Signed in device with tokens

[CharlBest]

Add new flow to generate token for enhanced security: https://github.com/auth0/auth0-spa-js

• login with email + password
• get user with that email and validate password
• if success
• save user/profile config data (language, theme)
• generate token with user id + expiry date
• generate refresh token
• check if it's a bot npm package = isbot and reCaptcha v3
• create session node with refresh token + ip, ip geo-location - npm package = geoip-lite, user agent (parse) - npm package = useragent, date created, date * * updated

• frontend - when receiving unauthorized from server check if client has refresh token then refresh token and retry initial request

• https://stackoverflow.com/questions/51281270/extract-payload-of-expired-jwt-token
• refresh token - validate user has refresh token with user id in original expired token
• if success
• regenerate token and refresh token
• update session with new data
• if error (no refresh token or no match)
• delete refresh token if exists and delete token if exists
• navigate to login

• remove session (with refresh token) when logging out or manually in profile sessions on refresh token

• get list of sessions

• option to remove all sessions when password is changed (reset/forgot password + update password)