From ab72bf2593553daad225737645424677f57cb70f Mon Sep 17 00:00:00 2001 From: Lightemerald Date: Mon, 26 Feb 2024 11:14:05 +0100 Subject: [PATCH] Improved consistency and fixed veriFyToken function --- modules/mailHandler.js | 1 - modules/tokenManager.js | 9 +++++---- routes/companies.js | 13 +++++++------ routes/doctors.js | 15 ++++++++------- routes/hospitals.js | 13 +++++++------ routes/patients.js | 15 ++++++++------- routes/users.js | 6 +++--- 7 files changed, 38 insertions(+), 34 deletions(-) diff --git a/modules/mailHandler.js b/modules/mailHandler.js index 08b2648..1ba5917 100644 --- a/modules/mailHandler.js +++ b/modules/mailHandler.js @@ -1,4 +1,3 @@ -/* eslint-disable no-undef */ import nodemailer from 'nodemailer'; import { random } from './random'; diff --git a/modules/tokenManager.js b/modules/tokenManager.js index aa52b49..3581abb 100644 --- a/modules/tokenManager.js +++ b/modules/tokenManager.js @@ -1,8 +1,7 @@ -/* eslint-disable no-undef */ import jwt from 'jsonwebtoken'; import { Level } from 'level'; +import { pool } from './databaseManager'; import { respondWithStatus } from './requestHandler'; -import { userExists } from './permissionManager'; const db = new Level('tokens', { valueEncoding: 'json' }); @@ -21,8 +20,10 @@ export async function verifyToken(req, res, next) { const decoded = jwt.verify(token, process.env.JWT_SECRET); req.userId = decoded.userId; - if (!userExists(userId)) return await respondWithStatus(res, 404, 'User not found'); - const passwordMatch = await Bun.password.verify(decoded.password, rows[0].password); + const [user] = await pool.execute('SELECT * FROM users WHERE id = ? LIMIT 1', [req.userId]); + if (user.length === 0) return await respondWithStatus(res, 404, 'User not found'); + + const passwordMatch = await Bun.password.verify(decoded.password, user[0].password); if (!passwordMatch) return await respondWithStatus(res, 401, 'Token is invalid'); const tokenStatus = await db.get(token); if (tokenStatus != 'valid') { diff --git a/routes/companies.js b/routes/companies.js index 02313d6..601e787 100644 --- a/routes/companies.js +++ b/routes/companies.js @@ -1,4 +1,5 @@ import express from 'express'; +import { error } from '../modules/logManager'; import { pool } from '../modules/databaseManager'; import { verifyToken } from '../modules/tokenManager'; import { checkPermissions, checkBanned } from '../modules/permissionManager'; @@ -14,7 +15,7 @@ router.get('/', verifyToken, checkBanned, checkPermissions('companies', 1), asyn return await respondWithStatusJSON(res, 200, rows); } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); @@ -31,7 +32,7 @@ router.post('/', verifyToken, checkBanned, checkPermissions('companies', 2), asy return await respondWithStatus(res, 200, 'Company created successfully'); } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } } @@ -48,7 +49,7 @@ router.get('/:companyId', verifyToken, checkBanned, checkPermissions('companies' return await respondWithStatusJSON(res, 200, rows[0]); } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); @@ -73,7 +74,7 @@ router.patch('/:companyId', verifyToken, checkBanned, checkPermissions('companie } } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); @@ -95,7 +96,7 @@ router.put('/:companyId', verifyToken, checkBanned, checkPermissions('companies' return await respondWithStatus(res, 200, 'Company updated successfully'); } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } } @@ -116,7 +117,7 @@ router.delete('/:companyId', verifyToken, checkBanned, checkPermissions('compani return await respondWithStatus(res, 200, 'Company removed successfully'); } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); diff --git a/routes/doctors.js b/routes/doctors.js index fbb4cef..fbbdca9 100644 --- a/routes/doctors.js +++ b/routes/doctors.js @@ -1,4 +1,5 @@ import express from 'express'; +import { error } from '../modules/logManager'; import { pool } from '../modules/databaseManager'; import { verifyToken } from '../modules/tokenManager'; import { verifyPermissions, checkPermissions, checkBanned, checkEmailVerified } from '../modules/permissionManager'; @@ -18,7 +19,7 @@ router.get('/', verifyToken, checkBanned, checkPermissions('doctors', 1), async return await respondWithStatusJSON(res, 200, rows); } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); @@ -46,7 +47,7 @@ router.post('/', verifyToken, checkBanned, checkPermissions('doctors', 2), async return await respondWithStatus(res, 200, 'Doctor created successfully'); } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } } @@ -67,7 +68,7 @@ router.post('/register', verifyToken, checkEmailVerified, checkBanned, async (re return await respondWithStatus(res, 200, 'Doctor created successfully'); } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } } @@ -85,7 +86,7 @@ router.get('/:doctorId', verifyToken, checkBanned, async (req, res) => { return await respondWithStatusJSON(res, 200, rows[0]); } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); @@ -111,7 +112,7 @@ router.patch('/:doctorId', verifyToken, checkBanned, async (req, res) => { } } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); @@ -134,7 +135,7 @@ router.put('/:doctorId', verifyToken, checkBanned, async (req, res) => { return await respondWithStatus(res, 200, 'Doctor updated successfully'); } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } } @@ -156,7 +157,7 @@ router.delete('/:doctorId', verifyToken, checkBanned, async (req, res) => { return await respondWithStatus(res, 200, 'Doctor deleted successfully'); } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); diff --git a/routes/hospitals.js b/routes/hospitals.js index 841ba1c..315cb79 100644 --- a/routes/hospitals.js +++ b/routes/hospitals.js @@ -1,4 +1,5 @@ import express from 'express'; +import { error } from '../modules/logManager'; import { pool } from '../modules/databaseManager'; import { verifyToken } from '../modules/tokenManager'; import { checkPermissions, checkBanned } from '../modules/permissionManager'; @@ -16,7 +17,7 @@ router.get('/', verifyToken, checkBanned, checkPermissions('hospitals', 1), asyn return await respondWithStatusJSON(res, 200, rows); } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); @@ -35,7 +36,7 @@ router.post('/', verifyToken, checkBanned, checkPermissions('hospitals', 2), asy return await respondWithStatus(res, 200, 'Hospital created successfully'); } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } } @@ -55,7 +56,7 @@ router.get('/:hospitalId', verifyToken, checkBanned, checkPermissions('hospitals return await respondWithStatusJSON(res, 200, rows[0]); } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); @@ -83,7 +84,7 @@ router.patch('/:hospitalId', verifyToken, checkBanned, checkPermissions('hospita } } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); @@ -109,7 +110,7 @@ router.put('/:hospitalId', verifyToken, checkBanned, checkPermissions('hospitals return await respondWithStatus(res, 200, 'Hospital updated successfully'); } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } } @@ -135,7 +136,7 @@ router.delete('/:hospitalId', verifyToken, checkBanned, checkPermissions('hospit return await respondWithStatus(res, 200, 'Hospital deleted successfully'); } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); diff --git a/routes/patients.js b/routes/patients.js index 30e388e..b975cbc 100644 --- a/routes/patients.js +++ b/routes/patients.js @@ -1,4 +1,5 @@ import express from 'express'; +import { error } from '../modules/logManager'; import { pool } from '../modules/databaseManager'; import { verifyToken } from '../modules/tokenManager'; import { verifyPermissions, checkPermissions, checkBanned, checkEmailVerified } from '../modules/permissionManager'; @@ -18,7 +19,7 @@ router.get('/', verifyToken, checkBanned, checkPermissions('patients', 1), async return await respondWithStatusJSON(res, 200, rows); } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); @@ -46,7 +47,7 @@ router.post('/', verifyToken, checkBanned, checkPermissions('patients', 2), asyn return await respondWithStatus(res, 200, 'Patient created successfully'); } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } } @@ -67,7 +68,7 @@ router.post('/register', verifyToken, checkEmailVerified, checkBanned, async (re return await respondWithStatus(res, 200, 'Patient created successfully'); } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } } @@ -85,7 +86,7 @@ router.get('/:patientId', verifyToken, checkBanned, async (req, res) => { return await respondWithStatusJSON(res, 200, rows[0]); } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); @@ -111,7 +112,7 @@ router.patch('/:patientId', verifyToken, checkBanned, async (req, res) => { } } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); @@ -134,7 +135,7 @@ router.put('/:patientId', verifyToken, checkBanned, async (req, res) => { return await respondWithStatus(res, 200, 'Patient updated successfully'); } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } } @@ -156,7 +157,7 @@ router.delete('/:patientId', verifyToken, checkBanned, async (req, res) => { return await respondWithStatus(res, 200, 'Patient deleted successfully'); } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }); diff --git a/routes/users.js b/routes/users.js index e94731c..ed02a0e 100644 --- a/routes/users.js +++ b/routes/users.js @@ -2,10 +2,10 @@ import express from 'express'; import { error } from '../modules/logManager'; import { pool } from '../modules/databaseManager'; import { sendVerification } from '../modules/mailHandler'; -import { isEmailDomainValid, isValidEmail, isPhoneNumber } from '../modules/formatManager'; -import { checkBanned, checkPermissions, userExists, isBanned, verifyPermissions } from '../modules/permissionManager'; import { verifyToken, generateToken } from '../modules/tokenManager'; +import { isEmailDomainValid, isValidEmail, isPhoneNumber } from '../modules/formatManager'; import { requestLimiter, respondWithStatus, respondWithStatusJSON } from '../modules/requestHandler'; +import { checkBanned, checkPermissions, userExists, isBanned, verifyPermissions } from '../modules/permissionManager'; const router = express.Router(); @@ -112,7 +112,7 @@ router.post('/', verifyToken, checkBanned, checkPermissions('user', 2), async (r return await respondWithStatus(res, 200, 'User created successfully'); } catch (err) { - console.error(err); + error(err); return await respondWithStatus(res, 500, 'An error has occured'); } }