authentication complete: integrate fronted and backend

Author: soorajarsn

.gitignore

@@ -1,3 +1,5 @@
 /node_modules
 /config
-.env
+.env
+dist
+.cache

app.js

@@ -5,6 +5,8 @@ const compression = require("compression");
 const cors = require("cors");
 const logger = require("morgan");
 const bodyParser = require("body-parser");
+const cookieParser = require('cookie-parser');
+const path = require('path');
 const session = require("express-session");
 const upload = require('express-fileupload');
 const getRoutes = require("./backend/routes/getRoutes");
@@ -19,8 +21,9 @@ app.use(upload({createParentPath:true}));
 app.use(compression());
 app.use(express.json());
 app.use(bodyParser.json());
-app.use(bodyParser.urlencoded({ extended: true }));
-app.use(express.static(__dirname + "/client"));
+app.use(cookieParser());
+// app.use(express.static(__dirname + "/client"));
+app.use(express.static(path.join(__dirname,"client/dist")));
 app.use(logger("dev"));
 app.set("views", __dirname + "/client/views");
 app.set("view engine", "ejs");
@@ -37,8 +40,11 @@ app.use(
 );
 
 app.use("/post", postRoutes)
-app.use("/", getRoutes);
-
+app.use("/api", getRoutes);
+//frontend routes
+app.get("*",(req,res)=>{
+  res.sendFile(path.join(__dirname,'client/dist/index.html'));
+})
 app.set("port", process.env.PORT || 4000);
 app.listen(app.get("port"), () => {
   console.log("App started running at " + app.get("port"));

backend/controllers/getControllers/loadUser.js

@@ -0,0 +1,25 @@
+const config = require('config');
+const User = require('../../models/userModal');
+const jwt = require('jsonwebtoken');
+module.exports = async (req,res) => {
+    const token = req.cookies['token'];
+    if(!token)return res.status(401).send({errorMsg:'Unauthorized!'});
+    try{
+        const decoded = jwt.verify(token,config.get('jwtSecret'));
+        let user = await User.findById(decoded.id).exec();
+        let userData = {
+            userName:user.name,
+            userId:user._id,
+            emailVerified:user.emailVerified,
+            phoneNumberVerified:user.phoneNumberVerified
+        }
+        res.set('Cache-Control','no-store');
+        req.session.userId = user._id;
+        return res.status(200).send({...userData});
+    }
+    catch(e){
+        console.log(e);
+        return res.status(400).send({errorMsg:'Invalid Token!'});
+    }
+
+}

backend/controllers/getControllers/logout.js

@@ -0,0 +1,29 @@
+module.exports = (req, res) => {
+  req.session.destroy(function (err) {
+    if (!err) {
+        console.log("destroying");
+      res.cookie("token", '' , {
+        expires: new Date(0),
+        httpOnly: false,
+      });
+      res.cookie("userName", '' , {
+        expires: new Date(0),
+        httpOnly: false,
+      });
+      res.cookie("userId", '' , {
+        expires: new Date(0),
+        httpOnly: false,
+      });
+      res.cookie("emailVerified", '' , {
+        expires: new Date(0),
+        httpOnly: false,
+      });
+      res.cookie("phoneNumberVerified", '' , {
+        expires: new Date(0),
+        httpOnly: false,
+      });
+      res.set("Cache-Control","no-store");
+      res.status(200).send({ msg: "Logout success" });
+    }
+  });
+};

backend/controllers/getControllers/sendVerificationEmail.js

@@ -1,41 +1,24 @@
-const crypto = require("crypto");
 const User = require("../../models/userModal");
-const sendEmail = require("../../utils/smtpTransport");
-const encrypt = (text) => {
-  var cipher = crypto.createCipher(
-    process.env.ENCRYPTION_ALGO,
-    process.env.CRYPTOJS_SECRET
-  );
-  var encrypted = cipher.update(text, "utf8", "hex") + cipher.final("hex");
-  return encrypted;
-};
+const sendEmail = require("../../utils/sendVerificationEmail");
+const jwt = require('jsonwebtoken');
+const config = require('config');
 const sendVerificationEmail = async (req, res) => {
-  const id = req.session.userId;
-  //check if email is already verified
+  const token = req.cookies['token'];
+  const decoded = jwt.verify(token,config.get('jwtSecret'));
+  const id = decoded.id;
+  console.log(id);
   const user = await User.findById(id).exec();
   if (user.emailVerified)
-    return res.status(400).send({ error: "Your email is already verified" });
-  //encrypt the id and current time
-  var encryptedID = encrypt(id);
-  var encryptedTime = encrypt((Date.now()).toString());
-  //construct link with the encrypted ID and current time
-  //a = id && b = time, used bad naming so that verification link do not get very obivious to user or third party
-  const link = `${process.env.PROTOCOL}://${process.env.HOST}/verifyEmail?a=${encryptedID}&b=${encryptedTime}`;
-  //create the email
-  const mailOptions = {
-    to: user.email,
-    subject: "Please confirm your Email Address",
-    html: `<img src="https://media-exp1.licdn.com/dms/image/sync/C4E22AQG4zTDlyguaNQ/feedshare-shrink_800/0/1602572271436?e=1623888000&v=beta&t=Aq2jU_LLoM8lK5Mq7TgYxdf-9tkVZJs3Bc2m0HK68tw" /><br><br>Hello,<br> Please Click on the link to verify your email.<br><a href=${link}>Click here to verify</a><br>The above link is valid for ${process.env.EMAIL_LINK_VALIDITY} minutes only`,
-  };
-  try {
-    //send email to the user
-    let response = await sendEmail(mailOptions);
+    return res.redirect('/home');
+  try{
+    const response = await sendEmail(id,user.email);
     console.log(response);
-    //render verifyEmail page to inform user that an email has been sent at his registered mobile number now
-    return res.render("verifyEmailMsg");
-  } catch (err) {
+    res.set("Cache-Control","no-store");
+    return res.status(200).send({msg:"success"});
+  }
+  catch(err){
     console.log(err);
-    return res.status(500).send(err);
+    return res.status(500).send({errorMsg:"Can't sent Otp! Something went wrong"});
   }
 };
 module.exports = sendVerificationEmail;

backend/controllers/getControllers/verifyEmail.js

@@ -31,22 +31,24 @@ const verifyEmail = async (req, res) => {
       if (timeElapsed < process.env.EMAIL_LINK_VALIDITY) {
         //email link is clicked in valid time duration
         user.emailVerified = true;
-        user.save();
+        await user.save();
         console.log("email verified");
-        res.redirect("home");
+        res.cookie("emailVerified", user.emailVerified, {
+          expires: new Date(Date.now() + 1000 * 60 * 60 * 5),
+          httpOnly: false,
+        });
+        res.redirect("/dashboard");
       } else {
         //link not clicked in valid time duration
-        res.render("sentEmailLinkAgain");
+        res.status(400).send({errorMsg:"Invalid Link"});
+        // res.render("sentEmailLinkAgain");
       }
     } else {
-      res.status(400).send({ error: "Invalid request!" });
+      res.status(400).send({ errorMsg: "Invalid request!" });
     }
   } else {
     //domain didn't matched
-    //now we need to reset req.session.host, req.session.protocol
-    req.session.protocol = null;
-    req.session.host = null;
-    res.status(400).send({ error: "Invalid request!" });
+    res.status(400).send({ errorMsg: "Invalid request!" });
   }
 };
 module.exports = verifyEmail;

backend/controllers/getControllers/verifyResetPasswordLink.js

@@ -0,0 +1,53 @@
+const crypto = require("crypto");
+const User = require("../../models/userModal");
+const decrypt = (cipher) => {
+  const decipher = crypto.createDecipher(
+    process.env.ENCRYPTION_ALGO,
+    process.env.CRYPTOJS_SECRET
+  );
+  var decrypted =
+    decipher.update(cipher, "hex", "utf8") + decipher.final("utf8");
+  return decrypted;
+};
+const verifyResetPasswordLink = async (req, res) => {
+  const host = req.get("host");
+  if (
+    `${req.protocol}://${host}` ==
+    `${process.env.PROTOCOL}://${process.env.HOST}`
+  ) {
+    //domain matched
+    const encryptedID = req.query.a; //since a = id
+    const encryptedTime = req.query.b; //since b = time
+    //decrypt ID and Time
+    const decryptedID = decrypt(encryptedID);
+    const decryptedTime = decrypt(encryptedTime);
+    console.log("decryptedID : ",decryptedID," decryptedTime : ",decryptedTime);
+    let user;
+    try{
+        user = await User.findById(decryptedID).exec();
+    }catch(err){
+        return res.status(500).send({errorMsg:"Internal Server Error"})
+    }
+    if (user) {
+      const timeElapsed = (Date.now() - decryptedTime) / (1000 * 60); //in minutes;
+      console.log(user);
+      if (timeElapsed < process.env.EMAIL_LINK_VALIDITY) {
+        //email link is clicked in valid time duration
+        res.send({msg:"success"});
+      } else {
+        //link not clicked in valid time duration
+        console.log("the link is click after it gets disabled");
+        res.status(400).send({errorMsg:"Invalid Link"});
+        // res.render("sentEmailLinkAgain");
+      }
+    } else {
+        console.log("invalid userId while verify reset password link");
+      res.status(400).send({ errorMsg: "Invalid request!" });
+    }
+  } else {
+    //domain didn't matched
+    console.log("domain didn't matched");
+    res.status(400).send({ errorMsg: "Invalid request!" });
+  }
+};
+module.exports = verifyResetPasswordLink;

backend/controllers/postControllers/changePassword.js

@@ -0,0 +1,58 @@
+const crypto = require("crypto");
+const User = require("../../models/userModal");
+const bcrypt = require("bcryptjs");
+const decrypt = (cipher) => {
+  const decipher = crypto.createDecipher(
+    process.env.ENCRYPTION_ALGO,
+    process.env.CRYPTOJS_SECRET
+  );
+  var decrypted =
+    decipher.update(cipher, "hex", "utf8") + decipher.final("utf8");
+  return decrypted;
+};
+const changePassword = async (req, res) => {
+  const { password, confirmPassword } = req.body;
+  if (!password || !confirmPassword)
+    return res.status(400).send({ errorMsg: "Both the fields are required!" });
+  //both password and confirmPassword supplied in the body;
+  if (password != confirmPassword)
+    return res.status(401).send({ errorMsg: "Passwords don't match!" });
+  //passwords matched
+  const encryptedID = req.query.a; //since a = id
+  const encryptedTime = req.query.b; //since b = time
+  console.log(encryptedID);
+  console.log(encryptedTime);
+  //decrypt ID and Time
+  const decryptedID = decrypt(encryptedID);
+  const decryptedTime = decrypt(encryptedTime);
+  let user;
+  try {
+    user = await User.findById(decryptedID).exec();
+  } catch (err) {
+    return res.status(500).send({ error: "Internal Server Error" });
+  }
+  if (!user)
+    return res
+      .status(400)
+      .send({ error: "This link is not valid now! Please get a new link." });
+  //valid userId;
+  const timeElapsed = (Date.now() - decryptedTime) / (1000 * 60); //in minutes;
+  if (timeElapsed > process.env.EMAIL_LINK_VALIDITY)
+    return res
+      .status(400)
+      .send({ error: "This link is not valid now! Please get a new link." });
+  //password is changed in valid time duration
+  bcrypt.genSalt(10, (err, salt) => {
+    bcrypt.hash(password, salt, async (err, hash) => {
+      if (err) res.status(500).send({ error: "Internal Server Error" });
+      user.password = hash;
+      try {
+        await user.save();
+        return res.send({ msg: "success" });
+      } catch (err) {
+        return res.status(500).send({ error: "Internal Server Error" });
+      }
+    });
+  });
+};
+module.exports = changePassword;

backend/controllers/postControllers/login.js

@@ -1,32 +1,61 @@
 const User = require("../../models/userModal");
-const config = require('config');
+const config = require("config");
 const bcrypt = require("bcryptjs");
 const jwt = require("jsonwebtoken");
 const login = async (req, res) => {
   const { email, password } = req.body;
   if (!email || !password) {
     console.log({ email, password }, "email or password empty!");
-    return res.status(400).send({ error: "Email and password are required!" });
+    return res
+      .status(400)
+      .send({ errorMsg: "Email and password are required!" });
   }
   const user = await User.findOne().findByEmail(email).exec();
-  console.log("find user : ",user,"user password : ",user.password);
   if (!user) {
     console.log("Invalid email!");
-    return res.status(400).send({ error: "Invalid email!" });
+    return res.status(400).send({ errorMsg: "This email is not registered!" });
   }
-  bcrypt.compare(password, user.password).then(isMatch => {
-    if (!isMatch) return res.send({ errorMsg: "Please Check your Password" });
-    jwt.sign({ id: user._id }, config.get("jwtSecret"), { expiresIn: 60 * 60 }, (err, token) => {
-      if (err) return res.status(500).send(err);
-      res.cookie("token", token, {
-        maxAge: 60 * 60,
-        httpOnly: true,
-      });
-      req.session.userId = user._id;
-      console.log("req.session.userId : ",user._id);
-      req.session.mobileNumber = user.callingPhoneNumber;
-      return res.redirect('/home');
-    });
+  bcrypt.compare(password, user.password).then((isMatch) => {
+    console.log(isMatch);
+    if (!isMatch) return res.status(401).send({ errorMsg: "Please Check your Password!" });
+    jwt.sign(
+      { id: user._id },
+      config.get("jwtSecret"),
+      { expiresIn: "6h" },
+      (err, token) => {
+        if (err)
+          return res
+            .status(500)
+            .send({ errorMsg: "Status Code:500, Internal Server Error!" });
+        res.cookie("token", token, {
+          expires: new Date(Date.now() + 1000 * 60 * 60 * 5),
+          httpOnly: false,
+        });
+        res.cookie("userName", user.name, {
+          expires: new Date(Date.now() + 1000 * 60 * 60 * 5),
+          httpOnly: false,
+        });
+        res.cookie("userId", user._id, {
+          expires: new Date(Date.now() + 1000 * 60 * 60 * 5),
+          httpOnly: false,
+        });
+        res.cookie("emailVerified", user.emailVerified, {
+          expires: new Date(Date.now() + 1000 * 60 * 60 * 5),
+          httpOnly: false,
+        });
+        res.cookie("phoneNumberVerified", user.phoneNumberVeried, {
+          expires: new Date(Date.now() + 1000 * 60 * 60 * 5),
+          httpOnly: false,
+        });
+        return res.status(200).send({
+          token,
+          emailVerified: user.emailVerified,
+          phoneNumberVerified: user.phoneNumberVerified,
+          userName: user.name,
+          userId: user._id
+        });
+      }
+    );
   });
 };
-module.exports = login;
+module.exports = login;