jonaszbigda/menui_backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Jonasz Bigda
2020-11-20 18:13:08 +01:00
parent 8830303fb4
commit c1eb7d87c5
2 changed files with 37 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
routes/routeUser.js
View File

@@ -15,6 +15,8 @@ const {
checkEmailTaken,
validateUserToken,
hashPass,
generateRefreshToken,
validateRefreshToken,
} = require("../services/services.js");
const { resetPassword } = require("../services/mailServices.js");
@@ -30,12 +32,23 @@ router.post("/login", async (req, res) => {
await checkPassword(req.body.password, user.password);
const safeUser = await prepareSafeUser(user);
var token = generateAuthToken(safeUser);
res.header("x-auth-token", token).status(202).send(safeUser);
var refreshToken = generateRefreshToken(user._id);
res.header("x-auth-token", token).header("ref", refreshToken).status(202).send(safeUser);
} catch (error) {
handleError(error, res);
}
});
//REFRESH_TOKEN
router.post("refreshtoken", async (req, res) => {
try {
const refreshToken = req.headers["ref"];
validateRefreshToken(refreshToken);
} catch (error) {
handleError(error, res);
}
})
// REFRESH
router.post("/refresh", async (req, res) => {
try {

24
services/services.js
View File

@@ -54,11 +54,20 @@ function generateAuthToken(user) {
restaurants: user.restaurants,
},
jwtSecret,
{ expiresIn: "1h" }
{ expiresIn: "15m" }
);
return token;
}
function generateRefreshToken(userId) {
const token = jwt.sign({
id: userId
}, jwtSecret, {
expiresIn: "1h"
});
return token;
}
function generatePasswordResetToken(email) {
const token = jwt.sign(
{
@@ -98,6 +107,17 @@ function validateUserToken(token) {
}
}
function validateRefreshToken(token) {
if (!token) throw newError("Brak dostępu", 401);
try {
const verified = jwt.verify(token, jwtSecret, { ignoreExpiration: false });
if (!verified) throw newError("Brak dostępu", 401);
return verified;
} catch (error) {
throw newError("Brak dostępu", 401);
}
}
async function validateDishId(id) {
if (!mongoose.Types.ObjectId.isValid(id)) {
throw newError("Niewłaściwy ID", 400);
@@ -174,3 +194,5 @@ exports.verifyRestaurantAccess = verifyRestaurantAccess;
exports.yearFromNowDate = yearFromNowDate;
exports.hashPass = hashPass;
exports.saveImage = saveImage;
exports.generateRefreshToken = generateRefreshToken;
exports.validateRefreshToken = validateRefreshToken;