Implement auth

arghmatey · Apr 13, 2020 · e2e9935 · e2e9935
1 parent 4960200
commit e2e9935
Show file tree

Hide file tree

Showing 16 changed files with 726 additions and 30 deletions.
diff --git a/Procfile b/Procfile
@@ -0,0 +1 @@
+web: node server.js
diff --git a/config/auth.js b/config/auth.js
@@ -0,0 +1,19 @@
+const jwt = require('jsonwebtoken');
+const SECRET = process.env.SECRET;
+
+module.exports = function (req, res, next) {
+    let token = req.get('Authorization') || req.query.token || req.body.token;
+    if (token) {
+        token = token.replace('Bearer ', '');
+        jwt.verify(token, SECRET, function (err, decoded) {
+            if (err) {
+                next(err);
+            } else {
+                req.user = decoded.user;
+                next();
+            }
+        });
+    } else {
+        next();
+    }
+};
diff --git a/config/database.js b/config/database.js
@@ -4,4 +4,4 @@ mongoose.connect(process.env.DATABASE_URL, {
     useNewUrlParser: true,
     useUnifiedTopology: true,
     useCreateIndex: true
-})
+});
diff --git a/controllers/users.js b/controllers/users.js
@@ -1,15 +1,45 @@
 const User = require('../models/user');
+const jwt = require('jsonwebtoken');
+const SECRET = process.env.SECRET;
 
-module.exports - {
-    signup
+module.exports = {
+    signup,
+    login
 };
 
 async function signup(req, res) {
     const user = new User(req.body);
     try {
+        console.log('controllers/users/13');
         await user.save();
-        res.join(user);
+        const token = createJWT(user);
+        res.json({ token });
     } catch (err) {
         res.status(400).json(err);
     };
+}
+
+async function login(req, res) {
+    try {
+        const user = await User.findOne({ email: req.body.email });
+        if (!user) return res.status(401).json({ err: 'bad credentials' });
+        user.comparePassword(req.body.pw, (err, isMatch) => {
+            if (isMatch) {
+                const token = createJWT(user);
+                res.json({ token });
+            } else {
+                return res.status(401).json({ err: 'bad credentials' });
+            }
+        });
+    } catch (err) {
+        return res.status(401).json(err);
+    }
+}
+
+function createJWT(user) {
+    return jwt.sign(
+        { user },
+        SECRET,
+        { expiresIn: '24h' }
+    );
 }
diff --git a/models/user.js b/models/user.js
@@ -1,4 +1,7 @@
 const mongoose = require('mongoose');
+const bcrypt = require('bcrypt');
+
+const SALT_ROUNDS = 6;
 
 const userSchema = new mongoose.Schema({
     name: String,
@@ -13,4 +16,25 @@ const userSchema = new mongoose.Schema({
     timestamps: true
 });
 
+userSchema.set('toJSON', {
+    transform: function (doc, ret) {
+        delete ret.password;
+        return ret;
+    }
+});
+
+userSchema.pre('save', function (next) {
+    const user = this;
+    if (!user.isModified('password')) return next();
+    bcrypt.hash(user.password, SALT_ROUNDS, function (err, hash) {
+        if (err) return next(err);
+        user.password = hash;
+        next();
+    });
+});
+
+userSchema.methods.comparePassword = function (tryPassword, cb) {
+    bcrypt.compare(tryPassword, this.password, cb);
+};
+
 module.exports = mongoose.model('User', userSchema);