refactor: use kwt strategy

app/middleware/guest_middleware.ts

@@ -0,0 +1,31 @@
+import type { HttpContext } from '@adonisjs/core/http'
+import type { NextFn } from '@adonisjs/core/types/http'
+import type { Authenticators } from '@adonisjs/auth/types'
+
+/**
+ * Guest middleware is used to deny access to routes that should
+ * be accessed by unauthenticated users.
+ *
+ * For example, the login page should not be accessible if the user
+ * is already logged-in
+ */
+export default class GuestMiddleware {
+  /**
+   * The URL to redirect to when user is logged-in
+   */
+  redirectTo = '/'
+
+  async handle(
+    ctx: HttpContext,
+    next: NextFn,
+    options: { guards?: (keyof Authenticators)[] } = {}
+  ) {
+    for (let guard of options.guards || [ctx.auth.defaultGuard]) {
+      if (await ctx.auth.use(guard).check()) {
+        return ctx.response.redirect(this.redirectTo, true)
+      }
+    }
+
+    return next()
+  }
+}

app/middleware/silent_auth_middleware.ts

@@ -0,0 +1,16 @@
+import type { HttpContext } from '@adonisjs/core/http'
+import type { NextFn } from '@adonisjs/core/types/http'
+
+/**
+ * Silent auth middleware can be used as a global middleware to silent check
+ * if the user is logged-in or not.
+ *
+ * The request continues as usual, even when the user is not logged-in.
+ */
+export default class SilentAuthMiddleware {
+  async handle(ctx: HttpContext, next: NextFn) {
+    await ctx.auth.check()
+
+    return next()
+  }
+}

app/modules/user/services/jwt/jwt_auth_tokens_service.ts

@@ -2,10 +2,9 @@ import { inject } from '@adonisjs/core'
 
 import JwtService from '#shared/jwt/jwt_service'
 import env from '#start/env'
+import { BaseJwtContent } from '#auth/guards/jwt/types'
 
-type GenerateAuthTokens = {
-  user_id: number
-}
+export interface JwtContent extends BaseJwtContent {}
 
 type GenerateAuthTokensResponse = {
   access_token: string
@@ -16,22 +15,18 @@ type GenerateAuthTokensResponse = {
 export default class JwtAuthTokensService {
   constructor(private jwtService: JwtService) {}
 
-  async run(userId: number): Promise<GenerateAuthTokensResponse> {
-    const accessToken = await this.generateAccessToken({
-      user_id: userId,
-    })
-    const refreshToken = await this.generateRefreshToken({
-      user_id: userId,
-    })
+  async run(payload: JwtContent): Promise<GenerateAuthTokensResponse> {
+    const accessToken = await this.generateAccessToken(payload)
+    const refreshToken = await this.generateRefreshToken(payload)
 
     return { access_token: accessToken, refresh_token: refreshToken }
   }
 
-  private generateAccessToken(payload: GenerateAuthTokens): Promise<string> {
-    return this.jwtService.sign(payload, env.get('ACCESS_TOKEN_SECRET'), '15m')
+  private generateAccessToken(payload: JwtContent): Promise<string> {
+    return this.jwtService.sign(payload, env.get('APP_KEY'), '15m')
   }
 
-  private generateRefreshToken(payload: GenerateAuthTokens): Promise<string> {
-    return this.jwtService.sign(payload, env.get('REFRESH_TOKEN_SECRET'), '3d')
+  private generateRefreshToken(payload: JwtContent): Promise<string> {
+    return this.jwtService.sign(payload, env.get('APP_KEY'), '3d')
   }
 }

app/modules/user/services/sessions/sign_in_service.ts

@@ -1,7 +1,7 @@
 import { inject } from '@adonisjs/core'
 
 import UsersRepository from '#modules/user/repositories/users_repository'
-import AccessTokensService from '#modules/user/services/access_tokens/access_tokens_service'
+import JwtAuthTokensService from '#modules/user/services/jwt/jwt_auth_tokens_service'
 
 type SignInRequest = {
   uid: string
@@ -12,13 +12,13 @@ type SignInRequest = {
 export default class SignInService {
   constructor(
     private usersRepository: UsersRepository,
-    private accessTokensService: AccessTokensService
+    private jwtAuthTokensService: JwtAuthTokensService
   ) {}
 
   async run({ uid, password }: SignInRequest) {
     const user = await this.usersRepository.verifyCredentials(uid, password)
 
-    const auth = await this.accessTokensService.run(user.id)
+    const auth = await this.jwtAuthTokensService.run({ userId: user.id })
     const userJson = user.toJSON()
 
     return { ...userJson, auth }

app/modules/user/services/sessions/sign_up_service.ts

@@ -2,18 +2,18 @@ import { inject } from '@adonisjs/core'
 
 import IUser from '#modules/user/interfaces/user_interface'
 import UsersRepository from '#modules/user/repositories/users_repository'
-import AccessTokensService from '#modules/user/services/access_tokens/access_tokens_service'
+import JwtAuthTokensService from '#modules/user/services/jwt/jwt_auth_tokens_service'
 
 @inject()
 export default class SignUpService {
   constructor(
     private usersRepository: UsersRepository,
-    private accessTokensService: AccessTokensService
+    private jwtAuthTokensService: JwtAuthTokensService
   ) {}
 
   async run(payload: IUser.CreatePayload) {
     const user = await this.usersRepository.create(payload)
-    const auth = await this.accessTokensService.run(user.id)
+    const auth = await this.jwtAuthTokensService.run({ userId: user.id })
 
     const userJson = user.toJSON()
 

config/auth.ts

@@ -1,36 +1,40 @@
 import { defineConfig } from '@adonisjs/auth'
 import { tokensGuard, tokensUserProvider } from '@adonisjs/auth/access_tokens'
 import type { Authenticators, InferAuthEvents } from '@adonisjs/auth/types'
+import { sessionGuard, sessionUserProvider } from '@adonisjs/auth/session'
+import { basicAuthGuard, basicAuthUserProvider } from '@adonisjs/auth/basic_auth'
 
-/*
- * Uncomment the following snippet if you want to use
- * the JWT guard for authenticating users.
- */
-
-// const authConfig = defineConfig({
-//   default: 'jwt',
-//   guards: {
-//     jwt: jwtGuard({
-//       // tokenExpiresIn is the duration of the validity of the token, it's a optional value
-//       tokenExpiresIn: '1h',
-//       // if you want to use cookies for the authentication instead of the bearer token (optional)
-//       useCookies: true,
-//       provider: sessionUserProvider({
-//         model: () => import('#modules/user/models/user'),
-//       }),s
-//     }),
-//   },
-// })
+import { jwtGuard } from '#auth/guards/jwt/define_config'
+import { JwtGuardUser } from '#auth/guards/jwt/types'
 
 const authConfig = defineConfig({
-  default: 'api',
+  default: 'jwt',
   guards: {
     api: tokensGuard({
       provider: tokensUserProvider({
         tokens: 'accessTokens',
         model: () => import('#modules/user/models/user'),
       }),
     }),
+    web: sessionGuard({
+      useRememberMeTokens: false,
+      provider: sessionUserProvider({
+        model: () => import('#modules/user/models/user'),
+      }),
+    }),
+    basicAuth: basicAuthGuard({
+      provider: basicAuthUserProvider({
+        model: () => import('#modules/user/models/user'),
+      }),
+    }),
+    jwt: jwtGuard({
+      tokenExpiresIn: '1h',
+      useCookies: true,
+      provider: sessionUserProvider({
+        model: () => import('#modules/user/models/user'),
+      }),
+      content: <User>(user: JwtGuardUser<User>) => ({ userId: user.getId() }),
+    }),
   },
 })
 

package.json

@@ -46,17 +46,17 @@
     "@swc/core": "1.9.3",
     "@types/jsonwebtoken": "^9.0.7",
     "@types/luxon": "^3.4.2",
-    "@types/node": "^22.9.3",
-    "eslint": "^9.15.0",
+    "@types/node": "^22.10.1",
+    "eslint": "^9.16.0",
     "hot-hook": "^0.4.0",
     "pino-pretty": "^13.0.0",
-    "prettier": "^3.3.3",
+    "prettier": "^3.4.1",
     "ts-node-maintained": "^10.9.4",
     "typescript": "~5.7.2"
   },
   "dependencies": {
     "@adonisjs/auth": "^9.2.4",
-    "@adonisjs/core": "^6.14.1",
+    "@adonisjs/core": "^6.15.1",
     "@adonisjs/cors": "^2.2.1",
     "@adonisjs/i18n": "^2.1.1",
     "@adonisjs/lucid": "^21.4.0",