From bdb0762696ccf028c30b2957b93a01da7bf67571 Mon Sep 17 00:00:00 2001
From: piotrruss <mail@pruss.it>
Date: Thu, 10 Aug 2023 18:42:20 +0200
Subject: init commit

---
 routes/auth.js | 119 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 119 insertions(+)
 create mode 100644 routes/auth.js

(limited to 'routes')

diff --git a/routes/auth.js b/routes/auth.js
new file mode 100644
index 0000000..389c01b
--- /dev/null
+++ b/routes/auth.js
@@ -0,0 +1,119 @@
+const router = require('express').Router()
+const { randomBytes } = require('crypto')
+const jwt = require('jsonwebtoken')
+const User = require('../model/User')
+
+const cookieParams = {
+  maxAge: (1000 * parseInt(process.env.TOKEN_EXPIRE_IN)),
+  secure: false,
+  httpOnly: true,
+}
+
+const generateJwtToken = (user) => jwt.sign({
+    email: user.email,
+    verified: !!user.verify,
+    role: user.role,
+  },
+  process.env.JWT_SECRET,
+  {
+    expiresIn: parseInt(process.env.TOKEN_EXPIRE_IN),
+    issuer: 'pruss.it',
+    algorithm: 'HS256',
+  }
+)
+
+// Alive
+router.get("/", function (_, res) {
+  res.send("Service is up.")
+})
+
+// Register
+router.post('/register', async (req, res) => {
+  const refresh = randomBytes(32).toString('hex')
+  const user = new User({
+    email: req.body.email,
+    password: req.body.password,
+    refresh,
+  })
+
+  try {
+    await user.save()
+    res.status(201).send(refresh)
+  } catch(err) {
+    if (err._message) {
+      res.status(422).send(err._message)
+    } else if (err.code && err.code === 11000) {
+      res.status(409).send('User with this email already exist')
+    } else {
+      res.status(400).send('Could not save the user')
+    }
+  }
+})
+
+// Login
+router.post('/login', async (req, res) => {
+  try {
+    const user = await User.findByCredentials(req.body.email, req.body.password)
+
+    if (!user) {
+      throw new Error()
+    }
+
+    const refreshToken = await User.newRefreshToken(user)
+
+    if (!refreshToken) {
+      throw new Error()
+    }
+
+    const jwtToken = generateJwtToken(user)
+
+    res
+      .cookie('token', jwtToken, cookieParams)
+      .status(204)
+      .send(refreshToken)
+  } catch (err) {
+    res.status(401).send('Could not login')
+  }
+})
+
+// Logout
+router.post('/logout', async (_, res) => {
+  try {
+    // add session check
+
+    res
+      .clearCookie('token')
+      .status(204)
+      .send()
+  } catch (err) {
+    res.status(401).send('Could not logout')
+  }
+})
+
+// Refresh token
+router.post('/refresh', async (req, res) => {
+  try {
+    const user = await User.checkRefreshToken(req.body.email, req.body.refresh)
+
+    if (!user) {
+      throw new Error()
+    }
+
+    const newRefreshToken = await User.newRefreshToken(user)
+
+    if (!newRefreshToken) {
+      throw new Error()
+    }
+
+    const jwtToken = generateJwtToken(user)
+
+    res
+      .cookie('token', jwtToken, cookieParams)
+      .status(201)
+      .send(newRefreshToken)
+  } catch (err) {
+    res.status(401).send('User logged out')
+  }
+})
+
+module.exports = router
-- 
cgit v1.2.3