aheh/ChessHub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f5cf5c46196af8265b454cf97bc0b5dcae348179
ChessHub/backend/routes/auth.js
T

123 lines
4.3 KiB
JavaScript
Raw Blame History

const express = require("express");
const {
createJSONToken,
isValidPassword,
validateJSONToken,
generatePasswordHash,
checkAuth,
} = require("../util/auth");
const { isValidEmail, isValidText } = require("../util/validation");
const { User } = require("../models/user");
const { z, ZodError } = require("zod");
const router = express.Router();
const loginSchema = z
.object({
username: z
.string()
.min(5, { message: "Username should not be less than 5 characters" })
.max(15, { message: "Username should not be more than 15 characters" }),
password: z
.string()
.min(8, { message: "Password should not be less than 8 characters" })
.max(15, { message: "Password should not be more than 15 characters" }),
})
.required();
const signupSchema = z
.object({
username: z
.string()
.min(5, { message: "Username should not be less than 5 characters" })
.max(15, { message: "Username should not be more than 15 characters" }),
email: z.string().email({ message: "Please enter a valid email address" }),
password: z
.string()
.min(8, { message: "Password should not be less than 8 characters" })
.max(15, { message: "Password should not be more than 15 characters" }),
})
.required();
router.post("/signup", async (req, res, next) => {
try {
const data = { email: req.body.email, password: req.body.password, username: req.body.username };
signupSchema.parse(data);
// check if username or email already exists
if (await User.findOne({ username: data.username }))
return res.status(409).json({ error: { username: "username already taken" } });
if (await User.findOne({ email: data.email }))
return res.status(409).json({ error: { email: "user with this email already exists" } });
let userData = {
email: data.email,
username: data.username,
password_hash: await generatePasswordHash(data.password),
};
let userDoc = await User.create(userData);
const authToken = createJSONToken(userDoc.id);
const { id, username, email } = userDoc;
res.setHeader('Host',process.env.HOSTNAME).status(201).cookie("auth-token", authToken, { httpOnly: true, sameSite: "strict" }).json({
success: true,
user: { id, username, email },
token: authToken,
});
} catch (err) {
if (err instanceof ZodError) {
return res.status(400).json({ message: "Invalid data submitted", description: "Invalid schema" });
}
next(err);
}
});
router.post("/login", async (req, res, next) => {
try {
let username = req.body.username,
password = req.body.password;
loginSchema.parse({ username, password });
let user;
user = await User.findOne({ username });
if (!user)
return res.status(404).json({
message: "User does not exist",
description: "'username' not found in db",
});
const pwIsValid = await isValidPassword(password, user.password_hash);
if (!pwIsValid) {
return res.status(401).json({
success: false,
message: "Invalid credentials",
description: "Invalid credentials",
});
}
const token = createJSONToken(user.id);
res.cookie("auth-token", token, { httpOnly: true, sameSite: "strict" });
return res.setHeader('Host',process.env.HOSTNAME)
.status(200)
.json({ token, user: { id: user.id, username: user.username, email: user.email }, success: true });
} catch (error) {
if (error instanceof ZodError) {
return res.status(401).json({ message: "Invalid Credentials", description: "Invalid schema" });
}
next(error);
}
});
router.delete("/logout", checkAuth, (req, res, next) => {
try {
res.setHeader('Host',process.env.HOSTNAME).clearCookie("auth-token", { httpOnly: true, sameSite: "strict" });
res.status(200).json({ success: true });
} catch (err) {
next(err);
}
});
module.exports = router;
Reference in New Issue View Git Blame Copy Permalink