feat: login ,register and protect route

Puskar-Roy · Puskar-Roy · commit 6db2f3c46b5d · 2023-12-03T12:29:36.000+05:30
diff --git a/.env b/.env
@@ -2,3 +2,7 @@
 
 PORT = 5050 
 MONGOURI = <Your-MongoDB-URI>
+
+JWT_SECRET ="itsyourjwtsecrentusesomethingbigtoprotectyourjwtauthentication"
+JWT_COOKIE_EXPIRES_IN = 7
+
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -35,6 +35,7 @@
     "jsonwebtoken": "^9.0.2",
     "mongoose": "^8.0.2",
     "morgan": "^1.10.0",
+    "validator": "^13.11.0",
     "xss-clean": "^0.1.4"
   },
   "devDependencies": {
diff --git a/src/config/config.ts b/src/config/config.ts
@@ -4,6 +4,8 @@ dotenv.config();
 const config = {
   PORT: process.env.PORT || 3000,
   MONGOURI: process.env.MONGOURI,
+  JWT_SECRET: process.env.JWT_SECRET,
+  JWT_COOKIE_EXPIRES_IN: process.env.JWT_COOKIE_EXPIRES_IN,
 };
 
 export default config;
diff --git a/src/controllers/authController.ts b/src/controllers/authController.ts
@@ -1,6 +1,88 @@
 import { Request, Response } from 'express';
 import asyncHandler from '../util/catchAsync';
+import UserModel from '../models/userSchema';
+import jwt from 'jsonwebtoken';
+import bcrypt from 'bcryptjs';
+import validator from 'validator';
+import { CookieOptions } from '../interfaces/cookieOption';
+import config from '../config/config';
 
 export const testRoute = asyncHandler(async (req: Request, res: Response) => {
   res.json({ success: true });
 });
+
+export const login = asyncHandler(async (req: Request, res: Response) => {
+  try {
+    const { email, password } = req.body;
+    const user = await UserModel.findOne({ email });
+    if (!user) {
+      return res.status(404).json({
+        success: false,
+        message: 'Invalid credentials',
+      });
+    }
+    const isPasswordMatch = await bcrypt.compare(password, user.password);
+    if (!isPasswordMatch) {
+      return res.status(401).json({
+        success: false,
+        message: 'Invalid credentials',
+      });
+    }
+    const token = jwt.sign({ userId: user._id }, config.JWT_SECRET);
+    const expireTime: number = parseInt(config.JWT_COOKIE_EXPIRES_IN);
+
+    const cookieOptions: CookieOptions = {
+      expires: new Date(Date.now() + expireTime * 24 * 60 * 60 * 1000),
+      httpOnly: true,
+      secure: req.secure || req.headers['x-forwarded-proto'] === 'https',
+      sameSite: 'strict',
+    };
+    res.cookie('jwt', token, cookieOptions);
+    user.password = undefined;
+    user.cpassword = undefined;
+    res.setHeader('Authorization', `Bearer ${token}`);
+
+    res.status(200).json({ success: true, data: user, jwt_token: token });
+  } catch (error) {
+    console.error('Login error:', error);
+    res.status(500).json({
+      success: false,
+      message: 'Internal server error',
+    });
+  }
+});
+
+export const register = asyncHandler(async (req: Request, res: Response) => {
+  const { name, email, password, cpassword } = req.body;
+
+  if (!name || !email || !password || !cpassword || !validator.isEmail(email)) {
+    return res
+      .status(400)
+      .json({ message: 'Invalid input data!', success: false });
+  }
+  const checkUser = await UserModel.findOne({ email });
+  if (checkUser) {
+    return res
+      .status(409)
+      .json({ success: false, message: 'User already exists!' });
+  }
+  try {
+    const user = new UserModel({
+      name,
+      email,
+      password,
+      cpassword,
+    });
+    await user.save();
+    return res.status(201).json({
+      message: 'Registration successful!',
+      success: true,
+      userId: user._id,
+    });
+  } catch (error) {
+    console.error('Registration error:', error);
+    return res
+      .status(500)
+      .json({ message: 'Registration failed!', success: false });
+  }
+});
diff --git a/src/interfaces/cookieOption.ts b/src/interfaces/cookieOption.ts
@@ -0,0 +1,6 @@
+export interface CookieOptions {
+  expires: Date;
+  httpOnly: boolean;
+  secure: boolean;
+  sameSite: boolean | 'strict' | 'lax' | 'none';
+}
diff --git a/src/middleware/middleware.ts b/src/middleware/middleware.ts
@@ -0,0 +1,33 @@
+import { Request as ExpressRequest, Response, NextFunction } from 'express';
+import jwt from 'jsonwebtoken';
+import config from '../config/config';
+
+interface RequestWithUserId extends ExpressRequest {
+  userId?: string;
+}
+
+export const protect = (
+  req: RequestWithUserId,
+  res: Response,
+  next: NextFunction
+) => {
+  try {
+    const token = req.headers.authorization?.split(' ')[1];
+    if (!token) {
+      return res.status(401).json({
+        success: false,
+        message: 'Unauthorized: No token provided',
+      });
+    }
+
+    const decoded = jwt.verify(token, config.JWT_SECRET) as { userId: string };
+    req.userId = decoded.userId;
+    next();
+  } catch (error) {
+    console.error('Authentication error:', error);
+    return res.status(401).json({
+      success: false,
+      message: 'Unauthorized: Invalid token',
+    });
+  }
+};
diff --git a/src/routes/authRoutes.ts b/src/routes/authRoutes.ts
@@ -1,7 +1,9 @@
 import express, { Router } from 'express';
-import { testRoute } from '../controllers/authController';
-const route: Router = express.Router();
+import { testRoute, login, register } from '../controllers/authController';
+const router: Router = express.Router();
 
-route.get('/', testRoute);
+router.get('/', testRoute);
+router.post('/login', login);
+router.post('/register', register);
 
-export default route;
+export default router;
