From 4569b85489e863465395f84e995dd3fdc44471b4 Mon Sep 17 00:00:00 2001 From: Piotr Russ Date: Sun, 22 Nov 2020 13:49:09 +0100 Subject: implement refresh tokens --- server/routes/user.js | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) (limited to 'server/routes') diff --git a/server/routes/user.js b/server/routes/user.js index d1100bc..b3bdee3 100644 --- a/server/routes/user.js +++ b/server/routes/user.js @@ -1,14 +1,19 @@ const router = require('express').Router(); const User = require('../models/User'); const auth = require('../middleware/auth'); +const jwt = require('jsonwebtoken'); + +router.get('/me', auth, async (req, res) => { + const user = await User.findById(req.userId); + res.json({ email: user.email }); +}) router.post('/register', async (req, res) => { const user = new User(req.body); try { await user.save(); - const token = await user.generateAuthToken(); - res.status(201).send({ user, token }); + res.status(201).send({ email: user.email }); } catch(err) { if (err._message) { res.status(422).send(err._message); @@ -23,10 +28,10 @@ router.post('/register', async (req, res) => { router.post('/login', async (req, res) => { try { const user = await User.findByCredentials(req.body.email, req.body.password); - const token = await user.generateAuthToken(); + const token = await user.generateJwtToken(); res .cookie('token', token, { - expires: new Date(Date.now() + 604800000), + maxAge: 604800000, secure: false, httpOnly: true, }) @@ -39,12 +44,12 @@ router.post('/login', async (req, res) => { router.post('/logout', auth, async (req, res) => { try { - req.user.tokens = req.user.tokens.filter((token) => { - return token.token !== req.token; - }); - await req.user.save(); - - res.status(204).send(); + const user = await User.findById(req.userId); + await user.endSession(req.refreshToken); + res + .clearCookie('token') + .status(204) + .send(); } catch (err) { res.status(500).send(); } -- cgit v1.2.3