1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
const mongoose = require('mongoose')
const bcrypt = require('bcryptjs')
const { randomBytes } = require('crypto')
const userSchema = new mongoose.Schema({
email: {
type: String,
trim: true,
lowercase: true,
unique: true,
required: true,
min: 4,
max: 255,
validate: {
validator: v => /^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/.test(v),
message: "Please enter a valid email"
},
},
password: {
type: String,
required: true,
max: 1024,
min: 6,
},
verify: {
type: String,
default: randomBytes(3).toString('hex'),
},
role: {
type: String,
max: 16,
min: 3,
default: 'user',
},
sessions: [{
device: { type: String, maxlength: 128, default: "Unknown" },
refreshToken: { type: String, required: true, max: 1024, min: 6 },
updatedAt: { type: Date, default: Date.now },
}],
createdAt: {
type: Date,
default: Date.now,
},
})
userSchema.statics.checkRefreshToken = async ({ email, sessionId, refreshToken }) => {
if (!email || !sessionId || !refreshToken) throw new Error('Wrong request')
const user = await User.findOne({ email })
if (!user) throw new Error('User not found')
console.log(user)
const session = user.sessions.find(s => s._id.toString() === sessionId)
if (!session) throw new Error('Session not found')
const isMatch = await bcrypt.compare(refreshToken, session.refreshToken)
if (!isMatch) throw new Error('Wrong refresh token')
return user
}
userSchema.statics.newSession = async ({ email, password, device }) => {
const user = await User.findOne({ email })
if (!user) throw new Error('Unable to login')
const isMatch = await bcrypt.compare(password, user.password)
if (!isMatch) throw new Error('Unable to login')
const refreshToken = randomBytes(32).toString('hex')
user.sessions.push({ device, refreshToken: await bcrypt.hash(refreshToken, 8) })
const newUser = await user.save()
return { user: newUser, refreshToken }
}
userSchema.statics.refreshExistingToken = async ({ user, sessionId }) => {
const newRefreshToken = randomBytes(32).toString('hex')
const id = user.sessions.findIndex(s => s._id.toString() === sessionId);
if (!id) throw new Error('Wrong session id')
user.sessions[id].refreshToken = await bcrypt.hash(newRefreshToken, 8)
await user.save()
return newRefreshToken
}
userSchema.statics.removeSession = async ({ email, sessionId }) => (
await User.findOneAndUpdate(
{ email },
{ $pull: { sessions: { _id: sessionId } } },
{ safe: true, multi: false }
)
)
userSchema.statics.getSessions = async ({ email }) => {
const user = await User.findOne({ email })
if (!user) throw new Error('User not found')
return user.sessions
}
userSchema.pre('save', async function(next){
const user = this
if (user.isModified('password')) {
user.password = await bcrypt.hash(user.password, 8)
}
next()
})
const User = mongoose.model('User', userSchema)
module.exports = User
|
