API tools faq
paste
Advertisement
Guest User

Example

a guest
Feb 14th, 2017
117
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 4.76 KB | None | 0 0
raw download clone embed print report
  1. /**
  2.  * Created by jeanpierre on 12/02/17.
  3.  */
  4.  
  5. const express = require('express');
  6. const crypto = require('crypto');
  7. const nc = require('nconf');
  8. const jwt = require('jsonwebtoken');
  9.  
  10. const User = require('../models/User');
  11.  
  12. const Secret = nc.get('SECRET');
  13.  
  14. module.exports = function(app) {
  15.     'use strict';
  16.     let router = express.Router();
  17.  
  18.     router.route('/register/')
  19.         .post(async function(req, res, next) {
  20.  
  21.             let user = req.body.user;
  22.             let password = req.body.password;
  23.  
  24.             let userFound = await User.findOne({user: user});
  25.  
  26.             if(userFound) {
  27.                 res.json({ error: 'Username already registered.'});
  28.                 return null;
  29.             }
  30.  
  31.             let hashedPassword = crypto.createHmac('sha256', Secret)
  32.                 .update(password)
  33.                 .digest('hex');
  34.  
  35.             let privateKey = crypto.createHmac('sha256', hashedPassword)
  36.                 .update(user)
  37.                 .digest('hex');
  38.  
  39.             let registeredUser = new User();
  40.             registeredUser.user = user;
  41.             registeredUser.password = hashedPassword;
  42.             registeredUser.key = privateKey;
  43.  
  44.             await registeredUser.save();
  45.  
  46.             let newAccessToken = jwt.sign({
  47.                 id: userFound.id,
  48.                 user: userFound.user
  49.             }, Secret, { expiresIn: 60 * 15 });
  50.             res.json({ message: {
  51.                 user: userFound.user,
  52.                 refreshToken: jwt.sign({
  53.                     id: userFound.id,
  54.                     user: userFound.user,
  55.                     accessToken: newAccessToken
  56.                 }, userFound.key, { expiresIn: 60 * 60 * 12 }),
  57.                 accessToken: newAccessToken
  58.             }});
  59.             return null;
  60.         });
  61.  
  62.     router.route('/login/')
  63.         .post(async function(req, res, next) {
  64.             let user = req.body.user;
  65.             let password = crypto.createHmac('sha256', Secret)
  66.                 .update(req.body.password)
  67.                 .digest('hex');
  68.             let userFound = await User.findOne({user: user, password: password});
  69.  
  70.             if(!userFound) {
  71.                 res.json({ error: 'Invalid User or Password.'});
  72.                 return null;
  73.             }
  74.  
  75.             let newAccessToken = jwt.sign({
  76.                 id: userFound.id,
  77.                 user: userFound.user
  78.             }, Secret, { expiresIn: 60 * 15 });
  79.             res.json({ message: {
  80.                 user: userFound.user,
  81.                 refreshToken: jwt.sign({
  82.                     id: userFound.id,
  83.                     user: userFound.user,
  84.                     accessToken: newAccessToken
  85.                 }, userFound.key, { expiresIn: 60 * 60 * 12 }),
  86.                 accessToken: newAccessToken
  87.             }});
  88.  
  89.             return null;
  90.         });
  91.  
  92.     router.route('/token/')
  93.         .post(async function(req, res, next) {
  94.             let accessToken = req.body.accessToken;
  95.             let refreshToken = req.body.refreshToken;
  96.  
  97.             let accessTokenExpired = false;
  98.             try {
  99.                 jwt.verify(accessToken, Secret);
  100.             } catch (e) {
  101.                 accessTokenExpired = e.name === "TokenExpiredError";
  102.             }
  103.             if(!accessTokenExpired) {
  104.                 res.json({error: "Cannot get new tokens."});
  105.                 return null;
  106.             }
  107.  
  108.             let decodedAccessToken = jwt.decode(accessToken, Secret);
  109.             let userFound = await User.findOne({_id: decodedAccessToken.id});
  110.             if(!userFound) {
  111.                 res.json({error: "Cannot get new tokens."});
  112.                 return null;
  113.             }
  114.  
  115.             let decodedRefreshToken;
  116.             try {
  117.                 decodedRefreshToken = jwt.verify(refreshToken, userFound.key);
  118.             } catch (e) {
  119.                 res.json({error: "Cannot get new tokens."});
  120.                 return null;
  121.             }
  122.  
  123.             if(decodedAccessToken.id !== decodedRefreshToken.id
  124.                 || decodedRefreshToken.accessToken !== accessToken) {
  125.                 res.json({error: "Cannot get new tokens."});
  126.                 return null;
  127.             }
  128.  
  129.             let newAccessToken = jwt.sign({
  130.                     id: userFound.id,
  131.                     user: userFound.user
  132.                 }, Secret, { expiresIn: 60 * 15 });
  133.             res.json({ message: {
  134.                 refreshToken: jwt.sign({
  135.                     id: userFound.id,
  136.                     user: userFound.user,
  137.                     accessToken: newAccessToken
  138.                 }, userFound.key, { expiresIn: 60 * 60 * 12 }),
  139.                 accessToken: newAccessToken
  140.             }});
  141.             return null;
  142.  
  143.         });
  144.  
  145.     app.use('/api/auth/', router);
  146. };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!