-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapp.js
More file actions
135 lines (94 loc) · 3.94 KB
/
app.js
File metadata and controls
135 lines (94 loc) · 3.94 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
const PORT = process.env.PORT || 3000;
let express = require("express");
const recordRoutes = express.Router();
let app = express();
app.use(express.json({limit: "50mb"}));
app.use(express.urlencoded({
extended: true,
limit: "50mb"
}));
var cors = require("cors");
app.use(cors({origin: '*'}));
app.use('/', recordRoutes);
app.get("/", (req, res) => {
res.send("Server Monkeys Backend Production");
});
require('./src/models')
app.listen(PORT, function() {
console.log(`Listening on Port ${PORT}`);
});
const userRouter = require ("./src/routes/userRouter")
app.use('/users', userRouter)
const loanRouter = require("./src/routes/loanRouter")
app.use('/loans', loanRouter)
const itemRouter = require("./src/routes/itemRouter")
app.use('/items', itemRouter)
const dashboardRouter = require("./src/routes/dashboardRouter")
app.use('/dashboard', dashboardRouter)
require("dotenv").config()
const user = require("./src/models/userModel");
var mongoose = require('mongoose');
require('./src/models')
const jwt = require("jsonwebtoken")
const bcrypt = require ('bcrypt')
app.use(express.json())
app.post("/login", async(req,res) => {
const result = await user.find({login_email: req.body.login_email}).lean()
console.log(result)
if (result.length == 0 ) {res.status(404).send("User not found")}
const final = {}
const accessToken = generateAccessToken ({user: result[0]._id})
const refreshToken = generateRefreshToken ({user: result[0]._id})
final.accessToken = accessToken
final.refreshToken = refreshToken
final.hashed_password = result[0].hashed_password
res.json(final)
})
// accessTokens
function generateAccessToken(user) {
return jwt.sign(user, process.env.ACCESS_TOKEN_SECRET, {expiresIn: "15m"})
}
// refreshTokens
let refreshTokens = []
function generateRefreshToken(user) {
const refreshToken = jwt.sign(user, process.env.REFRESH_TOKEN_SECRET, {expiresIn: "20m"})
refreshTokens.push(refreshToken)
return refreshToken }
app.get("/", (req, res) => {
res.send("Authen server testing");
});
// call this after every 15mins
app.post("/refreshToken", (req,res) => {
if (!refreshTokens.includes(req.body.token)) res.status(400).send("Refresh Token Invalid")
refreshTokens = refreshTokens.filter( (c) => c != req.body.token)
//remove the old refreshToken from the refreshTokens list
const accessToken = generateAccessToken ({user: req.body.uid})
const refreshToken = generateRefreshToken ({user: req.body.uid})
//generate new accessToken and refreshTokens
res.json ({accessToken: accessToken, refreshToken: refreshToken})
})
app.delete("/logout", (req,res)=>{
refreshTokens = refreshTokens.filter( (c) => c != req.body.token)
//remove the old refreshToken from the refreshTokens list
res.status(204).send("Logged out!")
})
app.get("/posts", validateToken, (req, res)=>{
console.log("Token is valid")
res.send('Token is valid')
})
function validateToken(req, res, next) {
//get token from request header
const authHeader = req.headers["authorization"]
const token = authHeader.split(" ")[1]
//the request header contains the token "Bearer <token>", split the string and use the second value in the split array.
if (token == null) res.sendStatus(400).send("Token not present")
jwt.verify(token, process.env.ACCESS_TOKEN_SECRET, (err, user) => {
if (err) {
res.status(403).send("Token invalid")
}
else {
req.user = user
next() //proceed to the next action in the calling function
}
}) //end of jwt.verify()
} //end of function