );
-    if (refreshToken) {
-      const hashedRefreshToken = await bcrypt.hash(refreshToken, 10);
-      await this.usersRepository.update(id, { hashedRefreshToken });
-    } else {
-      await this.usersRepository.update(id, { hashedRefreshToken: null });
-    }
-  }
 }