fix: fetch client from DB for each request

api/src/controllers/auth.ts

@@ -1,6 +1,7 @@
 import { Security, Route, Tags, Example, Post, Body, Query, Hidden } from 'tsoa'
 import jwt from 'jsonwebtoken'
 import User from '../model/User'
+import Client from '../model/Client'
 import { InfoJWT } from '../types'
 import {
   generateAccessToken,
@@ -81,6 +82,9 @@ export class AuthController {
 const authorize = async (data: any): Promise<AuthorizeResponse> => {
   const { username, password, clientId } = data
 
+  const client = await Client.findOne({ clientId })
+  if (!client) throw new Error('Invalid clientId.')
+
   // Authenticate User
   const user = await User.findOne({ username })
   if (!user) throw new Error('Username is not found.')

api/src/routes/api/auth.ts

@@ -1,44 +1,22 @@
 import express from 'express'
 
 import { AuthController } from '../../controllers/'
-import Client from '../../model/Client'
 
 import {
   authenticateAccessToken,
   authenticateRefreshToken
 } from '../../middlewares'
 
-import {
-  authorizeValidation,
-  getDesktopFields,
-  tokenValidation
-} from '../../utils'
+import { authorizeValidation, tokenValidation } from '../../utils'
 import { InfoJWT } from '../../types'
 
 const authRouter = express.Router()
-
-const clientIDs = new Set()
-
-export const populateClients = async () => {
-  const result = await Client.find()
-  clientIDs.clear()
-  result.forEach((r) => {
-    clientIDs.add(r.clientId)
-  })
-}
+const controller = new AuthController()
 
 authRouter.post('/authorize', async (req, res) => {
   const { error, value: body } = authorizeValidation(req.body)
   if (error) return res.status(400).send(error.details[0].message)
 
-  const { clientId } = body
-
-  // Verify client ID
-  if (!clientIDs.has(clientId)) {
-    return res.status(403).send('Invalid clientId.')
-  }
-
-  const controller = new AuthController()
   try {
     const response = await controller.authorize(body)
 
@@ -52,7 +30,6 @@ authRouter.post('/token', async (req, res) => {
   const { error, value: body } = tokenValidation(req.body)
   if (error) return res.status(400).send(error.details[0].message)
 
-  const controller = new AuthController()
   try {
     const response = await controller.token(body)
     const { accessToken } = response
@@ -66,7 +43,6 @@ authRouter.post('/token', async (req, res) => {
 authRouter.post('/refresh', authenticateRefreshToken, async (req: any, res) => {
   const userInfo: InfoJWT = req.user
 
-  const controller = new AuthController()
   try {
     const response = await controller.refresh(userInfo)
 
@@ -79,7 +55,6 @@ authRouter.post('/refresh', authenticateRefreshToken, async (req: any, res) => {
 authRouter.delete('/logout', authenticateAccessToken, async (req: any, res) => {
   const userInfo: InfoJWT = req.user
 
-  const controller = new AuthController()
   try {
     await controller.logout(userInfo)
   } catch (e) {}

api/src/utils/connectDB.ts

@@ -1,5 +1,4 @@
 import mongoose from 'mongoose'
-import { populateClients } from '../routes/api/auth'
 import { seedDB } from './seedDB'
 
 export const connectDB = async () => {
@@ -22,7 +21,5 @@ export const connectDB = async () => {
     console.log('Connected to db!')
 
     await seedDB()
-
-    await populateClients()
   })
 }