vishal-coder
diff --git a/‎.gitignore
Lines changed: 3 additions & 0 deletions b/‎.gitignore
Lines changed: 3 additions & 0 deletions
diff --git a/‎controllers/AuthController.js
Lines changed: 197 additions & 0 deletions b/‎controllers/AuthController.js
Lines changed: 197 additions & 0 deletions
diff --git a/‎index.js
Lines changed: 41 additions & 0 deletions b/‎index.js
Lines changed: 41 additions & 0 deletions
diff --git a/‎middleware/authMiddleware.js
Lines changed: 14 additions & 0 deletions b/‎middleware/authMiddleware.js
Lines changed: 14 additions & 0 deletions
diff --git a/‎models/AuthModel.js
Lines changed: 55 additions & 0 deletions b/‎models/AuthModel.js
Lines changed: 55 additions & 0 deletions
@@ -0,0 +1,3 @@
+node_modules
+.env
+.env
@@ -0,0 +1,197 @@
+import bcrypt from "bcrypt";
+import Crypto from "crypto";
+import jwt from "jsonwebtoken";
+import {
+  activatateUser,
+  getDBUserByEmail,
+  insertAccountConfirmationCode,
+  insertToken,
+  registerUser,
+  updatePassword,
+  verifyEmailToken,
+} from "../models/AuthModel.js";
+import { getHashedPassword } from "../util/hashing.js";
+import {
+  sendAccountVerificationMail,
+  sendPasswordResetMail,
+} from "../util/mailer.js";
+
+/**
+ * POST /signup
+ *
+ */
+export const signup = async (req, res) => {
+  console.log("signup requested", req.body);
+  const { firstname, lastname, phone, address, username, password, about } =
+    req.body;
+  const dBUserByEmail = await getDBUserByEmail({ username: username });
+  if (dBUserByEmail) {
+    return res.status(401).send({ message: "User Already Exists" });
+  }
+
+  let hashedPassword = await getHashedPassword(password);
+  const registerResult = await registerUser({
+    firstname: firstname,
+    lastname: lastname,
+    username: username,
+    password: hashedPassword,
+    phone: phone,
+    address: address,
+    about: about,
+  });
+
+  var confirmationToken = await jwt.sign(
+    { id: registerResult.insertedId.toString() },
+    process.env.SECRET_KEY
+  );
+
+  const isInserted = await insertAccountConfirmationCode(
+    { username: username },
+    confirmationToken
+  );
+  console.log("isInserted", isInserted);
+  sendAccountVerificationMail(username, confirmationToken, firstname);
+
+  res.status(200).send({
+    message: "User was registered successfully! Please Verify Your Email!",
+    success: true,
+  });
+};
+
+export const login = async (req, res) => {
+  const { username, password } = req.body;
+
+  const dBUserByEmail = await getDBUserByEmail({ username: username });
+
+  if (!dBUserByEmail) {
+    return res.send({ message: "Invalid Credentials", success: false });
+  }
+
+  const isActive = dBUserByEmail.isActive;
+  console.log("isActive", dBUserByEmail.isActive);
+  if (!isActive) {
+    return res.status(401).send({
+      message: "Before login, Please verify your email",
+      success: false,
+    });
+  }
+
+  const isPasswordMathced = await bcrypt.compare(
+    password,
+    dBUserByEmail.password
+  );
+
+  if (!isPasswordMathced) {
+    console.log("Invalid Credentials");
+    return res.send({ message: "Invalid Credentials", success: false });
+  }
+
+  var token = jwt.sign(
+    { id: dBUserByEmail._id.toString() },
+    process.env.SECRET_KEY
+  );
+  res.header("x-auth-token", token);
+  res.send({
+    message: "user logged successfully",
+    success: true,
+    token: token,
+    user: {
+      name: dBUserByEmail.firstname,
+      email: dBUserByEmail.username,
+      userType: dBUserByEmail.role,
+      address: dBUserByEmail.address,
+      token: token,
+    },
+  });
+};
+
+export const forgotPassword = async (req, res) => {
+  const { email } = req.body;
+
+  const dBUserByEmail = await getDBUserByEmail({ username: email });
+
+  if (!dBUserByEmail) {
+    return res.status(401).send({
+      message: "User with given email doesn't exists.",
+      success: false,
+    });
+  }
+
+  let resetToken = Crypto.randomBytes(16).toString("hex");
+  let hashedResetToken = await getHashedPassword(resetToken);
+
+  let tokenUpdate = await insertToken({ username: email }, hashedResetToken);
+  if (!tokenUpdate) {
+    return res.status(401).send({
+      message: "Something went wront..Please try again later.",
+      success: false,
+    });
+  }
+
+  const mailsuccess = await sendPasswordResetMail(
+    email,
+    hashedResetToken,
+    dBUserByEmail._id
+  );
+
+  if (!mailsuccess) {
+    return res.status(401).send({
+      message: "Something went wront..Please try again later.",
+      success: false,
+    });
+  }
+
+  res.status(200).send({
+    message: "verification mail sent to your email address",
+    success: true,
+  });
+};
+
+export const resetpassword = async (req, res) => {
+  const { password } = req.body;
+  const { token } = req.query;
+
+  const hashedPassword = await getHashedPassword(password);
+  const query = { token: token };
+  const updateQuery = { $set: { password: hashedPassword } };
+  const updatePasswordResult = await updatePassword(query, updateQuery);
+
+  // const deleteTokenResult = await deleteToken(token); TODO: remove this comment and delete below line
+  const deleteTokenResult = true;
+
+  if (!deleteTokenResult) {
+    return res.send({
+      message: "Invalid token..Please try resetting your password again!",
+      success: false,
+    });
+  }
+
+  res.send({
+    message: "Password reset successfully",
+    success: true,
+  });
+};
+
+export const verifyEmail = async (req, res) => {
+  const { token } = req.body;
+  const isValidToken = await verifyEmailToken({ confirmationToken: token });
+
+  if (!isValidToken) {
+    return res.status(404).send({ message: "Invalid token.", success: false });
+  }
+
+  const activateUser = await activatateUser(token);
+
+  res.send({
+    message: "email verified successfully !!!",
+    success: true,
+  });
+};
+
+export const logoutUser = async (req, res) => {
+  console.log("Inside handleLogoutUser");
+  const { token } = req.body;
+  // TODO: list token as expired or blacklisted
+
+  return res.send({ success: true, message: "user logged out successfully" });
+};
@@ -0,0 +1,41 @@
+import cors from "cors";
+import dotenv from "dotenv";
+import express from "express";
+import { MongoClient } from "mongodb";
+import { authRouter } from "./routes/auth.js";
+import http from "http";
+
+const corsOptions = {
+  origin: "*",
+  optionsSuccessStatus: 200,
+};
+const app = express();
+dotenv.config();
+const server = http.createServer(app);
+const PORT = process.env.PORT || 5000;
+const MONGO_URL = process.env.MONGO_URL;
+
+app.use(cors(corsOptions));
+app.use(express.json());
+
+async function createConnection() {
+  try {
+    const client = new MongoClient(MONGO_URL);
+    await client.connect();
+    console.log("connected to database");
+    return client;
+  } catch (error) {
+    console.log("error while connecting to database", error);
+  }
+}
+export const client = await createConnection();
+
+server.listen(PORT, () => {
+  console.log("listening on *:", PORT);
+});
+
+app.get("/", (req, res) => {
+  res.send({ message: "default request" });
+});
+
+app.use("/auth", authRouter);
@@ -0,0 +1,14 @@
+import jwt from "jsonwebtoken";
+
+export const verifyAuth = (request, response, next) => {
+  try {
+    const token = request.header("x-auth-token");
+    if (!token) return response.status(401).send("Access Denied");
+    console.log("verifyAuth - ", token);
+    const verified = jwt.verify(token, process.env.SECRET_KEY);
+    request.user = verified;
+    next();
+  } catch (err) {
+    response.status(401).send({ error: err.message });
+  }
+};
@@ -0,0 +1,55 @@
+import { client } from "../index.js";
+
+export async function getDBUserByEmail(data) {
+  return client.db("blog").collection("users").findOne(data);
+}
+
+export function registerUser(data) {
+  return client.db("blog").collection("users").insertOne(data);
+}
+
+export function insertToken(data, hashedResetToken) {
+  return client
+    .db("blog")
+    .collection("users")
+    .updateOne(data, {
+      $set: { token: hashedResetToken, createdAt: new Date() },
+    });
+}
+
+export function getToken(data) {
+  return client.db("blog").collection("users").findOne(data);
+}
+
+export function updatePassword(query, updateQuery) {
+  return client.db("blog").collection("users").updateOne(query, updateQuery);
+}
+export function deleteToken(token) {
+  return client
+    .db("blog")
+    .collection("users")
+    .updateOne({ token: token }, { $unset: { token: "" } });
+}
+export async function verifyEmailToken(data) {
+  return client.db("blog").collection("users").findOne(data);
+}
+
+export function activatateUser(token) {
+  return client
+    .db("blog")
+    .collection("users")
+    .updateOne({ confirmationToken: token }, { $set: { isActive: true } });
+}
+
+export function insertAccountConfirmationCode(data, confirmationToken) {
+  return client
+    .db("blog")
+    .collection("users")
+    .updateOne(data, {
+      $set: { confirmationToken: confirmationToken },
+    });
+}
+
+export async function isUserActive(data) {
+  return client.db("blog").collection("users").findOne(data);
+}