73 lines
2.4 KiB
JavaScript
73 lines
2.4 KiB
JavaScript
require("dotenv").config();
|
|
const express = require("express");
|
|
const bcrypt = require("bcrypt");
|
|
const jwt = require("jsonwebtoken");
|
|
const User = require("../models/User");
|
|
const { registerSchema, loginSchema } = require("../validation");
|
|
const validate = require('../middleware/validate');
|
|
|
|
const router = express.Router();
|
|
let refreshTokens = [];
|
|
|
|
const ACCESS_SECRET = process.env.ACCESS_SECRET;
|
|
const REFRESH_SECRET = process.env.REFRESH_SECRET;
|
|
|
|
// Register
|
|
router.post("/register", validate(registerSchema), async (req, res) => {
|
|
const { error } = registerSchema.validate(req.body);
|
|
if (error) return res.status(400).json({ error: error.details[0].message });
|
|
|
|
const { username, email, password } = req.body;
|
|
const existing = await User.findOne({ email });
|
|
if (existing) return res.status(400).json({ error: "User already exists" });
|
|
|
|
const hashed = await bcrypt.hash(password, 10);
|
|
const user = new User({ username, email, password: hashed });
|
|
await user.save();
|
|
res.json({ message: "User registered" });
|
|
});
|
|
|
|
// Login
|
|
router.post("/login", async (req, res) => {
|
|
const { error } = loginSchema.validate(req.body);
|
|
if (error) return res.status(400).json({ error: error.details[0].message });
|
|
|
|
const { email, password } = req.body;
|
|
const user = await User.findOne({ email });
|
|
if (!user || !(await bcrypt.compare(password, user.password)))
|
|
return res.status(403).json({ error: "Invalid credentials" });
|
|
|
|
const payload = { username: user.username, email: user.email };
|
|
const accessToken = jwt.sign(payload, ACCESS_SECRET, { expiresIn: "15m" });
|
|
const refreshToken = jwt.sign(payload, REFRESH_SECRET, { expiresIn: "30d" });
|
|
|
|
refreshTokens.push(refreshToken);
|
|
res.json({ accessToken, refreshToken });
|
|
});
|
|
|
|
// Refresh token
|
|
router.post("/token", (req, res) => {
|
|
const { token } = req.body;
|
|
if (!token || !refreshTokens.includes(token))
|
|
return res.status(403).json({ error: "Invalid refresh token" });
|
|
|
|
jwt.verify(token, REFRESH_SECRET, (err, user) => {
|
|
if (err) return res.status(403).json({ error: "Token expired" });
|
|
|
|
const accessToken = jwt.sign(
|
|
{ username: user.username, email: user.email },
|
|
ACCESS_SECRET,
|
|
{ expiresIn: "15m" }
|
|
);
|
|
res.json({ accessToken });
|
|
});
|
|
});
|
|
|
|
const authenticate = require("../middleware/auth");
|
|
|
|
router.get("/protected", authenticate, (req, res) => {
|
|
res.json({ message: `Welcome ${req.user.username}!` });
|
|
});
|
|
|
|
module.exports = router;
|