From 65939f314fec833e9734519f5d73812cc0bf5224 Mon Sep 17 00:00:00 2001
From: Jonasz Bigda <jonasz@bankai.pl>
Date: Sun, 9 Aug 2020 17:50:03 +0200
Subject: [PATCH] Fixes and upgrades (logging in / CORS headers expose /
 registering)

---
 loaders/express.js   |  2 +-
 models/restaurant.js |  3 +++
 models/users.js      | 11 ++---------
 routes/routeUser.js  | 29 +++++++++--------------------
 services/services.js | 20 ++++++++------------
 5 files changed, 23 insertions(+), 42 deletions(-)

diff --git a/loaders/express.js b/loaders/express.js
index 931d81c..bde03e9 100644
--- a/loaders/express.js
+++ b/loaders/express.js
@@ -16,7 +16,7 @@ export default ({ app, secret }) => {
     max: 100, //requests from a single IP for a time window
   });
 
-  app.use(cors());
+  app.use(cors({ exposedHeaders: "x-auth-token" }));
   app.use(helmet());
   app.use(limiter);
   app.use(bodyParser.json({ limit: "100kb" })); // limit JSON body payload size
diff --git a/models/restaurant.js b/models/restaurant.js
index ed61870..5871c2a 100644
--- a/models/restaurant.js
+++ b/models/restaurant.js
@@ -40,6 +40,9 @@ const restaurantSchema = mongoose.Schema({
   },
   phone: Number,
   hidden: Boolean,
+  subscriptionActive: Boolean,
+  subscriptionStarted: String,
+  subscriptionDue: String,
   dishes: [mongoose.Types.ObjectId],
 });
 
diff --git a/models/users.js b/models/users.js
index f62dac9..f15d06b 100644
--- a/models/users.js
+++ b/models/users.js
@@ -18,15 +18,8 @@ const userSchema = mongoose.Schema({
     type: String,
     required: true,
   },
-  restaurantId: mongoose.Types.ObjectId,
-  subscriptionActive: {
-    type: Boolean,
-    required: true,
-  },
-  subscriptionDue: {
-    type: String,
-    required: true,
-  },
+  restaurants: [mongoose.Types.ObjectId],
+  trialUsed: Boolean,
 });
 
 export default mongoose.model("User", userSchema);
diff --git a/routes/routeUser.js b/routes/routeUser.js
index b6c8bc2..787e8fe 100644
--- a/routes/routeUser.js
+++ b/routes/routeUser.js
@@ -18,7 +18,7 @@ var error = function (err) {
 
 router.post("/login", (req, res) => {
   if (req.body.password && req.body.email) {
-    services.fetchUserHash(req.body.email, (result) => {
+    services.fetchUser(req.body.email, (result) => {
       if (!result) {
         res.sendStatus(404);
       } else {
@@ -31,8 +31,14 @@ router.post("/login", (req, res) => {
             res.sendStatus(500);
           } else {
             if (result) {
-              var token = services.generateAuthToken(user);
-              res.header("x-auth-token", token).status(202).send();
+              const userNoPass = {
+                firstname: user.firstname,
+                lastname: user.lastname,
+                email: user.email,
+                id: user._id,
+              };
+              var token = services.generateAuthToken(userNoPass);
+              res.header("x-auth-token", token).status(202).send(userNoPass);
             } else {
               res.sendStatus(401);
             }
@@ -45,21 +51,6 @@ router.post("/login", (req, res) => {
   }
 });
 
-router.post("/check", (req, res) => {
-  const token = req.headers["x-auth-token"];
-  if (!token) {
-    res.sendStatus(401);
-    return;
-  }
-  services.validateUserToken(token, (result) => {
-    if (!result) {
-      res.sendStatus(401);
-    } else {
-      res.send(result);
-    }
-  });
-});
-
 router.post("/register", (req, res) => {
   services.checkEmailTaken(req.body.email, (result) => {
     if (result) {
@@ -72,8 +63,6 @@ router.post("/register", (req, res) => {
           password: hashedPass,
           firstname: req.body.firstname,
           lastname: req.body.lastname,
-          subscriptionActive: true,
-          subscriptionDue: services.halfYearFromNowDate(),
         });
         user.save((err) => {
           if (err) {
diff --git a/services/services.js b/services/services.js
index fb10bd1..76540e4 100644
--- a/services/services.js
+++ b/services/services.js
@@ -22,7 +22,7 @@ export function validateRestaurant(id, callback) {
   } else callback(false);
 }
 
-export function fetchUserHash(email, callback) {
+export function fetchUser(email, callback) {
   User.findOne({ email: email }, (err, res) => {
     if (err || res === null) {
       callback(false);
@@ -34,7 +34,13 @@ export function fetchUserHash(email, callback) {
 
 export function generateAuthToken(user) {
   const token = jwt.sign(
-    { email: user.email, subcsriptionActive: user.subscriptionActive },
+    {
+      email: user.email,
+      firstname: user.firstname,
+      lastname: user.lastname,
+      id: user._id,
+      restaurants: user.restaurants,
+    },
     jwtSecret,
     { expiresIn: "1h" }
   );
@@ -224,16 +230,6 @@ export function composeNewContact(request) {
         name: "UserID",
         value: request._id,
       },
-      {
-        type: "CUSTOM",
-        name: "Subscription Started",
-        value: toShortDate(dateNow),
-      },
-      {
-        type: "CUSTOM",
-        name: "Subscription Due",
-        value: request.subscriptionDue,
-      },
     ],
   };