Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/auth jwt #1

Merged
merged 10 commits into from
Jul 31, 2022
Merged

Feature/auth jwt #1

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
4f007c3
server / mongodb setup
Daniel-Workman Jul 19, 2022
a9b79be
working on auth and jwt
Daniel-Workman Jul 20, 2022
c8d75e1
psuedo code update
Daniel-Workman Jul 20, 2022
70be872
auth / jwt gen complete. Next steps mongodb implementation
Daniel-Workman Jul 26, 2022
9686427
mongodb added in to handle refresh tokens
Daniel-Workman Jul 26, 2022
5ebda7c
client auth form for testing
Daniel-Workman Jul 27, 2022
5887ce6
working on client side
Daniel-Workman Jul 28, 2022
6f6a420
working with cookies and header
Daniel-Workman Jul 28, 2022
81caa5a
got it working correctly
Daniel-Workman Jul 31, 2022
3de0089
completed app and added comments
Daniel-Workman Jul 31, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
mongodb added in to handle refresh tokens
  • Loading branch information
@Daniel-Workman
Daniel-Workman committed Jul 26, 2022
commit 9686427ac5b263d1084620f3689c43cabc874ae7
64 changes: 49 additions & 15 deletions server/controllers/userController.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import dotenv from "dotenv";
dotenv.config();

import User from "../models/userModel.js";
import RefreshToken from "../models/refreshTokenModel.js";

const accessToken = id => {
return jwt.sign({ userId: id }, process.env.ACCESS_TOKEN_SECRET, {
Expand All @@ -18,14 +19,27 @@ const refreshToken = id => {

export const getRefreshToken = async (req, res) => {
const refreshTkn = req.body.refreshToken;
if (!refreshTkn) {
return res.status(401).json("Token is required!");
}
const decode = jwt.verify(refreshTkn, process.env.REFRESH_TOKEN_SECRET);
if (!decode) {
return res.status(403).json("Invalid token");
}
const user_id = decode.id;
const newAccessToken = accessToken(user_id);
const newRefreshToken = refreshToken(user_id);
res.status(200).json({ newAccessToken, newRefreshToken });
const findToken = await RefreshToken.findOne({ token: refreshTkn });
if (!findToken) {
return res.status(403).json("Token has been expired. Sign in again.");
} else {
const newAccessToken = accessToken(user_id);
const newRefreshToken = refreshToken(user_id);
let new_token = await RefreshToken.findOneAndUpdate(
{ token: refreshTkn },
{ token: newRefreshToken },
{ new: true }
);
res.status(200).json({ newAccessToken, newRefreshToken });
}
};

export const createUser = async (req, res) => {
Expand All @@ -48,13 +62,22 @@ export const createUser = async (req, res) => {
password: hashedPassword,
name: `${firstName} ${lastName}`
});

//generate a jwt access token
//https://www.npmjs.com/package/jsonwebtoken
const newAccessTkn = accessToken(result._id);
const newRefreshTkn = refreshToken(result._id);
res
.status(200)
.json({ accessToken: newAccessTkn, refreshToken: newRefreshTkn });

const generateNewRefreshToken = await RefreshToken.create({
token: newRefreshTkn,
user: result._id
});

res.status(200).json({
accessToken: newAccessTkn,
refreshToken: newRefreshTkn,
generateNewRefreshToken: generateNewRefreshToken
});
} catch (error) {
res.status(500).json({ message: "something went wrong" });
}
Expand All @@ -75,19 +98,30 @@ export const loginUser = async (req, res) => {
//check that the password is correct and store in a const variable to use as truthy/falsy conditional
const passwordCorrect = await bcrypt.compare(password, hashedPassword);

const newAccessTkn = accessToken(jwtUserID);
const newRefreshTkn = refreshToken(jwtUserID);
const findToken = await RefreshToken.findOne({ user: jwtUserID });

if (passwordCorrect) {
// let accessToken = jwt.sign(jwtUser, process.env.ACCESS_TOKEN_SECRET, {
// expiresIn: "10m"
// });
// let refreshToken = jwt.sign(jwtUser, process.env.REFRESH_TOKEN_SECRET);
const newAccessTkn = accessToken(jwtUserID);
const newRefreshTkn = refreshToken(jwtUserID);
if (!findToken) {
const generateNewRefreshToken = await RefreshToken.create({
token: newRefreshTkn,
user: jwtUserID
});
} else {
let existingUserToken = await RefreshToken.findOneAndUpdate(
{ user: jwtUserID },
{ token: newRefreshTkn },
{ new: true }
);
}

res.status(200).json({
accessToken: newAccessTkn,
refreshToken: newRefreshTkn
newAccessTkn: newAccessTkn,
newRefreshTkn: newRefreshTkn
});
} else {
res.send("Not Allowed");
res.send("Password incorrect");
}
} catch (error) {
res.status(500).send(error);
Expand Down
15 changes: 15 additions & 0 deletions server/models/refreshTokenModel.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
import mongoose from "mongoose";
//destructure what we need from mongoose
const { Schema, model } = mongoose;

const refreshTokenSchema = new Schema({
//https://mongoosejs.com/docs/api.html#schematype_SchemaType-required
token: { type: String },
user: {
type: mongoose.Schema.Types.ObjectId,
ref: "User"
}
});

const RefreshToken = model("RefreshToken", refreshTokenSchema, "tokens");
export default RefreshToken;