Cleanup plus logging and log in on signup.

2025-09-08 17:40:17 +00:00 · 2021-03-08 20:57:19 -08:00 · 2021-03-08 20:57:19 -08:00 · 15993b4cec
commit 15993b4cec
parent 594cd52866
7 changed files with 86 additions and 20 deletions
--- a/src/accounts/logUserIn.js
+++ b/src/accounts/logUserIn.js
@ -1,5 +1,5 @@
 import { createSession } from './session.js'
-import { createTokens } from './tokens.js'
+import { refreshTokens } from './user.js'

 export async function logUserIn(userId, request, reply) {
  const connectionInformation = {
@ -8,20 +8,8 @@ export async function logUserIn(userId, request, reply) {
  }
  // Create Session
  const sessionToken = await createSession(userId, connectionInformation)
+  
  // Create JWT
-  const { accessToken, refreshToken } = await createTokens(sessionToken, userId)
  // Set Cookie
-  const now = new Date()
-  // Get date, 30 days in the future
-  const refreshExpires = now.setDate(now.getDate() + 30)
-  reply.setCookie('refreshToken', refreshToken, {
-    path: "/",
-    domain: "localhost",
-    httpOnly: true,
-    expires: refreshExpires,
-  }).setCookie('accessToken', accessToken, {
-    path: "/",
-    domain: "localhost",
-    httpOnly: true,
-  })
+  await refreshTokens(sessionToken, userId, reply)
 }
--- a/src/accounts/logUserOut.js
+++ b/src/accounts/logUserOut.js
@ -0,0 +1,21 @@
+import jwt from 'jsonwebtoken'
+
+const JWTSignature = process.env.JWT_SIGNATURE
+
+export async function logUserOut(request, reply) {
+  try {
+    const { session } = await import("../session/session.js")
+
+    if (request?.cookies?.refreshToken) {
+      const { refreshToken } = request.cookies
+      // Decode refresh token
+      const { sessionToken } = jwt.verify(refreshToken, JWTSignature)
+      // Delete database record for session
+      await session.deleteOne({ sessionToken })
+    }
+    // Remove cookies
+    reply.clearCookie('refreshToken').clearCookie('accessToken')
+  } catch (e) {
+    console.error(e);
+  }
+}
--- a/src/accounts/user.js
+++ b/src/accounts/user.js
@ -34,7 +34,6 @@ export async function getUserFromCookies(request, reply) {
        const currentUser = await user.findOne({
          _id: ObjectId(currentSession.userId)
        })
-        console.log('currentUser', currentUser);
        // Refresh tokens
        await refreshTokens(sessionToken, currentUser._id, reply)
        // Retrun current user
--- a/src/index.js
+++ b/src/index.js
@ -8,6 +8,7 @@ import { connectDb } from './db.js'
 import { registerUser } from './accounts/register.js'
 import { authorizeUser } from './accounts/authorize.js'
 import { logUserIn } from './accounts/logUserIn.js'
+import { logUserOut } from './accounts/logUserOut.js'
 import { getUserFromCookies } from './accounts/user.js'

 // ESM specific "features"
@ -32,11 +33,44 @@ async function startApp() {
          request.body.email,
          request.body.password
        )
+        if (userId) {
+          await logUserIn(userId, request, reply)
+          reply.send({
+            data: {
+              status: "SUCCESS",
+              userId,
+            },
+          })
+        }
      } catch (e) {
        console.error('e', e);
+        reply.send({
+          data: {
+            status: "FAILED",
+            userId,
+          },
+        })
      }
    })

+    app.post('/api/logout', {}, async (request, reply) => {
+      try {
+        await logUserOut(request, reply)
+        reply.send({
+          data: {
+            status: "SUCCESS",
+          },
+        })
+      } catch (e) {
+        console.error('e', e);
+        reply.send({
+          data: {
+            status: "FAILED",
+            userId,
+          },
+        })
+      }
+    })

    app.post('/api/authorize', {}, async (request, reply) => {
      try {
@ -48,14 +82,20 @@ async function startApp() {
        if (isAuthorized) {
          await logUserIn(userId, request, reply)
          reply.send({
-            data: "User Logged In",
+            data: {
+              status: "SUCCESS",
+              userId,
+            },
          })
        }
-        reply.send({
-          data: "Auth Failed",
-        })
      } catch (e) {
        console.error('e', e);
+        reply.send({
+          data: {
+            status: "FAILED",
+            userId,
+          },
+        })
      }
    })
    
--- a/src/public/index.html
+++ b/src/public/index.html
@ -24,7 +24,23 @@
    <button type="submit">Login</button>
  </form>

+  <br/>
+  <hr />
+  <br/>
+
+  <button onclick="logout()">Logout</button>
+
  <script>
+    async function logout() {
+      try {
+        const res = await fetch('/api/logout', {
+          method: "POST",
+        })
+      } catch (e) {
+        console.error(e);
+      }
+    }
+
    ;(() => {
      const registerForm = document.getElementById("register-form")

--- a/src/session/session.js
+++ b/src/session/session.js
@ -2,3 +2,4 @@ import { client } from '../db.js'

 export const session = client.db("test").collection("session")

+session.createIndex({ sessionToken: 1 })
--- a/src/user/user.js
+++ b/src/user/user.js
@ -2,3 +2,4 @@ import { client } from '../db.js'

 export const user = client.db("test").collection("user")

+user.createIndex({ "email.address": 1 })