refactor, new routes

3 files changed, 104 insertions, 106 deletions

diff --git a/routes/authRoutes.js b/routes/authRoutes.js
new file mode 100644
index 0000000..110e7f4
--- /dev/null
+++ b/routes/authRoutes.js
@@ -0,0 +1,33 @@
+const router = require('express').Router()
+const User = require('../model/User')
+
+// Logout (pass sessionId or will logout one from jwt)
+router.post('/logout', async (req, res) => {
+  try {
+    const { email, sessionId } = req.user
+
+    if (!email || !(req.body.sessionId || sessionId)) throw new Error()
+
+    await User.removeSession({ email, sessionId: req.body.sessionId || sessionId })
+
+    res.status(204).send()
+  } catch (err) {
+    console.log(err)
+    res.status(401).send({ error: 'Could not logout' })
+  }
+})
+
+// User sessions
+router.get("/sessions", async (req, res) => {
+  const { email } = req.user
+
+  try {
+    const sessions = await User.getSessions({ email })
+
+    res.send({ sessions })
+  } catch (err) {
+    res.status(401).send({ error: 'Error getting sessions' })
+  }
+})
+
+module.exports = router
diff --git a/routes/index.js b/routes/index.js
deleted file mode 100644
index 294cb49..0000000
--- a/routes/index.js
+++ /dev/null
@@ -1,106 +0,0 @@
-const fs = require('fs')
-const router = require('express').Router()
-const { randomBytes } = require('crypto')
-const jwt = require('jsonwebtoken')
-const User = require('../model/User')
-
-const cert = fs.readFileSync(`${process.cwd()}/cert/jwt_256_rsa`)
-
-const generateJwtToken = (user) => jwt.sign({
-    email: user.email,
-    verified: !!user.verify,
-    role: user.role,
-  },
-  {
-    key: cert,
-    passphrase: process.env.RSA_PASS,
-  },
-  {
-    expiresIn: parseInt(process.env.TOKEN_EXPIRES_IN),
-    issuer: 'pruss.it',
-    algorithm: 'RS256',
-  }
-)
-
-// Alive
-router.get("/", (_, res) => res.send("Auth service is up.") )
-
-// Register
-router.post('/register', async (req, res) => {
-  const refresh = randomBytes(32).toString('hex')
-  const newUser = new User({
-    email: req.body.email,
-    password: req.body.password,
-    refresh,
-  })
-
-  try {
-    const user = await newUser.save()
-    const jwtToken = generateJwtToken(user)
-
-    res.status(201).send({ jt: jwtToken, rt: refresh })
-  } catch(err) {
-    if (err._message) {
-      res.status(422).send({ error: err._message })
-    } else if (err.code && err.code === 11000) {
-      res.status(409).send({ error: 'User with this email already exist' })
-    } else {
-      res.status(400).send({ error: 'Could not save the user' })
-    }
-  }
-})
-
-// Login
-router.post('/login', async (req, res) => {
-  try {
-    const user = await User.findByCredentials(req.body.email, req.body.password)
-
-    if (!user) throw new Error()
-
-    const refreshToken = await User.newRefreshToken(user)
-
-    if (!refreshToken) throw new Error()
-
-    const jwtToken = generateJwtToken(user)
-
-    res.status(202).send({ jt: jwtToken, rt: refreshToken })
-  } catch (err) {
-    res.status(401).send({ error: 'Could not log in.' })
-  }
-})
-
-// Logout
-router.post('/logout', async (req, res) => {
-  try {
-    const user = await User.checkRefreshToken(req.body.email, req.body.refresh)
-
-    if (!user) throw new Error()
-
-    await User.removeRefreshToken(user.email)
-
-    res.status(204).send()
-  } catch (err) {
-    res.status(401).send({ error: 'Could not logout' })
-  }
-})
-
-// Refresh token
-router.post('/refresh', async (req, res) => {
-  try {
-    const user = await User.checkRefreshToken(req.body.email, req.body.refresh)
-
-    if (!user) throw new Error()
-
-    const newRefreshToken = await User.newRefreshToken(user)
-
-    if (!newRefreshToken) throw new Error()
-
-    const jwtToken = generateJwtToken(user)
-
-    res.status(201).send({ jt: jwtToken, rt: newRefreshToken })
-  } catch (err) {
-    res.status(401).send({ error: 'User logged out' })
-  }
-})
-
-module.exports = router
diff --git a/routes/routes.js b/routes/routes.js
new file mode 100644
index 0000000..b1cfeec
--- /dev/null
+++ b/routes/routes.js
@@ -0,0 +1,71 @@
+const router = require('express').Router()
+const { randomBytes } = require('crypto')
+const createJwt = require('../helpers/createJwt')
+const User = require('../model/User')
+
+// Alive
+router.get("/", (_, res) => res.send("Auth service is up.") )
+
+// Register
+router.post('/register', async (req, res) => {
+  const refreshToken = randomBytes(32).toString('hex')
+  const newUser = new User({
+    email: req.body.email,
+    password: req.body.password,
+    sessions: [{
+      device: req.body.device,
+      refreshToken,
+    }],
+  })
+
+  try {
+    const user = await newUser.save()
+    const sessionId = user.sessions[0]._id
+    const jwtToken = createJwt(user, sessionId)
+
+    res.status(201).send({ sessionId, jwtToken, refreshToken })
+  } catch(err) {
+    if (err._message) {
+      res.status(422).send({ error: err._message })
+    } else if (err.code && err.code === 11000) {
+      res.status(409).send({ error: 'User with this email already exist' })
+    } else {
+      res.status(400).send({ error: 'Could not save the user' })
+    }
+  }
+})
+
+// Login
+router.post('/login', async (req, res) => {
+  try {
+    const { user, refreshToken } = await User.newSession(req.body)
+    const sessionId = user.sessions[user.sessions.length - 1]._id
+    const jwtToken = createJwt(user, sessionId)
+
+    res.status(202).send({ sessionId, jwtToken, refreshToken })
+  } catch (err) {
+    res.status(401).send({ error: 'Could not log in.' })
+  }
+})
+
+// Refresh token
+router.post('/refresh', async (req, res) => {
+  try {
+    const user = await User.checkRefreshToken(req.body)
+
+    if (!user) throw new Error()
+
+    const refreshToken = await User.refreshExistingToken({ user, sessionId: req.body.sessionId })
+
+    if (!refreshToken) throw new Error()
+
+    const jwtToken = createJwt(user)
+
+    res.status(201).send({ sessionId: req.body.sessionId, jwtToken, refreshToken })
+  } catch (err) {
+    console.log(err)
+    res.status(401).send({ error: 'Could not refresh token' })
+  }
+})
+
+module.exports = router