From 4d28ac359b25d89d0dbb42dd3a6d32269eebc619 Mon Sep 17 00:00:00 2001 From: piotrruss Date: Tue, 15 Aug 2023 19:13:58 +0200 Subject: add cors, logout, change name --- routes/auth.js | 119 -------------------------------------------------------- routes/index.js | 106 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 106 insertions(+), 119 deletions(-) delete mode 100644 routes/auth.js create mode 100644 routes/index.js (limited to 'routes') diff --git a/routes/auth.js b/routes/auth.js deleted file mode 100644 index 389c01b..0000000 --- a/routes/auth.js +++ /dev/null @@ -1,119 +0,0 @@ -const router = require('express').Router() -const { randomBytes } = require('crypto') -const jwt = require('jsonwebtoken') -const User = require('../model/User') - -const cookieParams = { - maxAge: (1000 * parseInt(process.env.TOKEN_EXPIRE_IN)), - secure: false, - httpOnly: true, -} - -const generateJwtToken = (user) => jwt.sign({ - email: user.email, - verified: !!user.verify, - role: user.role, - }, - process.env.JWT_SECRET, - { - expiresIn: parseInt(process.env.TOKEN_EXPIRE_IN), - issuer: 'pruss.it', - algorithm: 'HS256', - } -) - -// Alive -router.get("/", function (_, res) { - res.send("Service is up.") -}) - -// Register -router.post('/register', async (req, res) => { - const refresh = randomBytes(32).toString('hex') - const user = new User({ - email: req.body.email, - password: req.body.password, - refresh, - }) - - try { - await user.save() - res.status(201).send(refresh) - } catch(err) { - if (err._message) { - res.status(422).send(err._message) - } else if (err.code && err.code === 11000) { - res.status(409).send('User with this email already exist') - } else { - res.status(400).send('Could not save the user') - } - } -}) - -// Login -router.post('/login', async (req, res) => { - try { - const user = await User.findByCredentials(req.body.email, req.body.password) - - if (!user) { - throw new Error() - } - - const refreshToken = await User.newRefreshToken(user) - - if (!refreshToken) { - throw new Error() - } - - const jwtToken = generateJwtToken(user) - - res - .cookie('token', jwtToken, cookieParams) - .status(204) - .send(refreshToken) - } catch (err) { - res.status(401).send('Could not login') - } -}) - -// Logout -router.post('/logout', async (_, res) => { - try { - // add session check - - res - .clearCookie('token') - .status(204) - .send() - } catch (err) { - res.status(401).send('Could not logout') - } -}) - -// Refresh token -router.post('/refresh', async (req, res) => { - try { - const user = await User.checkRefreshToken(req.body.email, req.body.refresh) - - if (!user) { - throw new Error() - } - - const newRefreshToken = await User.newRefreshToken(user) - - if (!newRefreshToken) { - throw new Error() - } - - const jwtToken = generateJwtToken(user) - - res - .cookie('token', jwtToken, cookieParams) - .status(201) - .send(newRefreshToken) - } catch (err) { - res.status(401).send('User logged out') - } -}) - -module.exports = router diff --git a/routes/index.js b/routes/index.js new file mode 100644 index 0000000..294cb49 --- /dev/null +++ b/routes/index.js @@ -0,0 +1,106 @@ +const fs = require('fs') +const router = require('express').Router() +const { randomBytes } = require('crypto') +const jwt = require('jsonwebtoken') +const User = require('../model/User') + +const cert = fs.readFileSync(`${process.cwd()}/cert/jwt_256_rsa`) + +const generateJwtToken = (user) => jwt.sign({ + email: user.email, + verified: !!user.verify, + role: user.role, + }, + { + key: cert, + passphrase: process.env.RSA_PASS, + }, + { + expiresIn: parseInt(process.env.TOKEN_EXPIRES_IN), + issuer: 'pruss.it', + algorithm: 'RS256', + } +) + +// Alive +router.get("/", (_, res) => res.send("Auth service is up.") ) + +// Register +router.post('/register', async (req, res) => { + const refresh = randomBytes(32).toString('hex') + const newUser = new User({ + email: req.body.email, + password: req.body.password, + refresh, + }) + + try { + const user = await newUser.save() + const jwtToken = generateJwtToken(user) + + res.status(201).send({ jt: jwtToken, rt: refresh }) + } catch(err) { + if (err._message) { + res.status(422).send({ error: err._message }) + } else if (err.code && err.code === 11000) { + res.status(409).send({ error: 'User with this email already exist' }) + } else { + res.status(400).send({ error: 'Could not save the user' }) + } + } +}) + +// Login +router.post('/login', async (req, res) => { + try { + const user = await User.findByCredentials(req.body.email, req.body.password) + + if (!user) throw new Error() + + const refreshToken = await User.newRefreshToken(user) + + if (!refreshToken) throw new Error() + + const jwtToken = generateJwtToken(user) + + res.status(202).send({ jt: jwtToken, rt: refreshToken }) + } catch (err) { + res.status(401).send({ error: 'Could not log in.' }) + } +}) + +// Logout +router.post('/logout', async (req, res) => { + try { + const user = await User.checkRefreshToken(req.body.email, req.body.refresh) + + if (!user) throw new Error() + + await User.removeRefreshToken(user.email) + + res.status(204).send() + } catch (err) { + res.status(401).send({ error: 'Could not logout' }) + } +}) + +// Refresh token +router.post('/refresh', async (req, res) => { + try { + const user = await User.checkRefreshToken(req.body.email, req.body.refresh) + + if (!user) throw new Error() + + const newRefreshToken = await User.newRefreshToken(user) + + if (!newRefreshToken) throw new Error() + + const jwtToken = generateJwtToken(user) + + res.status(201).send({ jt: jwtToken, rt: newRefreshToken }) + } catch (err) { + res.status(401).send({ error: 'User logged out' }) + } +}) + +module.exports = router -- cgit v1.2.3