diff --git a/controllers/ping.js b/controllers/ping.js new file mode 100644 index 0000000..2bfd68f --- /dev/null +++ b/controllers/ping.js @@ -0,0 +1,26 @@ +const jwt = require("jsonwebtoken"); + +let opts = {}; + +exports.get = (req, res, next) => { + // get token + const token = req.cookies.JWT_TOKEN; + if (!token) { + // if none, error + return res.status(403).json({ + message: "Not authorized!", + }); + } + try { + const username = jwt.verify(token, process.env.SECRET_KEY); + // move forward + return res.status(200).json({ + user: username, + }); + } catch { + // if incorrect, error + return res.status(403).json({ + message: "Not authorized!", + }); + } +}; diff --git a/controllers/post.js b/controllers/post.js index 849bfdd..31620b5 100644 --- a/controllers/post.js +++ b/controllers/post.js @@ -15,7 +15,7 @@ exports.index = asyncHandler(async (req, res, next) => { const token = req.cookies.JWT_TOKEN; blocc: if (token) { try { - jwt.verify(token, process.env.SECRET_KEY); + const username = jwt.verify(token, process.env.SECRET_KEY); } catch { break blocc; } @@ -23,13 +23,8 @@ exports.index = asyncHandler(async (req, res, next) => { const unpublished = await Post.find({ published: false }).lean().exec(); for (let z = 0; z < unpublished.length; z++) { const post = unpublished[i]; - const author = post.author; - let opts = { - expiresIn: "1d", - }; - const authorToken = jwt.sign({ author }, process.env.SECRET_KEY, opts); // if any are by the current user, append to dbPosts - if (token == authorToken) { + if (username == post.author) { dbPosts.push(post); } } diff --git a/middleware/sameAuthor.js b/middleware/sameAuthor.js index 3a9c422..f8b3d43 100644 --- a/middleware/sameAuthor.js +++ b/middleware/sameAuthor.js @@ -6,15 +6,12 @@ const Post = require("../models/post.js"); const sameAuthor = asyncHandler(async (req, res, next) => { // get token const token = req.cookies.JWT_TOKEN; - // make token with identical user information - let opts = { - expiresIn: "1d", - }; + // extract username from token + const username = jwt.verify(token, process.env.SECRET_KEY); + // get post const post = await Post.findById(req.params.postID).lean().exec(); - const author = post.author; - const userToken = jwt.sign({ author }, process.env.SECRET_KEY, opts); - // compare the two, if the token does not match then the action is unauthorized - if (token != userToken) { + // if different usernames + if (username !== post.author) { return res.status(403).json({ message: "Not authorized!", }); diff --git a/middleware/sameUser.js b/middleware/sameUser.js index 07c1105..03f80b7 100644 --- a/middleware/sameUser.js +++ b/middleware/sameUser.js @@ -3,14 +3,10 @@ const jwt = require("jsonwebtoken"); const sameUser = (req, res, next) => { // get token const token = req.cookies.JWT_TOKEN; - // make token with identical user information - let opts = { - expiresIn: "1d", - }; - const username = req.params.username; - const userToken = jwt.sign({ username }, process.env.SECRET_KEY, opts); - // compare the two, if the token does not match then the action is unauthorized - if (token != userToken) { + // extract username from token + const username = jwt.verify(token, process.env.SECRET_KEY); + // if different usernames + if (username != req.params.username) { return res.status(403).json({ message: "Not authorized!", }); diff --git a/routes/index.js b/routes/index.js index fa1365a..f801912 100644 --- a/routes/index.js +++ b/routes/index.js @@ -2,6 +2,7 @@ const express = require("express"); const router = express.Router(); const login_controller = require("../controllers/login.js"); const post_controller = require("../controllers/post.js"); +const ping_controller = require("../controllers/ping.js"); const hasToken = require("../middleware/hasToken.js"); // list all posts and append comments to each post based on id, return as json @@ -11,8 +12,6 @@ router.get("/", post_controller.index); router.post("/login", login_controller.post); // authentication checking page - used by frontend -router.get("/ping", hasToken, (req, res) => { - return res.status(200).json({ message: "Authenticated!" }); -}); +router.get("/ping", ping_controller.get); module.exports = router;