const router = require('express').Router();router.get('/password/validate/:hash

1. const router = require('express').Router();
2. router.get('/password/validate/:hash', PasswordController.validate);
3. router.post('/password/update', PasswordController.update);
4.  
5. // Import node packages
6. const mongoose = require('mongoose');
7. const Password = require('../models/password');
8. const User = require('../models/user');
9. const bcrypt = require('bcryptjs');
10. const moment = require('moment');
11. const string = require('../middleware/string_functions')
12.  
13. exports.update = (req, res, next) => {
14. User.findOne({ email: req.body.email })
15. .exec()
16. .then(user => {
17. if (!user) {
18. res.status(401).json({
19. message: 'Cannot retrieve account'
20. })
21. }
22. const expiry = moment().add(30, 'seconds');
23. const unique_string = string.generate_random(32);
24. const url_hash = string.base64_encode(unique_string +':'+ user._id);
25. bcrypt.hash(unique_string, 10, (err, hash) => {
26. if (err) {
27. res.status(500).json({
28. error: err.message
29. })
30. }
31. const query = { user_id: user._id }
32. const newData = {
33. hash,
34. expiry
35. }
36. Password.findOneAndUpdate(query, newData, { upsert: true, new: true })
37. .exec()
38. .then(request => {
39. res.status(201).json({
40. message: 'success',
41. url: 'localhost:8081/users/password/validate/' + url_hash,
42. data: request
43. })
44. })
45. .catch(err => {
46. res.status(500).json({
47. error: err.message
48. })
49. })
50. })
51. })
52. .catch(err => {
53. res.status(500).json({
54. error: err.message
55. })
56. })
57. }
58.  
59. exports.validate = (req, res, next) => {
60. if (!req.params.hash) {
61. res.status(500).json({
62. error: 'Missing hash'
63. })
64. }
65. const data = string.base64_decode(req.params.hash).split(':');
66. console.log(data)
67. Password.findOne({ user_id: data[1] })
68. .exec()
69. .then(request => {
70. if (!request) {
71. res.status(404).json({
72. message: 'Change request not found or expired'
73. })
74. }
75. bcrypt.compare( data[0], request.hash, (err, result) => {
76. if (err) {
77. res.status(500).json({
78. error: err.message
79. })
80. }
81. if (result) {
82. if (moment().isAfter(request.expiry)) {
83. res.status(401).json({
84. message: 'Time has expired'
85. })
86. }
87. res.status(200).json({
88. message: 'Hash validation successful'
89. })
90. }
91. res.status(500).json({
92. error: 'Something went wrong'
93. })
94. })
95. })
96. .catch(err => {
97. res.status(500).json({
98. error: err.message
99. })
100. })
101. }
102.  
103. _http_outgoing.js:494
104. throw new Error('Can't set headers after they are sent.');
105. ^
106.  
107. Error: Can't set headers after they are sent.
108. at validateHeader (_http_outgoing.js:494:11)
109. at ServerResponse.setHeader (_http_outgoing.js:501:3)
110. at ServerResponse.header (/Users/chrislloyd/Development/Projects/happy-hour-api/node_modules/express/lib/response.js:767:10)
111. at ServerResponse.send (/Users/chrislloyd/Development/Projects/happy-hour-api/node_modules/express/lib/response.js:170:12)
112. at ServerResponse.json (/Users/chrislloyd/Development/Projects/happy-hour-api/node_modules/express/lib/response.js:267:15)
113. at bcrypt.compare (/Users/chrislloyd/Development/Projects/happy-hour-api/api/controllers/passwords.js:83:22)
114. at /Users/chrislloyd/Development/Projects/happy-hour-api/node_modules/bcryptjs/dist/bcrypt.js:297:21
115. at /Users/chrislloyd/Development/Projects/happy-hour-api/node_modules/bcryptjs/dist/bcrypt.js:1353:21
116. at Immediate.next [as _onImmediate] (/Users/chrislloyd/Development/Projects/happy-hour-api/node_modules/bcryptjs/dist/bcrypt.js:1233:21)
117. at runCallback (timers.js:789:20)
118. at tryOnImmediate (timers.js:751:5)
119. at processImmediate [as _immediateCallback] (timers.js:722:5)