From 6adb6ece4ce856acc56e3eab07b39cf8df594587 Mon Sep 17 00:00:00 2001 From: Piotr Russ Date: Sun, 22 Nov 2020 23:13:23 +0100 Subject: fixed redirect Login middleware --- app.js | 4 +-- server/db/mongoose.js | 2 +- server/middleware/auth.js | 3 +-- server/middleware/redirectIfLoggedIn.js | 25 ------------------ server/middleware/redirectLogged.js | 46 +++++++++++++++++++++++++++++++++ 5 files changed, 50 insertions(+), 30 deletions(-) delete mode 100644 server/middleware/redirectIfLoggedIn.js create mode 100644 server/middleware/redirectLogged.js diff --git a/app.js b/app.js index 4391b7f..0ee7cf7 100755 --- a/app.js +++ b/app.js @@ -7,7 +7,7 @@ require('./server/db/mongoose'); const setCookie = require('./server/helpers/setCookie'); const userRoutes = require('./server/routes/user'); const auth = require('./server/middleware/auth'); -const redirectIfLoggedIn = require('./server/middleware/redirectIfLoggedIn'); +const redirectLogged = require('./server/middleware/redirectLogged'); const app = express(); const port = process.env.PORT || 3000; @@ -23,7 +23,7 @@ app.use('/admin/', auth, express.static( { setHeaders: setCookie } )); -app.use('/login/', redirectIfLoggedIn, express.static( +app.use('/login/', redirectLogged, express.static( path.join(__dirname, 'client/login') )); diff --git a/server/db/mongoose.js b/server/db/mongoose.js index 9b89c14..8dde175 100644 --- a/server/db/mongoose.js +++ b/server/db/mongoose.js @@ -6,5 +6,5 @@ mongoose.connect( useNewUrlParser: true, useCreateIndex: true, }, - () => console.log('connected to DB') + () => console.log('Successfully connected to DB.') ); diff --git a/server/middleware/auth.js b/server/middleware/auth.js index bec113d..5c77830 100644 --- a/server/middleware/auth.js +++ b/server/middleware/auth.js @@ -17,7 +17,6 @@ const auth = async (req, res, next) => { } catch(er) { if (er.message && er.message === 'jwt expired') { const { _id, ref } = jwt.decode(token, process.env.JWT_SECRET); - console.log('reading db to login') const user = await User.findById(_id); if (!user) { @@ -27,7 +26,7 @@ const auth = async (req, res, next) => { if (user.sessions.filter(s => s.ref === ref).length > 0) { req.userId = _id; req.refreshToken = ref; - req.newToken = await user.generateJwtToken(res.req.refreshToken);; + req.newToken = await user.generateJwtToken(ref);; return next(); } diff --git a/server/middleware/redirectIfLoggedIn.js b/server/middleware/redirectIfLoggedIn.js deleted file mode 100644 index fe793f7..0000000 --- a/server/middleware/redirectIfLoggedIn.js +++ /dev/null @@ -1,25 +0,0 @@ -const jwt = require('jsonwebtoken'); -const User = require('../models/User'); - -const redirectIfLoggedIn = async (req, res, next) => { - try { - const token = req.cookies.token || ''; - - if (!token) { - throw new Error(); - } - - const decoded = jwt.verify(token, process.env.JWT_SECRET); - const user = await User.findOne({ _id: decoded._id, 'tokens.token': token }); - - if (!user) { - throw new Error(); - } - - res.redirect('/admin'); - } catch (err) { - next(); - } -}; - -module.exports = redirectIfLoggedIn; diff --git a/server/middleware/redirectLogged.js b/server/middleware/redirectLogged.js new file mode 100644 index 0000000..40a5657 --- /dev/null +++ b/server/middleware/redirectLogged.js @@ -0,0 +1,46 @@ +const jwt = require('jsonwebtoken'); +const User = require('../models/User'); + +const redirectLogged = async (req, res, next) => { + try { + const token = req.cookies.token || ''; + + if (!token) { + throw new Error(); + } + + try { + const decoded = jwt.verify(token, process.env.JWT_SECRET); + res.redirect('/admin'); + } catch(er) { + if (er.message && er.message === 'jwt expired') { + const { _id, ref } = jwt.decode(token, process.env.JWT_SECRET); + const user = await User.findById(_id); + + if (!user) { + throw new Error(); + } + + if (user.sessions.filter(s => s.ref === ref).length > 0) { + const newToken = await user.generateJwtToken(ref);; + res + .cookie('token', token, { + maxAge: parseInt(process.env.COOKIE_MAX_AGE), + secure: false, + httpOnly: true, + }) + .redirect('/admin'); + } + + throw new Error(); + } + + throw new Error(); + } + } catch (err) { + return next(); + } + +}; + +module.exports = redirectLogged; -- cgit v1.2.3