From 363ddcf42d072d83f1c6c9843a73fcc4f32b900a Mon Sep 17 00:00:00 2001 From: Dev Patel Date: Sun, 28 Jul 2024 13:03:47 -0500 Subject: [PATCH] Fixed additional comments --- src/database.ts | 6 ++- src/services/auth/auth-router.ts | 4 +- src/services/auth/auth-utils.ts | 6 --- src/services/auth/sponsor/sponsor-router.ts | 45 ++++++++++++++------- src/services/auth/sponsor/sponsor-schema.ts | 4 +- src/services/auth/sponsor/sponsor-utils.ts | 8 +++- 6 files changed, 46 insertions(+), 27 deletions(-) diff --git a/src/database.ts b/src/database.ts index f3f7e20..263cf74 100644 --- a/src/database.ts +++ b/src/database.ts @@ -101,7 +101,11 @@ export const Database = { NotificationsSchema, NotificationsValidator ), - AUTH_CODES: initializeModel("auth_codes", SponsorAuthSchema, SponsorAuthValidator), + AUTH_CODES: initializeModel( + "auth_codes", + SponsorAuthSchema, + SponsorAuthValidator + ), SPEAKERS: initializeModel("speakers", SpeakerSchema, SpeakerValidator), CORPORATE: initializeModel( "corporate", diff --git a/src/services/auth/auth-router.ts b/src/services/auth/auth-router.ts index 23086f4..09e06ce 100644 --- a/src/services/auth/auth-router.ts +++ b/src/services/auth/auth-router.ts @@ -10,7 +10,7 @@ import RoleChecker from "../../middleware/role-checker"; import { Role } from "../auth/auth-models"; import { AuthRoleChangeRequest } from "./auth-schema"; import { z } from "zod"; -import sponsorRouter from "./sponsor/sponsor-router"; +import authSponsorRouter from "./sponsor/sponsor-router"; const authStrategies: Record = {}; @@ -20,7 +20,7 @@ for (const key in DeviceRedirects) { const authRouter = Router(); -authRouter.use("/sponsor", sponsorRouter); +authRouter.use("/sponsor", authSponsorRouter); // Remove role from userId by email address (admin only endpoint) authRouter.delete( diff --git a/src/services/auth/auth-utils.ts b/src/services/auth/auth-utils.ts index 82d4f1e..1c7cf92 100644 --- a/src/services/auth/auth-utils.ts +++ b/src/services/auth/auth-utils.ts @@ -59,9 +59,3 @@ export function isStaff(payload?: JwtPayloadType) { export function isAdmin(payload?: JwtPayloadType) { return payload?.roles.includes(Role.Enum.ADMIN); } - -export async function sponsorExists(email: string) { - const response = await Database.CORPORATE.findOne({ email: email }); - if (!response) return false; - return true; -} diff --git a/src/services/auth/sponsor/sponsor-router.ts b/src/services/auth/sponsor/sponsor-router.ts index 088f8c5..223a657 100644 --- a/src/services/auth/sponsor/sponsor-router.ts +++ b/src/services/auth/sponsor/sponsor-router.ts @@ -4,15 +4,26 @@ import { StatusCodes } from "http-status-codes"; import { sendEmail } from "../../ses/ses-utils"; import jsonwebtoken from "jsonwebtoken"; import { Config } from "../../../config"; -import { createSixDigitCode, encryptSixDigitCode} from "./sponsor-utils"; +import { + createSixDigitCode, + encryptSixDigitCode, + sponsorExists, +} from "./sponsor-utils"; import * as bcrypt from "bcrypt"; -import {AuthSponsorLoginValidator, AuthSponsorVerifyValidator} from "./sponsor-schema"; +import { + AuthSponsorLoginValidator, + AuthSponsorVerifyValidator, +} from "./sponsor-schema"; -const sponsorRouter = Router(); +const authSponsorRouter = Router(); -sponsorRouter.post("/login", async (req, res, next) => { +authSponsorRouter.post("/login", async (req, res, next) => { try { const { email } = AuthSponsorLoginValidator.parse(req.body); + if (!sponsorExists(email)) { + return res.sendStatus(StatusCodes.UNAUTHORIZED); + } + const sixDigitCode = createSixDigitCode(); const expTime = Math.floor(Date.now() / 1000) + 300; const hashedVerificationCode = encryptSixDigitCode(sixDigitCode); @@ -35,23 +46,26 @@ sponsorRouter.post("/login", async (req, res, next) => { } }); -sponsorRouter.post("/verify", async (req, res, next) => { +authSponsorRouter.post("/verify", async (req, res, next) => { try { - const { email, sixDigitCode } = AuthSponsorVerifyValidator.parse(req.body); - const sponsorData = await Database.AUTH_CODES.findOneAndDelete({ email }); + const { email, sixDigitCode } = AuthSponsorVerifyValidator.parse( + req.body + ); + const sponsorData = await Database.AUTH_CODES.findOneAndDelete({ + email, + }); if (!sponsorData) { return res.sendStatus(StatusCodes.UNAUTHORIZED); } - const { hashedVerificationCode, expTime } = sponsorData; - if (Math.floor(Date.now() / 1000) > expTime) { + if (Math.floor(Date.now() / 1000) > sponsorData.expTime) { return res.sendStatus(StatusCodes.GONE); } - const match = await bcrypt.compareSync( + const match = bcrypt.compareSync( sixDigitCode, - hashedVerificationCode + sponsorData.hashedVerificationCode ); if (!match) { - return res.sendStatus(StatusCodes.BAD_REQUEST); + return res.sendStatus(StatusCodes.UNAUTHORIZED); } const token = jsonwebtoken.sign( { @@ -60,13 +74,14 @@ sponsorRouter.post("/verify", async (req, res, next) => { }, Config.JWT_SIGNING_SECRET, { - expiresIn: (Math.floor(Date.now() / 1000)) + Config.JWT_EXPIRATION_TIME + expiresIn: + Math.floor(Date.now() / 1000) + Config.JWT_EXPIRATION_TIME, } ); - res.json({ token }); + return res.status(StatusCodes.OK).json({ token }); } catch (error) { next(error); } }); -export default sponsorRouter; +export default authSponsorRouter; diff --git a/src/services/auth/sponsor/sponsor-schema.ts b/src/services/auth/sponsor/sponsor-schema.ts index 1ab5aad..b5dd55a 100644 --- a/src/services/auth/sponsor/sponsor-schema.ts +++ b/src/services/auth/sponsor/sponsor-schema.ts @@ -19,5 +19,5 @@ export const AuthSponsorLoginValidator = z.object({ export const AuthSponsorVerifyValidator = z.object({ email: z.string().email(), - sixDigitCode: z.string().length(6) -}); \ No newline at end of file + sixDigitCode: z.string().length(6), +}); diff --git a/src/services/auth/sponsor/sponsor-utils.ts b/src/services/auth/sponsor/sponsor-utils.ts index f9b8fe8..1052b64 100644 --- a/src/services/auth/sponsor/sponsor-utils.ts +++ b/src/services/auth/sponsor/sponsor-utils.ts @@ -1,5 +1,5 @@ import * as bcrypt from "bcrypt"; - +import { Database } from "../../../database"; export function createSixDigitCode() { let result = ""; @@ -21,3 +21,9 @@ export function encryptSixDigitCode(sixDigitCode: string): string { throw err; } } + +export async function sponsorExists(email: string) { + const response = await Database.CORPORATE.findOne({ email: email }); + if (!response) return false; + return true; +}