1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
const router = require('express').Router()
const { randomBytes } = require('crypto')
const jwt = require('jsonwebtoken')
const User = require('../model/User')
const cookieParams = {
maxAge: (1000 * parseInt(process.env.TOKEN_EXPIRE_IN)),
secure: false,
httpOnly: true,
}
const generateJwtToken = (user) => jwt.sign({
email: user.email,
verified: !!user.verify,
role: user.role,
},
process.env.JWT_SECRET,
{
expiresIn: parseInt(process.env.TOKEN_EXPIRE_IN),
issuer: 'pruss.it',
algorithm: 'HS256',
}
)
// Alive
router.get("/", function (_, res) {
res.send("Service is up.")
})
// Register
router.post('/register', async (req, res) => {
const refresh = randomBytes(32).toString('hex')
const user = new User({
email: req.body.email,
password: req.body.password,
refresh,
})
try {
await user.save()
res.status(201).send(refresh)
} catch(err) {
if (err._message) {
res.status(422).send(err._message)
} else if (err.code && err.code === 11000) {
res.status(409).send('User with this email already exist')
} else {
res.status(400).send('Could not save the user')
}
}
})
// Login
router.post('/login', async (req, res) => {
try {
const user = await User.findByCredentials(req.body.email, req.body.password)
if (!user) {
throw new Error()
}
const refreshToken = await User.newRefreshToken(user)
if (!refreshToken) {
throw new Error()
}
const jwtToken = generateJwtToken(user)
res
.cookie('token', jwtToken, cookieParams)
.status(204)
.send(refreshToken)
} catch (err) {
res.status(401).send('Could not login')
}
})
// Logout
router.post('/logout', async (_, res) => {
try {
// add session check
res
.clearCookie('token')
.status(204)
.send()
} catch (err) {
res.status(401).send('Could not logout')
}
})
// Refresh token
router.post('/refresh', async (req, res) => {
try {
const user = await User.checkRefreshToken(req.body.email, req.body.refresh)
if (!user) {
throw new Error()
}
const newRefreshToken = await User.newRefreshToken(user)
if (!newRefreshToken) {
throw new Error()
}
const jwtToken = generateJwtToken(user)
res
.cookie('token', jwtToken, cookieParams)
.status(201)
.send(newRefreshToken)
} catch (err) {
res.status(401).send('User logged out')
}
})
module.exports = router
|
