API tools faq
paste
Advertisement
Guest User

Auth

a guest
Feb 14th, 2017
141
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 4.80 KB | None | 0 0
raw download clone embed print report
  1. /**
  2.  * Created by jeanpierre on 14/02/17.
  3.  */
  4.  
  5. const express = require('express');
  6. const crypto = require('crypto');
  7. const nc = require('nconf');
  8. const jwt = require('jsonwebtoken');
  9.  
  10. const User = require('../models/User');
  11.  
  12. const Secret = nc.get('SECRET');
  13.  
  14. module.exports = function(app) {
  15.     'use strict';
  16.     let router = express.Router();
  17.     // Register
  18.     router.route('/register/')
  19.         .post(async function(req, res, next) {
  20.             let user = req.body.user;
  21.             let password = req.body.password;
  22.             let userFound = await User.findOne({user: user});
  23.  
  24.             if(userFound) {
  25.                 res.json({ error: 'Username already registered.'});
  26.                 return null;
  27.             }
  28.  
  29.             let hashedPassword = crypto.createHmac('sha256', Secret)
  30.                 .update(password)
  31.                 .digest('hex');
  32.             // Secret key for RefreshToken
  33.             let privateKey = crypto.createHmac('sha256', hashedPassword)
  34.                 .update(user)
  35.                 .digest('hex');
  36.  
  37.             let registeredUser = new User();
  38.             registeredUser.user = user;
  39.             registeredUser.password = hashedPassword;
  40.             registeredUser.key = privateKey;
  41.  
  42.             await registeredUser.save();
  43.  
  44.             let newAccessToken = jwt.sign({
  45.                 id: userFound.id,
  46.                 user: userFound.user
  47.             }, Secret, { expiresIn: 60 * 15 });
  48.             res.json({ message: {
  49.                 user: userFound.user,
  50.                 refreshToken: jwt.sign({
  51.                     id: userFound.id,
  52.                     user: userFound.user,
  53.                     accessToken: newAccessToken
  54.                 }, userFound.key, { expiresIn: 60 * 60 * 12 }),
  55.                 accessToken: newAccessToken
  56.             }});
  57.             return null;
  58.         });
  59.  
  60.     router.route('/login/')
  61.         .post(async function(req, res, next) {
  62.             let user = req.body.user;
  63.             let password = crypto.createHmac('sha256', Secret)
  64.                 .update(req.body.password)
  65.                 .digest('hex');
  66.             let userFound = await User.findOne({user: user, password: password});
  67.  
  68.             if(!userFound) {
  69.                 res.json({ error: 'Invalid User or Password.'});
  70.                 return null;
  71.             }
  72.  
  73.             let newAccessToken = jwt.sign({
  74.                 id: userFound.id,
  75.                 user: userFound.user
  76.             }, Secret, { expiresIn: 60 * 15 });
  77.             res.json({ message: {
  78.                 user: userFound.user,
  79.                 refreshToken: jwt.sign({
  80.                     id: userFound.id,
  81.                     user: userFound.user,
  82.                     accessToken: newAccessToken
  83.                 }, userFound.key, { expiresIn: 60 * 60 * 12 }),
  84.                 accessToken: newAccessToken
  85.             }});
  86.  
  87.             return null;
  88.         });
  89.  
  90.     router.route('/token/')
  91.         .post(async function(req, res, next) {
  92.             let accessToken = req.body.accessToken;
  93.             let refreshToken = req.body.refreshToken;
  94.  
  95.             let accessTokenExpired = false;
  96.             try {
  97.                 jwt.verify(accessToken, Secret);
  98.             } catch (e) {
  99.                 accessTokenExpired = e.name === "TokenExpiredError";
  100.             }
  101.             if(!accessTokenExpired) {
  102.                 res.json({error: "Cannot get new tokens."});
  103.                 return null;
  104.             }
  105.  
  106.             let decodedAccessToken = jwt.decode(accessToken, Secret);
  107.             let userFound = await User.findOne({_id: decodedAccessToken.id});
  108.             if(!userFound) {
  109.                 res.json({error: "Cannot get new tokens."});
  110.                 return null;
  111.             }
  112.  
  113.             let decodedRefreshToken;
  114.             try {
  115.                 decodedRefreshToken = jwt.verify(refreshToken, userFound.key);
  116.             } catch (e) {
  117.                 res.json({error: "Cannot get new tokens."});
  118.                 return null;
  119.             }
  120.  
  121.             if(decodedAccessToken.id !== decodedRefreshToken.id
  122.                 || decodedRefreshToken.accessToken !== accessToken) {
  123.                 res.json({error: "Cannot get new tokens."});
  124.                 return null;
  125.             }
  126.  
  127.             let newAccessToken = jwt.sign({
  128.                     id: userFound.id,
  129.                     user: userFound.user
  130.                 }, Secret, { expiresIn: 60 * 15 });
  131.             res.json({ message: {
  132.                 refreshToken: jwt.sign({
  133.                     id: userFound.id,
  134.                     user: userFound.user,
  135.                     accessToken: newAccessToken
  136.                 }, userFound.key, { expiresIn: 60 * 60 * 12 }),
  137.                 accessToken: newAccessToken
  138.             }});
  139.             return null;
  140.         });
  141.     app.use('/api/auth/', router);
  142. };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!