-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.mjs
137 lines (127 loc) · 3.62 KB
/
auth.mjs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
import bcrypt from 'bcryptjs';
import mongoose from 'mongoose';
// assumes that User was registered in `./db.mjs`
const User = mongoose.model('User');
const startAuthenticatedSession = (req, user, cb) => {
// TODO: implement startAuthenticatedSession
req.session.regenerate((err) => {
if(!err){
req.session.user = user;
}
else{
console.log("Error starting authentication session:", err);
}
cb(err);
});
};
const endAuthenticatedSession = (req, cb) => {
// TODO: implement endAuthenticatedSession
req.session.destroy((err) => {
cb(err);
});
};
const register = (firstName, lastName, email, password, errorCallback, successCallback) => {
// TODO: implement register
let errObj;
if(password.length >= 8){
User.findOne({email: email}, (err, result) => {
if(!result){
bcrypt.genSalt(10, function(err, salt) {
//We can use a default value of 10 for salt rounds
bcrypt.hash(password, salt, function(err, hash) {
if(!err){
const user = new User({
firstName: firstName,
lastName: lastName,
email:email,
password:hash,
untitledList:0,
list:[]
});
user.save((err, userObj) => {
if(!err){
successCallback(userObj);
}
else{
errObj = {
message:'DOCUMENT SAVE ERROR',
};
errorCallback(errObj);
}
});
}
else{
errObj = {
message:'DOCUMENT SAVE ERROR',
};
errorCallback(errObj);
}
});
});
}
else{
errObj = {
message:'EMAIL ALREADY EXISTS'
};
errorCallback(errObj);
}
});
}
else{
errObj = {
message:'PASSWORD TOO SHORT'
};
errorCallback(errObj);
}
};
const login = (email, password, errorCallback, successCallback) => {
User.findOne({email: email}, (err, user) => {
let errObj;
if (!err && user) {
//then check if the password entered matches the password in the database
//the password in the database is salted and hashed… and contains the salt
//so a simple compare with === is not adequate
bcrypt.compare(password, user.password, (err, passwordMatch) => {
//note that passwordMatch within the callback will be either true or false,
//signifying whether or not the salted and hashed version of the incoming password
//matches the one stored in the database
if(!err && passwordMatch){
successCallback(user);
}
else{
errObj = {
message:'PASSWORDS DO NOT MATCH'
};
errorCallback(errObj);
}
});
}
else{
errObj = {
message:'USER NOT FOUND'
};
errorCallback(errObj);
}
});
};
// creates middleware that redirects to login if path is included in authRequiredPaths
const authRequired = authRequiredPaths => {
return (req, res, next) => {
if(authRequiredPaths.includes(req.path)) {
if(!req.session.user) {
res.redirect('/login');
} else {
next();
}
} else {
next();
}
};
};
export {
startAuthenticatedSession,
endAuthenticatedSession,
register,
login,
authRequired
};