Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- const router = require('express').Router();
- router.get('/password/validate/:hash', PasswordController.validate);
- router.post('/password/update', PasswordController.update);
- // Import node packages
- const mongoose = require('mongoose');
- const Password = require('../models/password');
- const User = require('../models/user');
- const bcrypt = require('bcryptjs');
- const moment = require('moment');
- const string = require('../middleware/string_functions')
- exports.update = (req, res, next) => {
- User.findOne({ email: req.body.email })
- .exec()
- .then(user => {
- if (!user) {
- res.status(401).json({
- message: 'Cannot retrieve account'
- })
- }
- const expiry = moment().add(30, 'seconds');
- const unique_string = string.generate_random(32);
- const url_hash = string.base64_encode(unique_string +':'+ user._id);
- bcrypt.hash(unique_string, 10, (err, hash) => {
- if (err) {
- res.status(500).json({
- error: err.message
- })
- }
- const query = { user_id: user._id }
- const newData = {
- hash,
- expiry
- }
- Password.findOneAndUpdate(query, newData, { upsert: true, new: true })
- .exec()
- .then(request => {
- res.status(201).json({
- message: 'success',
- url: 'localhost:8081/users/password/validate/' + url_hash,
- data: request
- })
- })
- .catch(err => {
- res.status(500).json({
- error: err.message
- })
- })
- })
- })
- .catch(err => {
- res.status(500).json({
- error: err.message
- })
- })
- }
- exports.validate = (req, res, next) => {
- if (!req.params.hash) {
- res.status(500).json({
- error: 'Missing hash'
- })
- }
- const data = string.base64_decode(req.params.hash).split(':');
- console.log(data)
- Password.findOne({ user_id: data[1] })
- .exec()
- .then(request => {
- if (!request) {
- res.status(404).json({
- message: 'Change request not found or expired'
- })
- }
- bcrypt.compare( data[0], request.hash, (err, result) => {
- if (err) {
- res.status(500).json({
- error: err.message
- })
- }
- if (result) {
- if (moment().isAfter(request.expiry)) {
- res.status(401).json({
- message: 'Time has expired'
- })
- }
- res.status(200).json({
- message: 'Hash validation successful'
- })
- }
- res.status(500).json({
- error: 'Something went wrong'
- })
- })
- })
- .catch(err => {
- res.status(500).json({
- error: err.message
- })
- })
- }
- _http_outgoing.js:494
- throw new Error('Can't set headers after they are sent.');
- ^
- Error: Can't set headers after they are sent.
- at validateHeader (_http_outgoing.js:494:11)
- at ServerResponse.setHeader (_http_outgoing.js:501:3)
- at ServerResponse.header (/Users/chrislloyd/Development/Projects/happy-hour-api/node_modules/express/lib/response.js:767:10)
- at ServerResponse.send (/Users/chrislloyd/Development/Projects/happy-hour-api/node_modules/express/lib/response.js:170:12)
- at ServerResponse.json (/Users/chrislloyd/Development/Projects/happy-hour-api/node_modules/express/lib/response.js:267:15)
- at bcrypt.compare (/Users/chrislloyd/Development/Projects/happy-hour-api/api/controllers/passwords.js:83:22)
- at /Users/chrislloyd/Development/Projects/happy-hour-api/node_modules/bcryptjs/dist/bcrypt.js:297:21
- at /Users/chrislloyd/Development/Projects/happy-hour-api/node_modules/bcryptjs/dist/bcrypt.js:1353:21
- at Immediate.next [as _onImmediate] (/Users/chrislloyd/Development/Projects/happy-hour-api/node_modules/bcryptjs/dist/bcrypt.js:1233:21)
- at runCallback (timers.js:789:20)
- at tryOnImmediate (timers.js:751:5)
- at processImmediate [as _immediateCallback] (timers.js:722:5)
Add Comment
Please, Sign In to add comment