Skip to content
Snippets Groups Projects
Verified Commit acb21d9b authored by Park JongBeum's avatar Park JongBeum
Browse files

feat: add schema validation & token generation

parent be9c83de
No related branches found
No related tags found
No related merge requests found
......@@ -7,6 +7,8 @@ import dotenv from "dotenv";
import mongoose from "mongoose";
import CustomError from "./modules/error.js";
import router from "./routes/index.js";
import passport from "passport";
// import session from "express-session";
// Initialize Environment Variables
const __dirname = fileURLToPath(new URL(".", import.meta.url));
......@@ -38,13 +40,29 @@ app.use(express.json());
app.use(express.urlencoded({ extended: true }));
app.use(express.static(path.join(__dirname, "../public")));
app.use(cookieParser());
// Passport
app.use(passport.initialize());
// Session
// app.use(session({
// secret: process.env.SECRET,
// cookie: {
// httpOnly: true,
// secure: process.env.NODE_ENV === "production",
// },
// resave: false,
// saveUninitialized: false,
// }));
// app.use(passport.authenticate('session'));
app.use("/api", router);
// 404 Handler
app.use("*", function (req, res, next) {
next(new CustomError("NotFound", "Page Not Found", 404));
});
// Error Handler
app.use((err, req, res, next) => {
return res.status(err.statusCode ?? 500).json({
name: err.name,
......
import { Router } from "express";
import crypto from "crypto";
import passport from "passport";
import { Strategy as JwtStrategy, ExtractJwt } from "passport-jwt";
import Joi from "joi";
import User from "../schemas/user.js";
import CustomError from "../modules/error.js";
import { AccessToken, RefreshToken } from "../modules/token.js";
import validator from "../middlewares/validator.js";
const signinSchema = Joi.object({
usermail: Joi.string().email().required(),
password: Joi.string().required(),
});
const signupSchema = Joi.object({
usermail: Joi.string().email().required(),
nickname: Joi.string().required(),
password: Joi.string().required(),
});
const router = Router();
router.post("/signin", async (req, res, next) => {
const hash = (password, salt) => {
return crypto
.pbkdf2Sync(password, salt, 310000, 32, "sha256")
.toString("hex");
};
router.post("/signin", validator(signinSchema), async (req, res, next) => {
const { usermail, password } = req.body;
try {
const user = await User.findOne().byUsermail(usermail);
const hashedPassword = crypto
.pbkdf2Sync(password, user.salt, 310000, 32, "sha256")
.toString("hex");
if (user.password !== hashedPassword)
throw new CustomError("WrongPassword", "Wrong Password", 401);
return res.status(200).json({
usermail,
nickname: user.nickname,
if (user.password !== hash(password, user.salt))
throw new CustomError("AuthError", "Wrong Password", 401);
const accessToken = new AccessToken(
user.usermail,
user.nickname
).generate();
const refreshToken = new RefreshToken(
user.usermail,
user.nickname
).generate();
res.header("X-Access-Token", accessToken);
res.cookie("X-Refresh-Token", refreshToken, {
httpOnly: true,
secure: process.env.NODE_ENV === "production",
});
return res.sendStatus(200);
} catch (e) {
next(e);
}
});
router.post("/signup", async (req, res, next) => {
router.post("/signup", validator(signupSchema), async (req, res, next) => {
try {
const { usermail, nickname, password } = req.body;
const salt = crypto.randomBytes(16).toString("hex");
const hashedPassword = crypto
.pbkdf2Sync(password, salt, 310000, 32, "sha256")
.toString("hex");
await User.insertMany({
usermail,
password: hashedPassword,
password: hash(password, salt),
nickname,
salt,
});
......@@ -42,4 +72,46 @@ router.post("/signup", async (req, res, next) => {
}
});
router.post(
"/sample",
passport.authenticate("jwt", { session: false }),
(req, res) => {
// return res.status(200).json({
// usermail: req.user.usermail,
// nickname: req.user.nickname,
// });
return res.sendStatus(200);
}
);
passport.use(
new JwtStrategy(
{
jwtFromRequest: ExtractJwt.fromHeader("x-access-token"),
// if token is in cookie
// jwtFromRequest: (req) => {
// let token = null;
// if (req && req.cookies) {
// token = req.cookies['X-Access-Token'];
// }
// return token;
// },
issuer: process.env.ISSUER,
audience: process.env.AUDIENCE,
secretOrKeyProvider: (req, rawJwtToken, done) => {
done(null, process.env.SECRET);
},
},
async (jwt_payload, done) => {
try {
const user = await User.findOne().byUsermail(jwt_payload.usermail);
if (user === null) return done(null, false);
return done(null, user);
} catch (e) {
return done(e, false);
}
}
)
);
export default router;
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment