Skip to content

Commit dc6496c

Browse files
author
Ben
committed
updates login
remeber me option on login change jwt times & cookies ups password hash strength adds helmet package to secure cookies
1 parent 54dcf0a commit dc6496c

4 files changed

Lines changed: 32 additions & 12 deletions

File tree

api/controllers/authController.js

Lines changed: 24 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -19,11 +19,12 @@ const Code = require('../models/codeModel');
1919
* POST:
2020
* {
2121
* "email": "",
22-
* "password": ""
22+
* "password": "",
23+
* "rememberMe": boolean
2324
* }
2425
*/
2526
exports.login_user = async (req, res) => {
26-
const { email, password } = req.body;
27+
const { email, password, rememberMe } = req.body;
2728
if (!email || !password) {
2829
res.status(400).json({
2930
success: false,
@@ -48,13 +49,19 @@ exports.login_user = async (req, res) => {
4849
data: err,
4950
});
5051
} else {
51-
let token = jwt.sign({ username: user._id }, process.env.JWT_SECRET, {
52-
// TODO: SET JWT TOKEN DURATION HERE
53-
expiresIn: '24h',
54-
});
52+
let token = jwt.sign(
53+
{ username: user.uniqueId },
54+
process.env.JWT_SECRET,
55+
{
56+
// TODO: SET JWT TOKEN DURATION HERE
57+
expiresIn: rememberMe ? '48h' : '1h',
58+
}
59+
);
5560
let userFiltered = _.pick(user.toObject(), ['firstName', 'uniqueId']);
5661
userFiltered.token = token;
57-
res.cookie('token', token, { expiresIn: '24h' });
62+
res.cookie('session', token, {
63+
expiresIn: rememberMe ? '48h' : '1h',
64+
});
5865
res.status(200).json({
5966
success: true,
6067
message: 'Successfully logged in',
@@ -149,15 +156,20 @@ exports.create_new_user = async (req, res) => {
149156
firstName: firstName ? firstName : '',
150157
lastName: lastName ? lastName : '',
151158
email: email,
152-
password: bcrypt.hashSync(req.body.password, 10),
159+
password: bcrypt.hashSync(req.body.password, 14),
153160
acceptedTerms: true,
154161
createdOnDate: format(new Date(), 'dd/MM/yyyy'),
155162
uniqueId: uuidv4(),
156163
});
157164
const user = await newUser.save();
158-
const token = jwt.sign({ username: user._id }, process.env.JWT_SECRET, {
159-
expiresIn: '24h',
160-
});
165+
const token = jwt.sign(
166+
{ username: user.uniqueId },
167+
process.env.JWT_SECRET,
168+
{
169+
// TODO: SET JWT TOKEN DURATION HERE
170+
expiresIn: '24h',
171+
}
172+
);
161173
const baseUrl = req.protocol + '://' + req.get('host');
162174
const secretCode = cryptoRandomString({
163175
length: 6,
@@ -171,7 +183,7 @@ exports.create_new_user = async (req, res) => {
171183
from: `YOUR NAME <${process.env.EMAIL_USERNAME}>`,
172184
to: user.email,
173185
subject: 'Your Activation Link for YOUR APP',
174-
text: `Please use the following link within the next 10 minutes to activate your account on YOUR APP: ${baseUrl}/api/auth/verification/verify-account/${user._id}/${secretCode}`,
186+
text: `Please use the following link within the next 10 minutes to activate your account on YOUR APP: ${baseUrl}/api/auth/verification/verify-account/${user.uniqueId}/${secretCode}`,
175187
html: `<p>Please use the following link within the next 10 minutes to activate your account on YOUR APP: <strong><a href="${baseUrl}/api/v1/auth/verification/verify-account/${user.uniqueId}/${secretCode}" target="_blank">Email Verification Link</a></strong></p>`,
176188
};
177189
await sendEmail(data);

package-lock.json

Lines changed: 5 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@
3333
"date-fns": "^2.16.1",
3434
"dotenv": "^8.2.0",
3535
"express": "^4.17.1",
36+
"helmet": "^4.4.0",
3637
"jest": "^26.4.2",
3738
"jsonwebtoken": "^8.5.1",
3839
"lodash": "^4.17.20",

server.js

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ const bodyParser = require('body-parser');
66
const cors = require('cors');
77
const morgan = require('morgan');
88
const winston = require('./config/winston');
9+
const helmet = require('helmet');
910

1011
// Models Imports
1112
const User = require('./api/models/userModel');
@@ -46,6 +47,7 @@ mongoose.connect(
4647
app.use(bodyParser.urlencoded({ extended: true }));
4748
app.use(bodyParser.json());
4849
app.use(morgan('combined', { stream: winston.stream }));
50+
app.use(helmet());
4951

5052
// Cors Controls
5153
app.use((req, res, next) => {

0 commit comments

Comments
 (0)