Fixes to tokens
This commit is contained in:
BIN
api/bun.lockb
BIN
api/bun.lockb
Binary file not shown.
@@ -1,18 +1,11 @@
|
||||
/* eslint-disable no-undef */
|
||||
import jwt from 'jsonwebtoken';
|
||||
import { Level } from 'level';
|
||||
import { respondWithStatus } from './requestHandler.js';
|
||||
import { pool } from './database.js';
|
||||
|
||||
|
||||
// Set up LevelDB instance
|
||||
const db = new Level('./tokensDB');
|
||||
|
||||
// Generate a new JWT
|
||||
const generateToken = async (userId, password) => {
|
||||
const token = jwt.sign({ userId: userId, password: password }, process.env.JWT_SECRET, { expiresIn: '7d' });
|
||||
await db.put(token);
|
||||
return token;
|
||||
return token = jwt.sign({ userId: userId, password: password }, process.env.JWT_SECRET, { expiresIn: '7d' });
|
||||
};
|
||||
|
||||
// Middleware to verify the JWT and set req.userId
|
||||
@@ -32,16 +25,10 @@ const verifyToken = async (req, res, next) => {
|
||||
if (!passwordMatch) return await respondWithStatus(res, 401, 'Token is invalid');
|
||||
|
||||
const now = Date.now().valueOf() / 1000;
|
||||
if (decoded.exp - now < 36000) {
|
||||
const newToken = generateToken(req.userId, decoded.password);
|
||||
res.cookie('token', newToken, {
|
||||
expires: new Date(Date.now() + 14 * 24 * 60 * 60 * 1000),
|
||||
httpOnly: true,
|
||||
secure: true,
|
||||
sameSite: 'strict',
|
||||
});
|
||||
res.set('Authorization', newToken);
|
||||
if (decoded.exp - now <= 0) {
|
||||
return await respondWithStatus(res, 401, 'Token is invalid');
|
||||
}
|
||||
req.username = rows[0].username;
|
||||
next();
|
||||
}
|
||||
catch (error) {
|
||||
|
||||
@@ -15,7 +15,6 @@
|
||||
"express-rate-limit": "^7.1.5",
|
||||
"express-slow-down": "^2.0.1",
|
||||
"jsonwebtoken": "^9.0.2",
|
||||
"level": "^8.0.0",
|
||||
"morgan": "^1.10.0",
|
||||
"mysql2": "^3.6.5",
|
||||
"pino": "^8.16.2"
|
||||
|
||||
@@ -11,16 +11,14 @@ router.post('/register', requestLimiter, async (req, res) => {
|
||||
if ([ username, password ].every(Boolean)) {
|
||||
try {
|
||||
const [existingUsername] = await pool.execute('SELECT * FROM users WHERE username = ? LIMIT 1', [username]);
|
||||
if (existingUsername.length) {
|
||||
return await respondWithStatus(res, 400, 'Username is already taken');
|
||||
}
|
||||
if (existingUsername.length) return await respondWithStatus(res, 400, 'Username is already taken');
|
||||
|
||||
const hashedPassword = await Bun.password.hash(password);
|
||||
const [result] = await pool.execute('INSERT INTO users (username, password) VALUES (?, ?)', [ username, hashedPassword ]);
|
||||
if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error storing user');
|
||||
const user = await pool.execute('SELECT * FROM users WHERE username = ? LIMIT 1', [ username ]);
|
||||
const token = await generateToken(user[0].id, password);
|
||||
return await respondWithStatusJSON(res, 200, { message: 'Successfully registered', token });
|
||||
return await respondWithStatusJSON(res, 200, { message: 'Successfully registered', token, username: req.username });
|
||||
}
|
||||
catch (error) {
|
||||
console.error(error);
|
||||
@@ -51,8 +49,6 @@ router.post('/login', requestLimiter, async (req, res) => {
|
||||
user: {
|
||||
id: user.id,
|
||||
username: user.username,
|
||||
email: user.email,
|
||||
name: user.name,
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user