-
Notifications
You must be signed in to change notification settings - Fork 0
/
userController.js
130 lines (116 loc) · 4.21 KB
/
userController.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
import bcrypt from "bcrypt";
import jwt from "jsonwebtoken";
import dotenv from "dotenv";
dotenv.config();
import User from "../models/userModel.js";
import RefreshToken from "../models/refreshTokenModel.js";
const accessToken = id => {
return jwt.sign({ userId: id }, process.env.ACCESS_TOKEN_SECRET, {
expiresIn: "30s"
});
};
const refreshToken = id => {
return jwt.sign({ userId: id }, process.env.REFRESH_TOKEN_SECRET);
};
export const getRefreshToken = async (req, res) => {
console.log(req.body);
const refreshTkn = req.body.refreshToken;
if (!refreshTkn) {
return res.status(401).json("Token is required!");
}
const decode = jwt.verify(refreshTkn, process.env.REFRESH_TOKEN_SECRET);
if (!decode) {
return res.status(403).json("Invalid token");
}
const user_id = decode.id;
const findToken = await RefreshToken.findOne({ token: refreshTkn });
if (!findToken) {
return res.status(403).json("Token has been expired. Sign in again.");
} else {
const newAccessToken = accessToken(user_id);
const newRefreshToken = refreshToken(user_id);
let new_token = await RefreshToken.findOneAndUpdate(
{ token: refreshTkn },
{ token: newRefreshToken },
{ new: true }
);
res.status(200).json({ newAccessToken, newRefreshToken });
}
};
export const createUser = async (req, res) => {
//destructure your user info from the request body object
const { email, password, confirmPassword, firstName, lastName } = req.body;
try {
//ensure the user doesn't already exist in the db before creating new user
const existingUser = await User.findOne({ email });
if (existingUser)
return res.status(400).json({ message: "User already exists" });
//although there should be client side validation, run on server as well to be sure
if (password !== confirmPassword)
return res.status(400).json({ message: "Passwords don't match" });
//create a hashed password using bcrypt
const hashedPassword = await bcrypt.hash(password, 10);
//create a document with the user data using the User Model
const result = await User.create({
email,
password: hashedPassword,
name: `${firstName} ${lastName}`
});
//generate a jwt access token
//https://www.npmjs.com/package/jsonwebtoken
const newAccessTkn = accessToken(result._id);
const newRefreshTkn = refreshToken(result._id);
const generateNewRefreshToken = await RefreshToken.create({
token: newRefreshTkn,
user: result._id
});
res.status(200).json({
accessToken: newAccessTkn,
refreshToken: newRefreshTkn,
generateNewRefreshToken: generateNewRefreshToken
});
} catch (error) {
res.status(500).json({ message: "something went wrong" });
}
};
export const loginUser = async (req, res) => {
// destructure data from req.body
const { email, password } = req.body;
try {
//https://mongoosejs.com/docs/api.html#model_Model-find
const loginUser = await User.findOne({ email });
//if no user exists send back failure response
if (!loginUser) return res.status(400).send("Cannot find user");
//get the hashed password from the db response
const hashedPassword = loginUser.password;
//create the jwtUser object to create tokens with
const jwtUserID = loginUser.id;
//check that the password is correct and store in a const variable to use as truthy/falsy conditional
const passwordCorrect = await bcrypt.compare(password, hashedPassword);
const newAccessTkn = accessToken(jwtUserID);
const newRefreshTkn = refreshToken(jwtUserID);
const findToken = await RefreshToken.findOne({ user: jwtUserID });
if (passwordCorrect) {
if (!findToken) {
const generateNewRefreshToken = await RefreshToken.create({
token: newRefreshTkn,
user: jwtUserID
});
} else {
let existingUserToken = await RefreshToken.findOneAndUpdate(
{ user: jwtUserID },
{ token: newRefreshTkn },
{ new: true }
);
}
res.status(200).json({
newAccessTkn: newAccessTkn,
newRefreshTkn: newRefreshTkn
});
} else {
res.send("Password incorrect");
}
} catch (error) {
res.status(500).send(error);
}
};