I'm new at node development but it seems that the accountService refreshToken function will potentially create a new refreshToken entry in the database as often as every 15 minutes. Shouldn't this function just generate a jwt if the refreshToken is still valid. Maybe generate a new refreshToken if the current one is about to expire while the user is active on the site. If they aren't then they just have to login the next time they visit the site.

When I Postman "accounts/register" I get ' "message": "db.Account.countDocuments is not a function" '

I was using Mongo 4.2, and read that 4.2.1 started returning "0" for countDocuments, so I upgraded to 4.2.1 and still get the same error:

This is my postman just in case:

POST: accounts.register

{
"title": "Mr.",
"firstName": "fname",
"lastName": "lname",
"email": "[email protected]",
"password": "!SomePass!",
"confirmPassword": "!SomePass!",
"acceptTerms": true
}

I was crazy confused until I noticed that these functions are not returning a refreshToken.

function authenticate(req, res, next) {
    const { email, password } = req.body;
    const ipAddress = req.ip;
    accountService.authenticate({ email, password, ipAddress })
        .then(({ refreshToken, ...account }) => {
            setTokenCookie(res, refreshToken);
            res.json(account);  // missing refresh token
        })
        .catch(next);
}

function refreshToken(req, res, next) {
    const token = req.cookies.refreshToken;
    const ipAddress = req.ip;
    accountService.refreshToken({ token, ipAddress })
        .then(({ refreshToken, ...account }) => {
            setTokenCookie(res, refreshToken);
            res.json(account); // missing refresh token
        })
        .catch(next);
}

When I refactored to include the refreshToken it, of course, then showed up in the response.

res.json({...account, refreshToken});

@cornflourblue - terrific work on this! I'm going to use this boilerplate for my project.

Question: In the current implementation, the refreshTokens array under the accounts collection grows indefinitely. To remove expired refresh tokens, my initial thought was to use mongoDB's TTL Indexes, however, the TTL index scope is limited to documents, not to arrays within a document, per the current schema.

How would approach removal of expired tokens?

(node:35564) UnhandledPromiseRejectionWarning: Error: self signed certificate in certificate chain
at TLSSocket.onConnectSecure (_tls_wrap.js:1321:34)
at TLSSocket.emit (events.js:223:5)
at TLSSocket._finishInit (_tls_wrap.js:794:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:608:12)
(node:35564) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:35564) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

While trying to register and also we need a readme file