feat: Use persisted access tokens for authentication

2024-04-22 16:57:34 +02:00
parent 73c929f25e
commit 6a7cdf2570
47 changed files with 74 additions and 57 deletions
--- a/packages/backend/src/controllers/api/v1/admin/apps/get-auth-client.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/admin/apps/get-auth-client.ee.test.js
@@ -22,7 +22,7 @@ describe('GET /api/v1/admin/apps/:appKey/auth-clients/:appAuthClientId', () => {
      appKey: 'deepl',
    });
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return specified app auth client', async () => {
--- a/packages/backend/src/controllers/api/v1/admin/apps/get-auth-clients.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/admin/apps/get-auth-clients.ee.test.js
@@ -17,7 +17,7 @@ describe('GET /api/v1/admin/apps/:appKey/auth-clients', () => {
    adminRole = await createRole({ key: 'admin' });
    currentUser = await createUser({ roleId: adminRole.id });
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return specified app auth client info', async () => {
--- a/packages/backend/src/controllers/api/v1/admin/permissions/get-permissions-catalog.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/admin/permissions/get-permissions-catalog.ee.test.js
@@ -14,7 +14,7 @@ describe('GET /api/v1/admin/permissions/catalog', () => {
    role = await createRole({ key: 'admin' });
    currentUser = await createUser({ roleId: role.id });
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return roles', async () => {
--- a/packages/backend/src/controllers/api/v1/admin/roles/get-role.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/admin/roles/get-role.ee.test.js
@@ -18,7 +18,7 @@ describe('GET /api/v1/admin/roles/:roleId', () => {
    permissionTwo = await createPermission({ roleId: role.id });
    currentUser = await createUser({ roleId: role.id });
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return role', async () => {
--- a/packages/backend/src/controllers/api/v1/admin/roles/get-roles.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/admin/roles/get-roles.ee.test.js
@@ -15,7 +15,7 @@ describe('GET /api/v1/admin/roles', () => {
    roleTwo = await createRole({ key: 'user' });
    currentUser = await createUser({ roleId: roleOne.id });
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return roles', async () => {
--- a/packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-role-mappings.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-role-mappings.ee.test.js
@@ -28,7 +28,7 @@ describe('GET /api/v1/admin/saml-auth-providers/:samlAuthProviderId/role-mapping
      remoteRoleName: 'User',
    });
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return role mappings', async () => {
--- a/packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-saml-auth-provider.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-saml-auth-provider.ee.test.js
@@ -17,7 +17,7 @@ describe('GET /api/v1/admin/saml-auth-provider/:samlAuthProviderId', () => {
    currentUser = await createUser({ roleId: role.id });
    samlAuthProvider = await createSamlAuthProvider();
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return saml auth provider with specified id', async () => {
--- a/packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-saml-auth-providers.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/admin/saml-auth-providers/get-saml-auth-providers.ee.test.js
@@ -18,7 +18,7 @@ describe('GET /api/v1/admin/saml-auth-providers', () => {
    samlAuthProviderOne = await createSamlAuthProvider();
    samlAuthProviderTwo = await createSamlAuthProvider();
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return saml auth providers', async () => {
--- a/packages/backend/src/controllers/api/v1/admin/users/get-user.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/admin/users/get-user.ee.test.js
@@ -18,7 +18,7 @@ describe('GET /api/v1/admin/users/:userId', () => {
    anotherUser = await createUser();
    anotherUserRole = await anotherUser.$relatedQuery('role');
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return specified user info', async () => {
--- a/packages/backend/src/controllers/api/v1/admin/users/get-users.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/admin/users/get-users.ee.test.js
@@ -28,7 +28,7 @@ describe('GET /api/v1/admin/users', () => {
      fullName: 'Another User',
    });
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return users data', async () => {
--- a/packages/backend/src/controllers/api/v1/apps/get-action-substeps.test.js
+++ b/packages/backend/src/controllers/api/v1/apps/get-action-substeps.test.js
@@ -11,7 +11,7 @@ describe('GET /api/v1/apps/:appKey/actions/:actionKey/substeps', () => {
  beforeEach(async () => {
    currentUser = await createUser();
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
    exampleApp = await App.findOneByKey('github');
  });
--- a/packages/backend/src/controllers/api/v1/apps/get-actions.test.js
+++ b/packages/backend/src/controllers/api/v1/apps/get-actions.test.js
@@ -11,7 +11,7 @@ describe('GET /api/v1/apps/:appKey/actions', () => {
  beforeEach(async () => {
    currentUser = await createUser();
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return the app actions', async () => {
--- a/packages/backend/src/controllers/api/v1/apps/get-app.test.js
+++ b/packages/backend/src/controllers/api/v1/apps/get-app.test.js
@@ -11,7 +11,7 @@ describe('GET /api/v1/apps/:appKey', () => {
  beforeEach(async () => {
    currentUser = await createUser();
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return the app info', async () => {
--- a/packages/backend/src/controllers/api/v1/apps/get-apps.test.js
+++ b/packages/backend/src/controllers/api/v1/apps/get-apps.test.js
@@ -11,7 +11,7 @@ describe('GET /api/v1/apps', () => {
  beforeEach(async () => {
    currentUser = await createUser();
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
    apps = await App.findAll();
  });
--- a/packages/backend/src/controllers/api/v1/apps/get-auth-client.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/apps/get-auth-client.ee.test.js
@@ -19,7 +19,7 @@ describe('GET /api/v1/apps/:appKey/auth-clients/:appAuthClientId', () => {
      appKey: 'deepl',
    });
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return specified app auth client', async () => {
--- a/packages/backend/src/controllers/api/v1/apps/get-auth-clients.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/apps/get-auth-clients.ee.test.js
@@ -15,7 +15,7 @@ describe('GET /api/v1/apps/:appKey/auth-clients', () => {
    currentUser = await createUser();
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return specified app auth client info', async () => {
--- a/packages/backend/src/controllers/api/v1/apps/get-auth.test.js
+++ b/packages/backend/src/controllers/api/v1/apps/get-auth.test.js
@@ -11,7 +11,7 @@ describe('GET /api/v1/apps/:appKey/auth', () => {
  beforeEach(async () => {
    currentUser = await createUser();
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return the app auth info', async () => {
--- a/packages/backend/src/controllers/api/v1/apps/get-config.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/apps/get-config.ee.test.js
@@ -22,7 +22,7 @@ describe('GET /api/v1/apps/:appKey/config', () => {
      disabled: false,
    });
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return specified app config info', async () => {
--- a/packages/backend/src/controllers/api/v1/apps/get-connections.test.js
+++ b/packages/backend/src/controllers/api/v1/apps/get-connections.test.js
@@ -14,7 +14,7 @@ describe('GET /api/v1/apps/:appKey/connections', () => {
    currentUser = await createUser();
    currentUserRole = await currentUser.$relatedQuery('role');
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return the connections data of specified app for current user', async () => {
--- a/packages/backend/src/controllers/api/v1/apps/get-flows.test.js
+++ b/packages/backend/src/controllers/api/v1/apps/get-flows.test.js
@@ -15,7 +15,7 @@ describe('GET /api/v1/apps/:appKey/flows', () => {
    currentUser = await createUser();
    currentUserRole = await currentUser.$relatedQuery('role');
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return the flows data of specified app for current user', async () => {
--- a/packages/backend/src/controllers/api/v1/apps/get-trigger-substeps.test.js
+++ b/packages/backend/src/controllers/api/v1/apps/get-trigger-substeps.test.js
@@ -11,7 +11,7 @@ describe('GET /api/v1/apps/:appKey/triggers/:triggerKey/substeps', () => {
  beforeEach(async () => {
    currentUser = await createUser();
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
    exampleApp = await App.findOneByKey('github');
  });
--- a/packages/backend/src/controllers/api/v1/apps/get-triggers.test.js
+++ b/packages/backend/src/controllers/api/v1/apps/get-triggers.test.js
@@ -11,7 +11,7 @@ describe('GET /api/v1/apps/:appKey/triggers', () => {
  beforeEach(async () => {
    currentUser = await createUser();
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return the app triggers', async () => {
--- a/packages/backend/src/controllers/api/v1/connections/create-test.test.js
+++ b/packages/backend/src/controllers/api/v1/connections/create-test.test.js
@@ -14,7 +14,7 @@ describe('POST /api/v1/connections/:connectionId/test', () => {
    currentUser = await createUser();
    currentUserRole = await currentUser.$relatedQuery('role');
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should update the connection as not verified for current user', async () => {
--- a/packages/backend/src/controllers/api/v1/connections/get-flows.test.js
+++ b/packages/backend/src/controllers/api/v1/connections/get-flows.test.js
@@ -16,7 +16,7 @@ describe('GET /api/v1/connections/:connectionId/flows', () => {
    currentUser = await createUser();
    currentUserRole = await currentUser.$relatedQuery('role');
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return the flows data of specified connection for current user', async () => {
--- a/packages/backend/src/controllers/api/v1/executions/get-execution-steps.test.js
+++ b/packages/backend/src/controllers/api/v1/executions/get-execution-steps.test.js
@@ -20,7 +20,7 @@ describe('GET /api/v1/executions/:executionId/execution-steps', () => {
    anotherUser = await createUser();
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return the execution steps of current user execution', async () => {
--- a/packages/backend/src/controllers/api/v1/executions/get-execution.test.js
+++ b/packages/backend/src/controllers/api/v1/executions/get-execution.test.js
@@ -17,7 +17,7 @@ describe('GET /api/v1/executions/:executionId', () => {
    currentUser = await createUser();
    currentUserRole = await currentUser.$relatedQuery('role');
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return the execution data of current user', async () => {
--- a/packages/backend/src/controllers/api/v1/executions/get-executions.test.js
+++ b/packages/backend/src/controllers/api/v1/executions/get-executions.test.js
@@ -18,7 +18,7 @@ describe('GET /api/v1/executions', () => {
    anotherUser = await createUser();
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return the executions of current user', async () => {
--- a/packages/backend/src/controllers/api/v1/flows/get-flow.test.js
+++ b/packages/backend/src/controllers/api/v1/flows/get-flow.test.js
@@ -16,7 +16,7 @@ describe('GET /api/v1/flows/:flowId', () => {
    currentUser = await createUser();
    currentUserRole = await currentUser.$relatedQuery('role');
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return the flow data of current user', async () => {
--- a/packages/backend/src/controllers/api/v1/flows/get-flows.test.js
+++ b/packages/backend/src/controllers/api/v1/flows/get-flows.test.js
@@ -15,7 +15,7 @@ describe('GET /api/v1/flows', () => {
    currentUser = await createUser();
    currentUserRole = await currentUser.$relatedQuery('role');
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return the flows data of current user', async () => {
--- a/packages/backend/src/controllers/api/v1/payment/get-paddle-info.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/payment/get-paddle-info.ee.test.js
@@ -12,7 +12,7 @@ describe('GET /api/v1/payment/paddle-info', () => {
  beforeEach(async () => {
    user = await createUser();
-    token = createAuthTokenByUserId(user.id);
+    token = await createAuthTokenByUserId(user.id);
    vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(true);
    vi.spyOn(billing.paddleInfo, 'vendorId', 'get').mockReturnValue(
--- a/packages/backend/src/controllers/api/v1/payment/get-plans.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/payment/get-plans.ee.test.js
@@ -11,7 +11,7 @@ describe('GET /api/v1/payment/plans', () => {
  beforeEach(async () => {
    user = await createUser();
-    token = createAuthTokenByUserId(user.id);
+    token = await createAuthTokenByUserId(user.id);
    vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(true);
  });
--- a/packages/backend/src/controllers/api/v1/steps/create-dynamic-data.test.js
+++ b/packages/backend/src/controllers/api/v1/steps/create-dynamic-data.test.js
@@ -18,7 +18,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-data', () => {
    currentUser = await createUser();
    currentUserRole = await currentUser.$relatedQuery('role');
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  describe('should return dynamically created data', () => {
--- a/packages/backend/src/controllers/api/v1/steps/create-dynamic-fields.test.js
+++ b/packages/backend/src/controllers/api/v1/steps/create-dynamic-fields.test.js
@@ -16,7 +16,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-fields', () => {
    currentUser = await createUser();
    currentUserRole = await currentUser.$relatedQuery('role');
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return dynamically created fields of the current users step', async () => {
--- a/packages/backend/src/controllers/api/v1/steps/get-connection.test.js
+++ b/packages/backend/src/controllers/api/v1/steps/get-connection.test.js
@@ -17,7 +17,7 @@ describe('GET /api/v1/steps/:stepId/connection', () => {
    currentUser = await createUser();
    currentUserRole = await currentUser.$relatedQuery('role');
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return the current user connection data of specified step', async () => {
--- a/packages/backend/src/controllers/api/v1/steps/get-previous-steps.test.js
+++ b/packages/backend/src/controllers/api/v1/steps/get-previous-steps.test.js
@@ -17,7 +17,7 @@ describe('GET /api/v1/steps/:stepId/previous-steps', () => {
    currentUser = await createUser();
    currentUserRole = await currentUser.$relatedQuery('role');
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return the previous steps of the specified step of the current user', async () => {
--- a/packages/backend/src/controllers/api/v1/users/get-apps.test.js
+++ b/packages/backend/src/controllers/api/v1/users/get-apps.test.js
@@ -17,7 +17,7 @@ describe('GET /api/v1/users/:userId/apps', () => {
    currentUserRole = await createRole();
    currentUser = await createUser({ roleId: currentUserRole.id });
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return all apps of the current user', async () => {
--- a/packages/backend/src/controllers/api/v1/users/get-current-user.test.js
+++ b/packages/backend/src/controllers/api/v1/users/get-current-user.test.js
@@ -25,7 +25,7 @@ describe('GET /api/v1/users/me', () => {
      roleId: role.id,
    });
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return current user info', async () => {
--- a/packages/backend/src/controllers/api/v1/users/get-invoices.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/users/get-invoices.ee.test.js
@@ -11,7 +11,7 @@ describe('GET /api/v1/user/invoices', () => {
  beforeEach(async () => {
    currentUser = await createUser();
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return current user invoices', async () => {
--- a/packages/backend/src/controllers/api/v1/users/get-plan-and-usage.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/users/get-plan-and-usage.ee.test.js
@@ -14,7 +14,7 @@ describe('GET /api/v1/users/:userId/plan-and-usage', () => {
  beforeEach(async () => {
    const trialExpiryDate = DateTime.now().plus({ days: 30 }).toISODate();
    user = await createUser({ trialExpiryDate });
-    token = createAuthTokenByUserId(user.id);
+    token = await createAuthTokenByUserId(user.id);
    vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(true);
  });
--- a/packages/backend/src/controllers/api/v1/users/get-subscription.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/users/get-subscription.ee.test.js
@@ -22,7 +22,7 @@ describe('GET /api/v1/users/:userId/subscription', () => {
    subscription = await createSubscription({ userId: currentUser.id });
-    token = createAuthTokenByUserId(currentUser.id);
+    token = await createAuthTokenByUserId(currentUser.id);
  });
  it('should return subscription info of the current user', async () => {
@@ -41,7 +41,7 @@ describe('GET /api/v1/users/:userId/subscription', () => {
      roleId: role.id,
    });
-    const token = createAuthTokenByUserId(userWithoutSubscription.id);
+    const token = await createAuthTokenByUserId(userWithoutSubscription.id);
    await request(app)
      .get(`/api/v1/users/${userWithoutSubscription.id}/subscription`)
--- a/packages/backend/src/controllers/api/v1/users/get-user-trial.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/users/get-user-trial.ee.test.js
@@ -14,7 +14,7 @@ describe('GET /api/v1/users/:userId/trial', () => {
  beforeEach(async () => {
    const trialExpiryDate = DateTime.now().plus({ days: 30 }).toISODate();
    user = await createUser({ trialExpiryDate });
-    token = createAuthTokenByUserId(user.id);
+    token = await createAuthTokenByUserId(user.id);
    vi.spyOn(appConfig, 'isCloud', 'get').mockReturnValue(true);
  });
--- a/packages/backend/src/graphql/mutations/login.js
+++ b/packages/backend/src/graphql/mutations/login.js
@@ -7,7 +7,7 @@ const login = async (_parent, params) => {
  });
  if (user && (await user.login(params.input.password))) {
-    const token = createAuthTokenByUserId(user.id);
+    const token = await createAuthTokenByUserId(user.id);
    return { token, user };
  }
--- a/packages/backend/src/helpers/authentication.js
+++ b/packages/backend/src/helpers/authentication.js
@@ -1,7 +1,6 @@
 import { allow, rule, shield } from 'graphql-shield';
 import jwt from 'jsonwebtoken';
 import appConfig from '../config/app.js';
 import User from '../models/user.js';
 import AccessToken from '../models/access-token.js';
 export const isAuthenticated = async (_parent, _args, req) => {
  const token = req.headers['authorization'];
@@ -9,10 +8,22 @@ export const isAuthenticated = async (_parent, _args, req) => {
  if (token == null) return false;
  try {
-    const { userId } = jwt.verify(token, appConfig.appSecretKey);
+    const accessToken = await AccessToken.query().findOne({
      token,
      revoked_at: null,
    });
    const expirationTime =
      new Date(accessToken.createdAt).getTime() + accessToken.expiresIn * 1000;
    if (Date.now() > expirationTime) {
      return false;
    }
    const user = await accessToken.$relatedQuery('user');
    req.currentUser = await User.query()
-      .findById(userId)
+      .findById(user.id)
      .leftJoinRelated({
        role: true,
        permissions: true,
--- a/packages/backend/src/helpers/authentication.test.js
+++ b/packages/backend/src/helpers/authentication.test.js
@@ -17,7 +17,7 @@ describe('isAuthenticated', () => {
  it('should return true if token is valid and there is a user', async () => {
    const user = await createUser();
-    const token = createAuthTokenByUserId(user.id);
+    const token = await createAuthTokenByUserId(user.id);
    const req = { headers: { authorization: token } };
    expect(await isAuthenticated(null, null, req)).toBe(true);
@@ -25,7 +25,7 @@ describe('isAuthenticated', () => {
  it('should return false if token is valid and but there is no user', async () => {
    const user = await createUser();
-    const token = createAuthTokenByUserId(user.id);
+    const token = await createAuthTokenByUserId(user.id);
    await user.$query().delete();
    const req = { headers: { authorization: token } };
--- a/packages/backend/src/helpers/create-auth-token-by-user-id.js
+++ b/packages/backend/src/helpers/create-auth-token-by-user-id.js
@@ -1,10 +1,16 @@
-import jwt from 'jsonwebtoken';
+import crypto from 'crypto';
-import appConfig from '../config/app.js';
+import User from '../models/user.js';
 import AccessToken from '../models/access-token.js';
-const TOKEN_EXPIRES_IN = '14d';
+const TOKEN_EXPIRES_IN = 14 * 24 * 60 * 60; // 14 days in seconds
-const createAuthTokenByUserId = (userId) => {
+const createAuthTokenByUserId = async (userId) => {
-  const token = jwt.sign({ userId }, appConfig.appSecretKey, {
+  const user = await User.query().findById(userId).throwIfNotFound();
  const token = await crypto.randomBytes(48).toString('hex');
  await AccessToken.query().insert({
    token,
    userId: user.id,
    expiresIn: TOKEN_EXPIRES_IN,
  });
--- a/packages/backend/src/helpers/passport.js
+++ b/packages/backend/src/helpers/passport.js
@@ -76,8 +76,8 @@ export default function configurePassport(app) {
      failureRedirect: '/',
      failureFlash: true,
    }),
-    (req, res) => {
+    async (req, res) => {
-      const token = createAuthTokenByUserId(req.currentUser.id);
+      const token = await createAuthTokenByUserId(req.currentUser.id);
      const redirectUrl = new URL(
        `/login/callback?token=${token}`,
--- a/packages/backend/src/models/user.js
+++ b/packages/backend/src/models/user.js
@@ -185,7 +185,7 @@ class User extends Base {
    });
    if (user && (await user.login(password))) {
-      const token = createAuthTokenByUserId(user.id);
+      const token = await createAuthTokenByUserId(user.id);
      return token;
    }
  }