Improved consistency and fixed veriFyToken function
This commit is contained in:
@@ -1,4 +1,3 @@
|
||||
/* eslint-disable no-undef */
|
||||
import nodemailer from 'nodemailer';
|
||||
import { random } from './random';
|
||||
|
||||
|
||||
@@ -1,8 +1,7 @@
|
||||
/* eslint-disable no-undef */
|
||||
import jwt from 'jsonwebtoken';
|
||||
import { Level } from 'level';
|
||||
import { pool } from './databaseManager';
|
||||
import { respondWithStatus } from './requestHandler';
|
||||
import { userExists } from './permissionManager';
|
||||
|
||||
const db = new Level('tokens', { valueEncoding: 'json' });
|
||||
|
||||
@@ -21,8 +20,10 @@ export async function verifyToken(req, res, next) {
|
||||
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
||||
req.userId = decoded.userId;
|
||||
|
||||
if (!userExists(userId)) return await respondWithStatus(res, 404, 'User not found');
|
||||
const passwordMatch = await Bun.password.verify(decoded.password, rows[0].password);
|
||||
const [user] = await pool.execute('SELECT * FROM users WHERE id = ? LIMIT 1', [req.userId]);
|
||||
if (user.length === 0) return await respondWithStatus(res, 404, 'User not found');
|
||||
|
||||
const passwordMatch = await Bun.password.verify(decoded.password, user[0].password);
|
||||
if (!passwordMatch) return await respondWithStatus(res, 401, 'Token is invalid');
|
||||
const tokenStatus = await db.get(token);
|
||||
if (tokenStatus != 'valid') {
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
import express from 'express';
|
||||
import { error } from '../modules/logManager';
|
||||
import { pool } from '../modules/databaseManager';
|
||||
import { verifyToken } from '../modules/tokenManager';
|
||||
import { checkPermissions, checkBanned } from '../modules/permissionManager';
|
||||
@@ -14,7 +15,7 @@ router.get('/', verifyToken, checkBanned, checkPermissions('companies', 1), asyn
|
||||
return await respondWithStatusJSON(res, 200, rows);
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
});
|
||||
@@ -31,7 +32,7 @@ router.post('/', verifyToken, checkBanned, checkPermissions('companies', 2), asy
|
||||
return await respondWithStatus(res, 200, 'Company created successfully');
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
}
|
||||
@@ -48,7 +49,7 @@ router.get('/:companyId', verifyToken, checkBanned, checkPermissions('companies'
|
||||
return await respondWithStatusJSON(res, 200, rows[0]);
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
});
|
||||
@@ -73,7 +74,7 @@ router.patch('/:companyId', verifyToken, checkBanned, checkPermissions('companie
|
||||
}
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
});
|
||||
@@ -95,7 +96,7 @@ router.put('/:companyId', verifyToken, checkBanned, checkPermissions('companies'
|
||||
return await respondWithStatus(res, 200, 'Company updated successfully');
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
}
|
||||
@@ -116,7 +117,7 @@ router.delete('/:companyId', verifyToken, checkBanned, checkPermissions('compani
|
||||
return await respondWithStatus(res, 200, 'Company removed successfully');
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
});
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
import express from 'express';
|
||||
import { error } from '../modules/logManager';
|
||||
import { pool } from '../modules/databaseManager';
|
||||
import { verifyToken } from '../modules/tokenManager';
|
||||
import { verifyPermissions, checkPermissions, checkBanned, checkEmailVerified } from '../modules/permissionManager';
|
||||
@@ -18,7 +19,7 @@ router.get('/', verifyToken, checkBanned, checkPermissions('doctors', 1), async
|
||||
return await respondWithStatusJSON(res, 200, rows);
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
});
|
||||
@@ -46,7 +47,7 @@ router.post('/', verifyToken, checkBanned, checkPermissions('doctors', 2), async
|
||||
return await respondWithStatus(res, 200, 'Doctor created successfully');
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
}
|
||||
@@ -67,7 +68,7 @@ router.post('/register', verifyToken, checkEmailVerified, checkBanned, async (re
|
||||
return await respondWithStatus(res, 200, 'Doctor created successfully');
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
}
|
||||
@@ -85,7 +86,7 @@ router.get('/:doctorId', verifyToken, checkBanned, async (req, res) => {
|
||||
return await respondWithStatusJSON(res, 200, rows[0]);
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
});
|
||||
@@ -111,7 +112,7 @@ router.patch('/:doctorId', verifyToken, checkBanned, async (req, res) => {
|
||||
}
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
});
|
||||
@@ -134,7 +135,7 @@ router.put('/:doctorId', verifyToken, checkBanned, async (req, res) => {
|
||||
return await respondWithStatus(res, 200, 'Doctor updated successfully');
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
}
|
||||
@@ -156,7 +157,7 @@ router.delete('/:doctorId', verifyToken, checkBanned, async (req, res) => {
|
||||
return await respondWithStatus(res, 200, 'Doctor deleted successfully');
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
});
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
import express from 'express';
|
||||
import { error } from '../modules/logManager';
|
||||
import { pool } from '../modules/databaseManager';
|
||||
import { verifyToken } from '../modules/tokenManager';
|
||||
import { checkPermissions, checkBanned } from '../modules/permissionManager';
|
||||
@@ -16,7 +17,7 @@ router.get('/', verifyToken, checkBanned, checkPermissions('hospitals', 1), asyn
|
||||
return await respondWithStatusJSON(res, 200, rows);
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
});
|
||||
@@ -35,7 +36,7 @@ router.post('/', verifyToken, checkBanned, checkPermissions('hospitals', 2), asy
|
||||
return await respondWithStatus(res, 200, 'Hospital created successfully');
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
}
|
||||
@@ -55,7 +56,7 @@ router.get('/:hospitalId', verifyToken, checkBanned, checkPermissions('hospitals
|
||||
return await respondWithStatusJSON(res, 200, rows[0]);
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
});
|
||||
@@ -83,7 +84,7 @@ router.patch('/:hospitalId', verifyToken, checkBanned, checkPermissions('hospita
|
||||
}
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
});
|
||||
@@ -109,7 +110,7 @@ router.put('/:hospitalId', verifyToken, checkBanned, checkPermissions('hospitals
|
||||
return await respondWithStatus(res, 200, 'Hospital updated successfully');
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
}
|
||||
@@ -135,7 +136,7 @@ router.delete('/:hospitalId', verifyToken, checkBanned, checkPermissions('hospit
|
||||
return await respondWithStatus(res, 200, 'Hospital deleted successfully');
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
});
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
import express from 'express';
|
||||
import { error } from '../modules/logManager';
|
||||
import { pool } from '../modules/databaseManager';
|
||||
import { verifyToken } from '../modules/tokenManager';
|
||||
import { verifyPermissions, checkPermissions, checkBanned, checkEmailVerified } from '../modules/permissionManager';
|
||||
@@ -18,7 +19,7 @@ router.get('/', verifyToken, checkBanned, checkPermissions('patients', 1), async
|
||||
return await respondWithStatusJSON(res, 200, rows);
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
});
|
||||
@@ -46,7 +47,7 @@ router.post('/', verifyToken, checkBanned, checkPermissions('patients', 2), asyn
|
||||
return await respondWithStatus(res, 200, 'Patient created successfully');
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
}
|
||||
@@ -67,7 +68,7 @@ router.post('/register', verifyToken, checkEmailVerified, checkBanned, async (re
|
||||
return await respondWithStatus(res, 200, 'Patient created successfully');
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
}
|
||||
@@ -85,7 +86,7 @@ router.get('/:patientId', verifyToken, checkBanned, async (req, res) => {
|
||||
return await respondWithStatusJSON(res, 200, rows[0]);
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
});
|
||||
@@ -111,7 +112,7 @@ router.patch('/:patientId', verifyToken, checkBanned, async (req, res) => {
|
||||
}
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
});
|
||||
@@ -134,7 +135,7 @@ router.put('/:patientId', verifyToken, checkBanned, async (req, res) => {
|
||||
return await respondWithStatus(res, 200, 'Patient updated successfully');
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
}
|
||||
@@ -156,7 +157,7 @@ router.delete('/:patientId', verifyToken, checkBanned, async (req, res) => {
|
||||
return await respondWithStatus(res, 200, 'Patient deleted successfully');
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
});
|
||||
|
||||
@@ -2,10 +2,10 @@ import express from 'express';
|
||||
import { error } from '../modules/logManager';
|
||||
import { pool } from '../modules/databaseManager';
|
||||
import { sendVerification } from '../modules/mailHandler';
|
||||
import { isEmailDomainValid, isValidEmail, isPhoneNumber } from '../modules/formatManager';
|
||||
import { checkBanned, checkPermissions, userExists, isBanned, verifyPermissions } from '../modules/permissionManager';
|
||||
import { verifyToken, generateToken } from '../modules/tokenManager';
|
||||
import { isEmailDomainValid, isValidEmail, isPhoneNumber } from '../modules/formatManager';
|
||||
import { requestLimiter, respondWithStatus, respondWithStatusJSON } from '../modules/requestHandler';
|
||||
import { checkBanned, checkPermissions, userExists, isBanned, verifyPermissions } from '../modules/permissionManager';
|
||||
|
||||
const router = express.Router();
|
||||
|
||||
@@ -112,7 +112,7 @@ router.post('/', verifyToken, checkBanned, checkPermissions('user', 2), async (r
|
||||
return await respondWithStatus(res, 200, 'User created successfully');
|
||||
}
|
||||
catch (err) {
|
||||
console.error(err);
|
||||
error(err);
|
||||
return await respondWithStatus(res, 500, 'An error has occured');
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user