auth - when creds were wrong, fixed
This commit is contained in:
@@ -1,18 +1,18 @@
|
||||
import express, { Request, Response, NextFunction } from 'express';
|
||||
import jwt from 'jsonwebtoken';
|
||||
import bcrypt from 'bcrypt';
|
||||
import { storage } from '../storage';
|
||||
import { UserUncheckedCreateInputObjectSchema } from '@repo/db/usedSchemas';
|
||||
import { z } from 'zod';
|
||||
import express, { Request, Response, NextFunction } from "express";
|
||||
import jwt from "jsonwebtoken";
|
||||
import bcrypt from "bcrypt";
|
||||
import { storage } from "../storage";
|
||||
import { UserUncheckedCreateInputObjectSchema } from "@repo/db/usedSchemas";
|
||||
import { z } from "zod";
|
||||
|
||||
type SelectUser = z.infer<typeof UserUncheckedCreateInputObjectSchema>;
|
||||
|
||||
const JWT_SECRET = process.env.JWT_SECRET || 'your-jwt-secret';
|
||||
const JWT_EXPIRATION = '24h'; // JWT expiration time (1 day)
|
||||
const JWT_SECRET = process.env.JWT_SECRET || "your-jwt-secret";
|
||||
const JWT_EXPIRATION = "24h"; // JWT expiration time (1 day)
|
||||
|
||||
// Function to hash password using bcrypt
|
||||
async function hashPassword(password: string) {
|
||||
const saltRounds = 10; // Salt rounds for bcrypt
|
||||
const saltRounds = 10; // Salt rounds for bcrypt
|
||||
const hashedPassword = await bcrypt.hash(password, saltRounds);
|
||||
return hashedPassword;
|
||||
}
|
||||
@@ -32,50 +32,63 @@ function generateToken(user: SelectUser) {
|
||||
|
||||
const router = express.Router();
|
||||
|
||||
|
||||
// User registration route
|
||||
router.post("/register", async (req: Request, res: Response, next: NextFunction): Promise<any> => {
|
||||
router.post(
|
||||
"/register",
|
||||
async (req: Request, res: Response, next: NextFunction): Promise<any> => {
|
||||
try {
|
||||
const existingUser = await storage.getUserByUsername(req.body.username);
|
||||
if (existingUser) {
|
||||
return res.status(400).send("Username already exists");
|
||||
}
|
||||
|
||||
try {
|
||||
const existingUser = await storage.getUserByUsername(req.body.username);
|
||||
if (existingUser) {
|
||||
return res.status(400).send("Username already exists");
|
||||
const hashedPassword = await hashPassword(req.body.password);
|
||||
const user = await storage.createUser({
|
||||
...req.body,
|
||||
password: hashedPassword,
|
||||
});
|
||||
|
||||
// Generate a JWT token for the user after successful registration
|
||||
const token = generateToken(user);
|
||||
|
||||
const { password, ...safeUser } = user;
|
||||
return res.status(201).json({ user: safeUser, token });
|
||||
} catch (error) {
|
||||
console.error("Registration error:", error);
|
||||
return res.status(500).json({ error: "Internal server error" });
|
||||
}
|
||||
|
||||
const hashedPassword = await hashPassword(req.body.password);
|
||||
const user = await storage.createUser({
|
||||
...req.body,
|
||||
password: hashedPassword,
|
||||
});
|
||||
|
||||
// Generate a JWT token for the user after successful registration
|
||||
const token = generateToken(user);
|
||||
|
||||
const { password, ...safeUser } = user;
|
||||
return res.status(201).json({ user: safeUser, token });
|
||||
|
||||
} catch (error) {
|
||||
next(error);
|
||||
}
|
||||
});
|
||||
);
|
||||
|
||||
// User login route
|
||||
router.post("/login", async (req: Request, res: Response, next: NextFunction): Promise<any> => {
|
||||
try {
|
||||
const user = await storage.getUserByUsername(req.body.username);
|
||||
if (!user || !(await comparePasswords(req.body.password, user.password))) {
|
||||
return res.status(401).send("Invalid username or password");
|
||||
router.post(
|
||||
"/login",
|
||||
async (req: Request, res: Response, next: NextFunction): Promise<any> => {
|
||||
try {
|
||||
const user = await storage.getUserByUsername(req.body.username);
|
||||
|
||||
if (!user) {
|
||||
return res.status(401).json({ error: "Invalid username or password" });
|
||||
}
|
||||
|
||||
const isPasswordMatch = await comparePasswords(
|
||||
req.body.password,
|
||||
user.password
|
||||
);
|
||||
|
||||
if (!isPasswordMatch) {
|
||||
return res.status(401).json({ error: "Invalid password or password" });
|
||||
}
|
||||
|
||||
// Generate a JWT token for the user after successful login
|
||||
const token = generateToken(user);
|
||||
const { password, ...safeUser } = user;
|
||||
return res.status(200).json({ user: safeUser, token });
|
||||
} catch (error) {
|
||||
return res.status(500).json({ error: "Internal server error" });
|
||||
}
|
||||
|
||||
// Generate a JWT token for the user after successful login
|
||||
const token = generateToken(user);
|
||||
const { password, ...safeUser } = user;
|
||||
return res.status(200).json({ user: safeUser, token });
|
||||
|
||||
} catch (error) {
|
||||
next(error);
|
||||
}
|
||||
});
|
||||
);
|
||||
|
||||
// Logout route (client-side action to remove the token)
|
||||
router.post("/logout", (req: Request, res: Response) => {
|
||||
@@ -83,5 +96,4 @@ router.post("/logout", (req: Request, res: Response) => {
|
||||
res.status(200).send("Logged out successfully");
|
||||
});
|
||||
|
||||
|
||||
export default router;
|
||||
export default router;
|
||||
|
||||
Reference in New Issue
Block a user