Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 | 4x 5x 5x 5x 5x 5x 5x 5x 5x 4x 12x 12x 12x 12x 12x 12x 12x 4x 8x 8x 8x 8x 8x 8x 8x 8x 8x 8x 8x 8x 8x 8x 8x 4x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 2x 1x 1x 1x 4x 7x 7x 7x 7x 7x 7x 7x 7x 7x 7x 3x 3x 3x 4x 4x 6x 4x 4x 4x 4x 45x 45x 45x 4x 41x 41x 41x 4x 37x 37x 37x | import { Request, Response, NextFunction } from 'express';
import userModel from '../models/user_model';
import bcrypt from 'bcrypt';
import jwt from 'jsonwebtoken';
import { AnyObject } from 'mongoose';
import { error } from 'console';
const register = async (req, res) => {
const email = req.body.email;
const password = req.body.password;
Iif (!email || !password) {
return res.status(400).send("Missing email or password");
}
try {
const salt = await bcrypt.genSalt(10);
const hashedPassword = await bcrypt.hash(password, salt);
const user = await userModel.create({
email: email,
password: hashedPassword,
});
res.status(200).send(user);
} catch (err) {
return res.status(500).send(err);
}
};
const generateTokens = (_id: string): { accessToken: string, refreshToken: string } => {
const random = Math.floor(Math.random() * 1000000);
Iif (!process.env.ACCESS_TOKEN_SECRET) {
throw new Error("Missing ACCESS_TOKEN_SECRET in environment variables");
}
Iif (!process.env.TOKEN_EXPIRATION) {
throw new Error("Missing TOKEN_EXPIRATION in environment variables");
}
const accessToken = jwt.sign(
{
_id: _id,
random: random
},
process.env.ACCESS_TOKEN_SECRET,
{ expiresIn: process.env.TOKEN_EXPIRATION });
Iif (!process.env.REFRESH_TOKEN_EXPIRATION) {
throw new Error("Missing REFRESH_TOKEN_EXPIRATION in environment variables");
}
const refreshToken = jwt.sign(
{
_id: _id,
random: random
},
process.env.ACCESS_TOKEN_SECRET,
{ expiresIn: process.env.REFRESH_TOKEN_EXPIRATION });
return { accessToken, refreshToken };
}
const login = async (req, res) => {
const email = req.body.email;
const password = req.body.password;
Iif (!email || !password) {
return res.status(400).send("Missing email or password");
}
try {
const user = await userModel.findOne({ email: email });
Iif (!user) {
return res.status(400).send("Wrong email or password");
}
const validPassword = await bcrypt.compare(password, user.password);
Iif (!validPassword) {
return res.status(400).send("Invalid password");
}
const userId: string = user._id.toString();
const tokens = generateTokens(userId);
Iif (!tokens) {
return res.status(500).send("missing auth config");
}
Iif (user.refreshTokens == null) {
user.refreshTokens = [];
}
user.refreshTokens.push(tokens.refreshToken);
await user.save();
res.status(200).send({
email: user.email,
_id: user._id,
accessToken: tokens.accessToken,
refreshToken: tokens.refreshToken,
});
} catch (err) {
return res.status(400).send(err);
}
};
const logout = async (req, res) => {
const refreshToken = req.body.refreshToken;
Iif (!refreshToken) {
return res.status(400).send("missing refresh Token");
}
// need to check the refresh token is valid
Iif (!process.env.ACCESS_TOKEN_SECRET) {
return res.status(400).send("missing auth config");
}
jwt.verify(refreshToken, process.env.ACCESS_TOKEN_SECRET, async (err, data) => {
Iif (err) {
return res.status(403).send("Invalid Token");
}
const payload = data as TokenPayload;
try {
const user = await userModel.findById({ _id: payload._id });
Iif (!user) {
return res.status(400).send("Invalid Token");
}
Iif (!user.refreshTokens || !user.refreshTokens.includes(refreshToken)) {
user.refreshTokens = [];
await user.save();
return res.status(400).send("Invalid Token");;
}
const tokens = user.refreshTokens.filter((token) => token !== refreshToken);
user.refreshTokens = tokens;
await user.save();
res.status(200).send("Logged out");
} catch (err) {
return res.status(400).send("Invalid Token");
}
});
};
const refresh = async (req, res) => {
//first validate the refresh token
const refreshToken = req.body.refreshToken;
Iif (!refreshToken) {
return res.status(400).send("invalid refresh token");
}
Iif (!process.env.ACCESS_TOKEN_SECRET) {
return res.status(500).send("missing auth config");
}
jwt.verify(refreshToken, process.env.ACCESS_TOKEN_SECRET, async (err, data) => {
Iif (err) {
return res.status(403).send("Invalid Token");
}
//find the user
const payload = data as TokenPayload;
try {
const user = await userModel.findById({ _id: payload._id });
Iif (!user) {
return res.status(400).send("Invalid Token");
}
//check that token existe in the user
if (!user.refreshTokens || !user.refreshTokens.includes(refreshToken)) {
user.refreshTokens = [];
await user.save();
return res.status(400).send("Invalid Token");
}
//generate a new access token
const newTokens = generateTokens(user._id.toString());
Iif (!newTokens) {
user.refreshTokens = [];
await user.save();
return res.status(400).send("missing auth config");
}
//delete the old refresh token
user.refreshTokens = user.refreshTokens.filter((t) => t !== refreshToken);
//save the new token in the user
user.refreshTokens.push(newTokens.refreshToken);
await user.save();
//return the new access token and refresh token
res.status(200).send({
accessToken: newTokens.accessToken,
refreshToken: newTokens.refreshToken,
});
} catch (err) {
return res.status(400).send("Invalid Token");
}
});
};
type TokenPayload = {
_id: string
};
export const authMiddleware = (req, res, next: NextFunction) => {
const authHeader = req.headers['authorization'];
const token = authHeader && authHeader.split(' ')[1];
if (!token) {
return res.status(401).send("missing token");
}
Iif (!process.env.ACCESS_TOKEN_SECRET) {
return res.status(500).send("missing auth config");
}
jwt.verify(token, process.env.ACCESS_TOKEN_SECRET, (err, data) => {
if (err) {
return res.status(403).send("Invalid Token");
}
const payload = data as TokenPayload;
req.query.userId = payload._id;
next();
});
};
export default { register, login, refresh, logout };
|