A node implementation for refresh token with Redis
In this article, I will walk through the steps to setup an nodejs application with express and redis to implement a simple jwt based authentication with refresh token, to facilite the process I will use docker to install and use redis.
Prerequisites
In order to take advantage of this tutorial is important to have a basic knowledge of javascript and express although the code is quite simple to understand, first we need to install some tools:
- Nodejs
- Npm
- Docker
Redis installation
To install redis I will use docker, in the terminal we run the following command:
docker run -d --name <NAME> -p 6379:6379 redisYou can check if the installation was correct with the next command:
docker ps
if the status is up, everything is configured and working correctly.
Express application setup
In order to create a nodejs project in our terminal, we need to be inside a directory, where the files will be created and run the following command:
npm initOnce the command is successful a file called package.json file will be created, then we will proceed to install some dependencies inside the root directory running the following commands:
npm i express bcrypt cors helmet jsonwebtoken redis
npm i -D nodemon dotenvAfter run those command you get a file similar to next one:
Then we will create a file in the root directory with the name of server.js and the following content:
This is the basic configuration to create an express app to check that every thing is ok, we will run the next command:
npm start
Configure env values
Now we will use a previous package installed called dotenv to set some environment variables that we will use in our app.
- in the root directory we create .env file with the following values:
- to load those variables we modify our server.js with the following lines of code:
import dotenv from "dotenv";
dotenv.config();
Folder structure
To make our code and project more clean we implement the following folder structure:
- middlewares: We store express middlewares, those middlewares will be stored in different files based on their functions.
- routes: We store the different express routes, those routes will be stored in separate files based on the base path.
- controllers: We store the different controllers of the application, we will have a separate file for each route file.
- services: We create a file for each service of the application, in those files we store custom functionality that can be used across the application for instance, the redis service to know if a refresh token was already used.
- errors: In this folder we store the custom errors, each custom error has a separate file, those errors are used to identify the kind of error generated and to add more value information to them.
Errors
In the errors folder we are going to create a file called server.error.js with the following content:
Services
In this folder we are going to create files to hold the business rules and logic of our project, we use the service layer pattern to follow the best practices of skinny controllers.
We are going to create the following files:
- jwt.service.js: In this file will have a method to generate jwt tokens:
- auth.service.js: In this file will have methods related with authentication logic:
- redis.service.js: In this fill will have the corresponding method to connect, set and get information from our redis instance:
- hello.service.ts: This file has a method which return the information of the user logged in:
Middlewares
Now we are going to create three additional files in the middlewares folder as follow:
- auth.middleware.js: in this file will store an express middleware, which is responsable of validate if the authentication header is present and the value is a valid jwt token, additionally we made other checks as if the token type has the value of ACCESS:
- refresh.middleware.js: in this fill will store an express middleware which is responsable of validate if a refresh token is present and the value is a valid jwt token, additionally we made other checks as if the token type has the value of REFRESH:
- error.middleware.js: in this file will store a special kind of express middleware that is in charge of caught any error inside our application:
Controllers
In this folder we are going to create a controller for each route file that our application has, the controllers be responsable of respond to the client and communicate with services to do the logic, for this example we are going to create two files as follow:
- auth.controller.js: In this file we are going to create a file related to authentication logic, for this example we are going to create two methods one to simulate a login and another to generate new jwt tokens using refresh token:
- hello.controller.js: This file will have a method in which the user need to be authenticated, the method is quite simple it only returns the information hold in the authentication token:
Routes
Finally we are going to create each of the routes of our application and configure the express server to respond to them.
We are going to create the following files:
- auth.routes.js: This file hold the routes related to authentication as login and refresh token:
- hello.routes.js: This file hold the routes when the user is authenticated:
Then we modify the server.js to configure the routes into our server:
Test our application
Finally, to test our app and check that everything is working properly, we need to run our app with the next command:
npm runThen we can use the following postman collection to test the different endpoints, also the tokens can be verified through this page.
The completely code can be found in this link.
This is for now, I hope you enjoy the tutorial and your learning process to became in a proficient backend developer with express will be full of fun.
Andres Gutierrez is a Colombian senior backend and android developer, co-founder and currently CEO at SLABCODE, with more than 6 years of experience developing highly-scalable and high performance applications using different technologies.
