Move invalidate refresh token to TokenManager

server/Auth.js

@@ -1,5 +1,4 @@
 const { Request, Response, NextFunction } = require('express')
-const { rateLimit } = require('express-rate-limit')
 const passport = require('passport')
 const JwtStrategy = require('passport-jwt').Strategy
 const ExtractJwt = require('passport-jwt').ExtractJwt
@@ -466,14 +465,7 @@ class Auth {
 
       // Invalidate the session in database using refresh token
       if (refreshToken) {
-        try {
+        await this.tokenManager.invalidateRefreshToken(refreshToken)
-          Logger.info(`[Auth] logout: Invalidating session for refresh token: ${refreshToken}`)
-          await Database.sessionModel.destroy({
-            where: { refreshToken }
-          })
-        } catch (error) {
-          Logger.error(`[Auth] Error destroying session: ${error.message}`)
-        }
       } else {
         Logger.info(`[Auth] logout: No refresh token on request`)
       }

server/auth/TokenManager.js

@@ -379,6 +379,28 @@ class TokenManager {
     await Database.sessionModel.destroy({ where: { userId: user.id } })
     return null
   }
+
+  /**
+   * Invalidate a refresh token - used for logout
+   *
+   * @param {string} refreshToken
+   * @returns {Promise<boolean>}
+   */
+  async invalidateRefreshToken(refreshToken) {
+    if (!refreshToken) {
+      Logger.error(`[TokenManager] No refresh token provided to invalidate`)
+      return false
+    }
+
+    try {
+      const numDeleted = await Database.sessionModel.destroy({ where: { refreshToken: refreshToken } })
+      Logger.info(`[TokenManager] Refresh token ${refreshToken} invalidated, ${numDeleted} sessions deleted`)
+      return true
+    } catch (error) {
+      Logger.error(`[TokenManager] Error invalidating refresh token: ${error.message}`)
+      return false
+    }
+  }
 }
 
 module.exports = TokenManager