const db = require("../models/index"); const config = require("../config/auth.config"); const { User: User, Role: Role, RefreshToken: RefreshToken } = db; const Op = db.Sequelize.Op; const jwt = require("jsonwebtoken"); exports.register = (req, res) => { // Save User to Database User.create({ firstName: req.body.firstName, lastName: req.body.lastName, email: req.body.email, dateOfBirth: new Date(req.body.dateOfBirth), password: req.body.password }) .then(user => { if (req.body.roles) { Role.findAll({ where: { name: { [Op.or]: req.body.roles } } }).then(roles => { user.setRoles(roles).then(() => { res.send({ message: "User registered successfully!" }); }); }); } else { // user role = 1 user.setRoles([1]).then(() => { res.send({ message: "User registered successfully!" }); }, (error) => { console.log(JSON.stringify(error, null, 2)); }); } }) .catch(err => { res.status(500).send({ message: err.message }); }); }; exports.login = (req, res) => { User.findOne({ where: { email: req.body.email } }) .then(async (user) => { if (!user) { return res.status(404).send({ message: "User Not found." }); } const passwordIsValid = user.validPassword(req.body.password); if (!passwordIsValid) { return res.status(401).send({ accessToken: null, message: "Invalid Password!" }); } const token = jwt.sign({ id: user.id }, config.secret, { algorithm: 'HS256', allowInsecureKeySizes: true, expiresIn: config.jwtExpiration }); let refreshToken = await RefreshToken.createToken(user); const authorities = []; user.getRoles().then(roles => { for (let i = 0; i < roles.length; i++) { authorities.push("ROLE_" + roles[i].name.toUpperCase()); } res.status(200).send({ id: user.id, username: user.username, email: user.email, roles: authorities, accessToken: token, refreshToken: refreshToken }); }); }) .catch(err => { res.status(500).send({ message: err.message }); }); }; exports.logout = (req, res) => { } exports.refreshToken = async (req, res) => { const { refreshToken: requestToken } = req.body; if (requestToken == null) { return res.status(403).json({ message: "Refresh Token is required!" }); } try { let refreshToken = await RefreshToken.findOne({ where: { token: requestToken } }); console.log(refreshToken) if (!refreshToken) { res.status(403).json({ message: "Refresh token is not in database!" }); return; } if (RefreshToken.verifyExpiration(refreshToken)) { RefreshToken.destroy({ where: { id: refreshToken.id } }); res.status(403).json({ message: "Refresh token was expired. Please make a new login request", }); return; } const user = await refreshToken.getUser(); let newAccessToken = jwt.sign({ id: user.id }, config.secret, { expiresIn: config.jwtExpiration, }); return res.status(200).json({ accessToken: newAccessToken, refreshToken: refreshToken.token, }); } catch (err) { return res.status(500).send({ message: err }); } };