From 12afbf63645ad4725a88da10c5a62360d40c3c99 Mon Sep 17 00:00:00 2001 From: KevinMidboe Date: Thu, 25 Jul 2019 00:13:28 +0200 Subject: [PATCH] Tokens can also have a admin property. When admin is defined its included in the jwt token. --- seasoned_api/src/user/token.js | 44 +++++++++++-------- .../src/webserver/controllers/user/login.js | 6 +-- .../webserver/controllers/user/register.js | 6 +-- 3 files changed, 32 insertions(+), 24 deletions(-) diff --git a/seasoned_api/src/user/token.js b/seasoned_api/src/user/token.js index cd8c285..6e904de 100644 --- a/seasoned_api/src/user/token.js +++ b/seasoned_api/src/user/token.js @@ -2,36 +2,44 @@ const User = require('src/user/user'); const jwt = require('jsonwebtoken'); class Token { - constructor(user) { - this.user = user; - } + constructor(user, admin=false) { + this.user = user; + this.admin = admin; + } - /** + /** * Generate a new token. * @param {String} secret a cipher of the token * @returns {String} */ - toString(secret) { - return jwt.sign({ username: this.user.username }, secret); - } + toString(secret) { + const user = this.user.username; + const admin = this.admin; + let data = { user } - /** + if (admin) + data = { ...data, admin } + + return jwt.sign(data, secret, { expiresIn: '90d' }); + } + + /** * Decode a token. * @param {Token} jwtToken an encrypted token * @param {String} secret a cipher of the token * @returns {Token} */ - static fromString(jwtToken, secret) { - let username = null; + static fromString(jwtToken, secret) { + let username = null; - try { - username = jwt.verify(jwtToken, secret).username; - } catch (error) { - throw new Error('The token is invalid.'); - } - const user = new User(username); - return new Token(user); - } + const token = jwt.verify(jwtToken, secret, { clockTolerance: 10000 }) + if (token.username === undefined) + throw new Error('Malformed token') + + username = token.username + const user = new User(username) + return new Token(user) + } } module.exports = Token; diff --git a/seasoned_api/src/webserver/controllers/user/login.js b/seasoned_api/src/webserver/controllers/user/login.js index 89722c1..25d8bca 100644 --- a/seasoned_api/src/webserver/controllers/user/login.js +++ b/seasoned_api/src/webserver/controllers/user/login.js @@ -21,9 +21,9 @@ function loginController(req, res) { userSecurity.login(user, password) .then(() => userRepository.checkAdmin(user)) .then((checkAdmin) => { - const token = new Token(user).toString(secret); - const admin_state = checkAdmin === 1 ? true : false; - res.send({ success: true, token, admin: admin_state }); + const isAdmin = checkAdmin === 1 ? true : false; + const token = new Token(user, isAdmin).toString(secret); + res.send({ success: true, token }); }) .catch((error) => { res.status(401).send({ success: false, error: error.message }); diff --git a/seasoned_api/src/webserver/controllers/user/register.js b/seasoned_api/src/webserver/controllers/user/register.js index 280f4be..36d9ff2 100644 --- a/seasoned_api/src/webserver/controllers/user/register.js +++ b/seasoned_api/src/webserver/controllers/user/register.js @@ -21,10 +21,10 @@ function registerController(req, res) { userSecurity.createNewUser(user, password) .then(() => userRepository.checkAdmin(user)) .then((checkAdmin) => { - const token = new Token(user).toString(secret); - const admin_state = checkAdmin === 1 ? true : false; + const isAdmin = checkAdmin === 1 ? true : false; + const token = new Token(user, isAdmin).toString(secret); res.send({ - success: true, message: 'Welcome to Seasoned!', token, admin: admin_state, + success: true, message: 'Welcome to Seasoned!', token }); }) .catch((error) => {