bg(security): protect all routes

- refactor the token verification middlewares - [Finishes #170799329]
andela · Jan 20, 2020 · b0d68c4 · b0d68c4
1 parent a600981
commit b0d68c4
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 39 deletions.
diff --git a/src/controllers/UserController.js b/src/controllers/UserController.js
@@ -237,6 +237,18 @@ class UserController {
       return Response.errorMessage(req, res, 'Signout failed', 500);
     }
   }
+
+  /**
+    * Token is not blacklisted
+    * @description GET /api/v1/token/valid
+    * @static
+    * @param {object} req request object
+    * @param {object} res response object
+    * @returns {object} Logout
+  */
+  static async isBlackListed(req, res) {
+    return Response.successMessage(req, res, 'Token is valid', true, HttpStatus.OK);
+  }
 }
 
 export default UserController;
diff --git a/src/middlewares/advancedVerifyToken.js b/src/middlewares/advancedVerifyToken.js
diff --git a/src/middlewares/verifyToken.js b/src/middlewares/verifyToken.js
@@ -1,5 +1,7 @@
 import jwt from 'jsonwebtoken';
 import Response from '../helpers/Response';
+import UserService from '../services/UserService';
+
 /**
   * verify token
   * @param {object} req request object
@@ -15,11 +17,16 @@ const verifyToken = (req, res, next) => {
   }
   jwt.verify(
     token, process.env.JWT_KEY,
-    (err, result) => {
+    async (err, result) => {
       if (err) {
         return Response.errorMessage(req, res, err, 401);
       }
+      const isTokenExist = await UserService.blacklistToken(token);
+      if (isTokenExist) {
+        return Response.errorMessage(req, res, 'You have provided an invalid token', 401);
+      }
       req.user = result;
+      result.token = token;
       next();
     }
   );

diff --git a/src/routes/api/userRoute.js b/src/routes/api/userRoute.js
@@ -6,7 +6,6 @@ import UserController from '../../controllers/UserController';
 import verifyToken from '../../middlewares/verifyToken';
 import checkInputDataError from '../../middlewares/checkInputDataError';
 import customValidator from '../../middlewares/customValidator';
-import advancedVerifyToken from '../../middlewares/advancedVerifyToken';
 
 const userRoute = express.Router();
 
@@ -152,5 +151,6 @@ const { isImage } = customValidator;
 userRoute.put('/profile-settings', verifyToken, profileUpdateRules(), checkInputDataError, isImage, isManager, isUserVerified, UserController.updateProfile);
 userRoute.get('/view-profile', verifyToken, isUserVerified, UserController.viewProfile);
 userRoute.get('/notification', verifyToken, isUserVerified, UserController.viewNotification);
-userRoute.patch('/logout', advancedVerifyToken, UserController.logout);
+userRoute.patch('/logout', verifyToken, UserController.logout);
+userRoute.get('/token/valid', verifyToken, UserController.isBlackListed);
 export default userRoute;
diff --git a/src/tests/mock/tripMockData.js b/src/tests/mock/tripMockData.js
@@ -310,8 +310,8 @@ const tripMockData = {
       {
         originId: 3,
         destinationId: 5,
-        startDate: '2020-01-20',
-        returnDate: '2021-01-10',
+        startDate: '2020-05-20',
+        returnDate: '2021-05-10',
         reason: 'edit me multicity 1'
       },
       {