-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.js
106 lines (88 loc) · 2.93 KB
/
auth.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
/* @flow weak */
import bcrypt from 'bcrypt';
import bodyParser from 'body-parser';
import express from 'express';
import jwt from 'jwt-simple';
import ObjectManager from '../data/ObjectManager';
// Read environment
require( 'dotenv' ).load( );
let auth = express( );
auth.use( bodyParser.json( ) );
auth.post('/login', (req, res, next) =>
{
const objectManager = new ObjectManager( );
let User_AccountName = req.body.User_AccountName.toLowerCase( );
let User_AccountPassword = req.body.User_AccountPassword;
objectManager.getListBy( 'User', 'User_AccountName', User_AccountName )
.then( ( arr_Users ) =>
{
if( arr_Users.length == 0 )
res.status( 401 ).json( { error: 'Incorrect user' } );
else
{
const a_User = arr_Users[ 0 ];
bcrypt.compare( User_AccountPassword, a_User.User_AccountPassword, function( err, User_AccountPasswordIsCorrect )
{
if( User_AccountPasswordIsCorrect )
{
// User has authenticated correctly thus we create a JWT token
var token = jwt.encode( { user_id: a_User.id }, process.env.JWT_SECRET );
res.cookie( 'auth_token', token, { httpOnly: true } );
res.json( { success : true } );
}
else
res.status( 401 ).json( { error: 'Incorrect password' } );
} );
}
} )
.catch( ( reason ) =>
{
res.status( 401 ).json( { error: reason } );
} )
;
} );
auth.post('/createuser', (req, res, next) =>
{
const objectManager = new ObjectManager( );
let User_AccountName = req.body.User_AccountName.toLowerCase( );
let User_AccountPassword = req.body.User_AccountPassword;
objectManager.getListBy( 'User', 'User_AccountName', User_AccountName )
.then( ( arr_Users ) =>
{
if( arr_Users.length > 0 )
return Promise.reject( "User account already exists" );
else
return new Promise( ( resolve ) => {
bcrypt.hash( User_AccountPassword, 8, ( err, User_AccountPassword ) => resolve( User_AccountPassword ) );
} )
.then( ( User_AccountPassword ) => objectManager.add( 'User', {
User_AccountName: User_AccountName,
User_AccountPassword: User_AccountPassword,
User_DisplayName: 'New User',
User_ProfilePhoto: '',
User_Email: '',
User_Locale: '',
User_AuthToken: Math.random( ).toString( 36 )
} ) )
;
} )
.then( ( user_id ) => objectManager.getOneById( 'User', user_id ) )
.then( ( a_User ) =>
{
// User has been created thus we create a JWT token
var token = jwt.encode( { user_id: a_User.id }, process.env.JWT_SECRET );
res.cookie( 'auth_token', token, { httpOnly: true } );
res.json( { success : true } );
} )
.catch( ( reason ) =>
{
res.status( 401 ).json( { error: "" + reason } );
} )
;
} );
auth.post('/logout', (req, res, next) =>
{
res.cookie( 'auth_token', '', { httpOnly: true, expires: new Date( 1 ) } );
res.json( { success : true } );
} );
export default auth;