2 files changed, 106 insertions, 119 deletions

diff --git a/routes/auth.js b/routes/auth.js
deleted file mode 100644
index 389c01b..0000000
--- a/routes/auth.js
+++ /dev/null
@@ -1,119 +0,0 @@
-const router = require('express').Router()
-const { randomBytes } = require('crypto')
-const jwt = require('jsonwebtoken')
-const User = require('../model/User')
-
-const cookieParams = {
-  maxAge: (1000 * parseInt(process.env.TOKEN_EXPIRE_IN)),
-  secure: false,
-  httpOnly: true,
-}
-
-const generateJwtToken = (user) => jwt.sign({
-    email: user.email,
-    verified: !!user.verify,
-    role: user.role,
-  },
-  process.env.JWT_SECRET,
-  {
-    expiresIn: parseInt(process.env.TOKEN_EXPIRE_IN),
-    issuer: 'pruss.it',
-    algorithm: 'HS256',
-  }
-)
-
-// Alive
-router.get("/", function (_, res) {
-  res.send("Service is up.")
-})
-
-// Register
-router.post('/register', async (req, res) => {
-  const refresh = randomBytes(32).toString('hex')
-  const user = new User({
-    email: req.body.email,
-    password: req.body.password,
-    refresh,
-  })
-
-  try {
-    await user.save()
-    res.status(201).send(refresh)
-  } catch(err) {
-    if (err._message) {
-      res.status(422).send(err._message)
-    } else if (err.code && err.code === 11000) {
-      res.status(409).send('User with this email already exist')
-    } else {
-      res.status(400).send('Could not save the user')
-    }
-  }
-})
-
-// Login
-router.post('/login', async (req, res) => {
-  try {
-    const user = await User.findByCredentials(req.body.email, req.body.password)
-
-    if (!user) {
-      throw new Error()
-    }
-
-    const refreshToken = await User.newRefreshToken(user)
-
-    if (!refreshToken) {
-      throw new Error()
-    }
-
-    const jwtToken = generateJwtToken(user)
-
-    res
-      .cookie('token', jwtToken, cookieParams)
-      .status(204)
-      .send(refreshToken)
-  } catch (err) {
-    res.status(401).send('Could not login')
-  }
-})
-
-// Logout
-router.post('/logout', async (_, res) => {
-  try {
-    // add session check
-
-    res
-      .clearCookie('token')
-      .status(204)
-      .send()
-  } catch (err) {
-    res.status(401).send('Could not logout')
-  }
-})
-
-// Refresh token
-router.post('/refresh', async (req, res) => {
-  try {
-    const user = await User.checkRefreshToken(req.body.email, req.body.refresh)
-
-    if (!user) {
-      throw new Error()
-    }
-
-    const newRefreshToken = await User.newRefreshToken(user)
-
-    if (!newRefreshToken) {
-      throw new Error()
-    }
-
-    const jwtToken = generateJwtToken(user)
-
-    res
-      .cookie('token', jwtToken, cookieParams)
-      .status(201)
-      .send(newRefreshToken)
-  } catch (err) {
-    res.status(401).send('User logged out')
-  }
-})
-
-module.exports = router
diff --git a/routes/index.js b/routes/index.js
new file mode 100644
index 0000000..294cb49
--- /dev/null
+++ b/routes/index.js
@@ -0,0 +1,106 @@
+const fs = require('fs')
+const router = require('express').Router()
+const { randomBytes } = require('crypto')
+const jwt = require('jsonwebtoken')
+const User = require('../model/User')
+
+const cert = fs.readFileSync(`${process.cwd()}/cert/jwt_256_rsa`)
+
+const generateJwtToken = (user) => jwt.sign({
+    email: user.email,
+    verified: !!user.verify,
+    role: user.role,
+  },
+  {
+    key: cert,
+    passphrase: process.env.RSA_PASS,
+  },
+  {
+    expiresIn: parseInt(process.env.TOKEN_EXPIRES_IN),
+    issuer: 'pruss.it',
+    algorithm: 'RS256',
+  }
+)
+
+// Alive
+router.get("/", (_, res) => res.send("Auth service is up.") )
+
+// Register
+router.post('/register', async (req, res) => {
+  const refresh = randomBytes(32).toString('hex')
+  const newUser = new User({
+    email: req.body.email,
+    password: req.body.password,
+    refresh,
+  })
+
+  try {
+    const user = await newUser.save()
+    const jwtToken = generateJwtToken(user)
+
+    res.status(201).send({ jt: jwtToken, rt: refresh })
+  } catch(err) {
+    if (err._message) {
+      res.status(422).send({ error: err._message })
+    } else if (err.code && err.code === 11000) {
+      res.status(409).send({ error: 'User with this email already exist' })
+    } else {
+      res.status(400).send({ error: 'Could not save the user' })
+    }
+  }
+})
+
+// Login
+router.post('/login', async (req, res) => {
+  try {
+    const user = await User.findByCredentials(req.body.email, req.body.password)
+
+    if (!user) throw new Error()
+
+    const refreshToken = await User.newRefreshToken(user)
+
+    if (!refreshToken) throw new Error()
+
+    const jwtToken = generateJwtToken(user)
+
+    res.status(202).send({ jt: jwtToken, rt: refreshToken })
+  } catch (err) {
+    res.status(401).send({ error: 'Could not log in.' })
+  }
+})
+
+// Logout
+router.post('/logout', async (req, res) => {
+  try {
+    const user = await User.checkRefreshToken(req.body.email, req.body.refresh)
+
+    if (!user) throw new Error()
+
+    await User.removeRefreshToken(user.email)
+
+    res.status(204).send()
+  } catch (err) {
+    res.status(401).send({ error: 'Could not logout' })
+  }
+})
+
+// Refresh token
+router.post('/refresh', async (req, res) => {
+  try {
+    const user = await User.checkRefreshToken(req.body.email, req.body.refresh)
+
+    if (!user) throw new Error()
+
+    const newRefreshToken = await User.newRefreshToken(user)
+
+    if (!newRefreshToken) throw new Error()
+
+    const jwtToken = generateJwtToken(user)
+
+    res.status(201).send({ jt: jwtToken, rt: newRefreshToken })
+  } catch (err) {
+    res.status(401).send({ error: 'User logged out' })
+  }
+})
+
+module.exports = router