updated auth, ping page

controllers/ping.js

@@ -0,0 +1,26 @@
+const jwt = require("jsonwebtoken");
+
+let opts = {};
+
+exports.get = (req, res, next) => {
+  // get token
+  const token = req.cookies.JWT_TOKEN;
+  if (!token) {
+    // if none, error
+    return res.status(403).json({
+      message: "Not authorized!",
+    });
+  }
+  try {
+    const username = jwt.verify(token, process.env.SECRET_KEY);
+    // move forward
+    return res.status(200).json({
+      user: username,
+    });
+  } catch {
+    // if incorrect, error
+    return res.status(403).json({
+      message: "Not authorized!",
+    });
+  }
+};

controllers/post.js

@@ -15,7 +15,7 @@ exports.index = asyncHandler(async (req, res, next) => {
   const token = req.cookies.JWT_TOKEN;
   blocc: if (token) {
     try {
-      jwt.verify(token, process.env.SECRET_KEY);
+      const username = jwt.verify(token, process.env.SECRET_KEY);
     } catch {
       break blocc;
     }
@@ -23,13 +23,8 @@ exports.index = asyncHandler(async (req, res, next) => {
     const unpublished = await Post.find({ published: false }).lean().exec();
     for (let z = 0; z < unpublished.length; z++) {
       const post = unpublished[i];
-      const author = post.author;
-      let opts = {
-        expiresIn: "1d",
-      };
-      const authorToken = jwt.sign({ author }, process.env.SECRET_KEY, opts);
       // if any are by the current user, append to dbPosts
-      if (token == authorToken) {
+      if (username == post.author) {
         dbPosts.push(post);
       }
     }

middleware/sameAuthor.js

@@ -6,15 +6,12 @@ const Post = require("../models/post.js");
 const sameAuthor = asyncHandler(async (req, res, next) => {
   // get token
   const token = req.cookies.JWT_TOKEN;
-  // make token with identical user information
+  // extract username from token
-  let opts = {
+  const username = jwt.verify(token, process.env.SECRET_KEY);
-    expiresIn: "1d",
+  // get post
-  };
   const post = await Post.findById(req.params.postID).lean().exec();
-  const author = post.author;
+  // if different usernames
-  const userToken = jwt.sign({ author }, process.env.SECRET_KEY, opts);
+  if (username !== post.author) {
-  // compare the two, if the token does not match then the action is unauthorized
-  if (token != userToken) {
     return res.status(403).json({
       message: "Not authorized!",
     });

middleware/sameUser.js

@@ -3,14 +3,10 @@ const jwt = require("jsonwebtoken");
 const sameUser = (req, res, next) => {
   // get token
   const token = req.cookies.JWT_TOKEN;
-  // make token with identical user information
+  // extract username from token
-  let opts = {
+  const username = jwt.verify(token, process.env.SECRET_KEY);
-    expiresIn: "1d",
+  // if different usernames
-  };
+  if (username != req.params.username) {
-  const username = req.params.username;
-  const userToken = jwt.sign({ username }, process.env.SECRET_KEY, opts);
-  // compare the two, if the token does not match then the action is unauthorized
-  if (token != userToken) {
     return res.status(403).json({
       message: "Not authorized!",
     });

routes/index.js

@@ -2,6 +2,7 @@ const express = require("express");
 const router = express.Router();
 const login_controller = require("../controllers/login.js");
 const post_controller = require("../controllers/post.js");
+const ping_controller = require("../controllers/ping.js");
 const hasToken = require("../middleware/hasToken.js");
 
 // list all posts and append comments to each post based on id, return as json
@@ -11,8 +12,6 @@ router.get("/", post_controller.index);
 router.post("/login", login_controller.post);
 
 // authentication checking page - used by frontend
-router.get("/ping", hasToken, (req, res) => {
+router.get("/ping", ping_controller.get);
-  return res.status(200).json({ message: "Authenticated!" });
-});
 
 module.exports = router;