arav/appointment_to_examiner
1
0
Fork 0
forked from CSI-KJSCE/appointment_to_examiner
Code Pull Requests Activity

token refresher

Browse Source
This commit is contained in:
amNobodyyy
2025-01-29 00:21:08 +05:30
parent 16db1725f3
commit 597e47c2d0
10 changed files with 265 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
server/server.js
View File

@@ -7,6 +7,7 @@ const bodyParser = require("body-parser");
const path = require("path");
const bcrypt = require("bcryptjs");
const jwt = require("jsonwebtoken");
const cookieparser = require("cookie-parser");
require("dotenv").config();
// Import Routes
@@ -34,6 +35,7 @@ const PORT = 8080;
// Middleware
app.use(cors({ origin: "http://localhost:3000", credentials: true }));
app.use(cookieparser());
app.use(express.json());
app.use(bodyParser.urlencoded({ extended: true }));
app.use(
@@ -54,12 +56,12 @@ require("./config/passport");
// Routes
app.use("/password", authRoutes);
app.use("/api/courses", courseRoutes);
app.use("/api/faculty", facultyRoutes);
app.use("/api/appointments", appointmentRoutes);
app.use("/api/options", optionsRoutes);
app.use("/api/data", consolidatedRoutes);
app.use("/api/send-email", emailRoutes);
app.use("/api/courses", courseRoutes);
app.use("/api/faculty", facultyRoutes);
app.use("/api/appointments", appointmentRoutes);
app.use("/api/options", optionsRoutes);
app.use("/api/data", consolidatedRoutes);
app.use("/api/send-email", emailRoutes);
// Google OAuth Routes
app.get(
@@ -73,7 +75,7 @@ app.get(
(req, res) => {
const token = jwt.sign({ userId: req.user._id }, process.env.JWT_SECRET, { expiresIn: "1h" });
// Set token as a cookie or send it in the response
res.cookie("token", token, { httpOnly: false, secure: false });
res.cookie("token", token, { httpOnly: true, secure: false, maxAge: 3600000 });
res.redirect("http://localhost:3000/Welcome"); // Redirect to a frontend route after successful login
}
);
@@ -101,15 +103,15 @@ app.post("/api/register", async (req, res) => {
await user.save();
}
req.login(user, (err) => {
if (err) {
console.error("Error logging in user after registration:", err);
return res.status(500).send("Internal server error");
}
return res.status(200).json({
message: "Registered and logged in successfully",
user,
});
// Generate a JWT token using the user's ID
const token = jwt.sign({ userId: user._id }, process.env.JWT_SECRET, { expiresIn: "1h" });
// Set the token as a cookie
res.cookie("token", token, { httpOnly: true, secure: false, maxAge: 3600000 }); // 1 hour expiry
return res.status(200).json({
message: "Registered and logged in successfully",
user,
});
} catch (error) {
console.error("Error registering user:", error);
@@ -129,27 +131,83 @@ app.post("/api/login", (req, res, next) => {
if (err) {
return res.status(500).json({ message: "Internal server error" });
}
// Generate a JWT token using the user's ID
const token = jwt.sign({ userId: user._id }, process.env.JWT_SECRET, { expiresIn: "1h" });
// Set the token as a cookie
res.cookie("token", token, { httpOnly: true, secure: false, maxAge: 3600000 }); // 1 hour expiry
return res.status(200).json({ message: "Login successful", user });
});
})(req, res, next);
});
app.get("/auth/logout", function (req, res) {
req.logout((err) => {
if (err) {
console.log(err);
return res.status(500).json({ message: "Error logging out" });
}
req.session.destroy(function (err) {
if (err) {
console.log(err);
return res.status(500).json({ message: "Error destroying session" });
}
res.json({ message: "Logout successful" });
try {
// Clear the token cookie
res.clearCookie("token", {
httpOnly: true, // Ensure it matches the cookie options you set earlier
secure: false, // Match the "secure" option from cookie settings
sameSite: "lax", // Ensure this matches the original cookie configuration
});
});
// Destroy the session if used (optional, if sessions are implemented)
if (req.session) {
req.session.destroy((err) => {
if (err) {
console.error("Error destroying session:", err);
return res.status(500).json({ message: "Error logging out" });
}
res.status(200).json({ message: "Logout successful, session destroyed" });
});
} else {
// If no session, simply respond with success
res.status(200).json({ message: "Logout successful, cookie cleared" });
}
} catch (err) {
console.error("Error logging out:", err);
res.status(500).json({ message: "Error logging out" });
}
});
// Refresh Token Endpoint
app.post("/api/refresh", (req, res) => {
const refreshToken = req.cookies.token;
console.log(refreshToken);
if (!refreshToken) {
return res.status(401).json({ message: "No refresh token, authorization denied" });
}
try {
const decoded = jwt.verify(refreshToken, process.env.JWT_SECRET);
const newToken = jwt.sign({ userId: decoded.userId }, process.env.JWT_SECRET, { expiresIn: "1h" });
return res
.cookie("token", newToken, { httpOnly: true, maxAge: 3600000 }) // Set new access token
.status(200)
.json({ message: "Token refreshed" });
} catch (err) {
console.error("Error refreshing token:", err);
res.status(401).json({ message: "Invalid or expired refresh token" });
}
});
app.get("/api/auth-check", (req, res) => {
const token = req.cookies.token; // Retrieve the httpOnly cookie
if (!token) {
return res.status(401).json({ message: "Unauthorized" });
}
try {
jwt.verify(token, process.env.JWT_SECRET); // Verify the token
res.status(200).json({ authenticated: true }); // Valid token
} catch (err) {
res.status(401).json({ message: "Unauthorized" }); // Invalid token
}
});
// User Profile Route
app.get("/api/user/profile", async (req, res) => {
try {