diff --git a/backend/src/controllers/user.controller.js b/backend/src/controllers/user.controller.js index e444a50..ed822ec 100644 --- a/backend/src/controllers/user.controller.js +++ b/backend/src/controllers/user.controller.js @@ -29,7 +29,7 @@ export async function signinController(req, res) { try { const { email, password } = req.body; const { token, userData } = await signinService(email, password); - res.cookie("access-token", token, { + res.cookie("livepoll-access-token", token, { httpOnly: true, maxAge: 10 * 24 * 60 * 60 * 1000, // 10 days }).status(200).json({ diff --git a/backend/src/middlwares/verifyToken.js b/backend/src/middlwares/verifyToken.js new file mode 100644 index 0000000..ad01de8 --- /dev/null +++ b/backend/src/middlwares/verifyToken.js @@ -0,0 +1,43 @@ +import jwt from "jsonwebtoken"; +import { JWT_PRIVATE } from "../config/veriables.js"; +import { findUserById } from "../repositories/user.repo.js"; + +export const verifyToken = async (req, res, next) => { + try { + const token = req.cookies["livepoll-access-token"]; + if (!token) { + throw { + statusCode: 401, + message: "No token provided", + }; + } + + const decodedData = jwt.verify(token, JWT_PRIVATE); + const userid = decodedData.id; + const user = await findUserById(userid); + + if (!user) { + throw { + statusCode: 401, + message: "Invalid token", + }; + } + req.user = user; + next(); + } catch (err) { + if (err.statusCode) { + res.status(err.statusCode).json({ + success: false, + message: err.message, + }); + } else { + res.status(401).json({ + success: false, + message: "Invalid token", + err: err.message, + }); + + console.log(err); + } + } +}; \ No newline at end of file diff --git a/backend/src/repositories/user.repo.js b/backend/src/repositories/user.repo.js index aa3136f..329d679 100644 --- a/backend/src/repositories/user.repo.js +++ b/backend/src/repositories/user.repo.js @@ -23,4 +23,14 @@ export async function findUserByEmail(email) { catch(err){ throw err; } +} + +export async function findUserById(id) { + try{ + const user = await UserModel.findById(id); + return user; + } + catch(err){ + throw err; + } } \ No newline at end of file diff --git a/backend/src/routes/v1/user.route.js b/backend/src/routes/v1/user.route.js index 2340295..5273c8d 100644 --- a/backend/src/routes/v1/user.route.js +++ b/backend/src/routes/v1/user.route.js @@ -3,6 +3,7 @@ import { signinController, signupController } from "../../controllers/user.contr import validate from "../../validations/validator.js"; import signupSchema from "../../validations/signupValidation.js"; import signinSchema from "../../validations/signinValidation.js"; +import { verifyToken } from "../../middlwares/verifyToken.js"; const userRouter = express.Router(); /** @@ -33,13 +34,67 @@ userRouter.get("/test", (req, res) => { * content: * application/json: * schema: - * $ref: '#/components/schemas/User' + * type: object + * properties: + * username: + * type: string + * email: + * type: string + * password: + * type: string * responses: * 200: * description: Success + * 400: + * description: Bad request + * 500: + * description: Internal server error */ userRouter.post("/signup", validate(signupSchema), signupController); +/** + * @swagger + * /user/signin: + * post: + * summary: User signin + * tags: [User] + * requestBody: + * required: true + * content: + * application/json: + * schema: + * type: object + * properties: + * email: + * type: string + * password: + * type: string + * + * responses: + * 200: + * description: Success + * 400: + * description: Bad request + * 500: + * description: Internal server error + * + */ userRouter.post("/signin", validate(signinSchema), signinController); +userRouter.get("/user", verifyToken, (req, res) => { + try{ + res.json({ + success : true, + message : "Found", + data : req.user + }) + } + catch(err){ + res.status(500).json({ + success : false, + message : err.message + }) + } +}) + export default userRouter; \ No newline at end of file