insiemesalute-3p-nx/apps/ebitemp-api/src/app/modules/auth/strategies/jwt/jwt-refresh-token-auth.strategy.ts

import { Inject, Injectable, UnauthorizedException } from '@nestjs/common';
import { PassportStrategy } from '@nestjs/passport';
import { FastifyRequest } from 'fastify';
import { ExtractJwt, Strategy } from 'passport-jwt';
import { authConfig, AuthConfig } from '../../auth.config';
import { TokenPayload } from '../../constants/token-payload.interface';
import { UsersAuthService } from '../../users/users-auth.service';

@Injectable()
export class JwtRefreshTokenAuthStrategy extends PassportStrategy(Strategy, 'jwt-refresh-token') {
  constructor(@Inject(authConfig.KEY) authConfig: AuthConfig, private readonly usersAuthService: UsersAuthService) {
    super({
      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
      secretOrKey: authConfig.refreshToken.secret,
      passReqToCallback: true,
    });
  }

  async validate(request: FastifyRequest, payload: TokenPayload) {
    const refreshToken = (request.headers?.authorization as string| undefined)?.replace('Bearer', '')?.trim() ?? '';
    const account = await this.usersAuthService.getUserByIdAndRefreshTokenPair(payload.sub, refreshToken);
    if (!account) throw new UnauthorizedException('Refresh Token Guard');
    return account;
  }
}