const express = require('express');const router = express.Router();const

1. const express  = require('express');
2. const router   = express.Router();
3. const User     = require('../db/users');
4. const util     = require('../lib/util');
5. const jwt      = require('jsonwebtoken');
6. const {tokenSecret, refreshSecret, tokenLife, refreshTokenLife} = require("../config/tokenConfig.js")
7.  
8. const tokenList = {}
9.  
10. router.post("/login",(req, res, next) => {
11.   let isValid = true;
12.     const validationError = {
13.       name:'ValidationError',
14.       errors:{}
15.     };
16.  
17.     if(!req.body.username){
18.       isValid = false;
19.       validationError.errors.username = {message:'Username is required!'};
20.     }
21.     if(!req.body.password){
22.       isValid = false;
23.       validationError.errors.password = {message:'Password is required!'};
24.     }
25.     if(!isValid) return res.json(util.successFalse(validationError));
26.     else next();
27.   },
28.  
29.   function(req,res,next){
30.     User.findOne({username:req.body.username})
31.     .select({password:1,username:1,name:1,email:1})
32.     .exec(async function(err,user){
33.       if(err) return res.json(util.successFalse(err));
34.       else if(!user||!user.authenticate(req.body.password))
35.          return res.json(util.successFalse(null,'Username or Password is invalid'));
36.       else {
37.         const payload = {
38.           _id : user._id,
39.           username: user.username
40.         };
41.         const options = {expiresIn : tokenLife};
42.         const refreshOptions = {expiresIn : refreshTokenLife}
43.         try  {
44.           const token = await jwt.sign(payload, tokenSecret, options)
45.           const refreshToken = await jwt.sign(payload, refreshSecret, refreshOptions)
46.           const response = {token: token, username: req.body.username, refreshToken: refreshToken, expiresIn: Date.now() + tokenLife*1000}
47.           tokenList[refreshToken] = response
48.           res.json(util.successTrue(response))
49.         } catch(err) {
50.           return res.json(util.successFalse(err));
51.         }
52.       }
53.     });
54. })
55.  
56. // refresh request when access token expired
57. router.post("/refresh", (req, res, next) => {
58.  
59.    /**
60.    * @const postData = {
61.    *  {String} token,
62.    *  {String} refreshToken,
63.    *  {Number} expiresIn,
64.    *  {String} username,
65.    * }
66.    */
67.     const postData = req.body;
68.     if((postData.refreshToken) && (postData.refreshToken in tokenList)) {
69.       User.findOne({username:postData.username})
70.     .select({password:1,username:1,name:1,email:1})
71.     .exec(async function(err,user){
72.       if(err) return res.json(util.successFalse(err));
73.         const payload = {
74.           _id : user._id,
75.           username: user.username
76.         };
77.         const options = {expiresIn : tokenLife};
78.         try  {
79.           const token = await jwt.sign(payload, tokenSecret, options)
80.           const response = {token: token, username: req.body.username, refreshToken: postData.refreshToken, expiresIn: Date.now() + tokenLife*1000}
81.           tokenList[postData.refreshToken].token = response.token
82.           tokenList[postData.refreshToken].expiresIn = response.expiresIn
83.           res.json(util.successTrue(response))
84.         } catch(err) {
85.           console.log(err)
86.           return res.json(util.successFalse(err));
87.         }
88.     });
89.     }
90. })
91.  
92.  
93. module.exports = router;