Tokens can also have a admin property. When admin is defined its included in the jwt token.

2019-07-25 00:13:28 +02:00
parent 8a5ab204e1
commit 12afbf6364
3 changed files with 32 additions and 24 deletions
--- a/seasoned_api/src/user/token.js
+++ b/seasoned_api/src/user/token.js
@@ -2,8 +2,9 @@ const User = require('src/user/user');
 const jwt = require('jsonwebtoken');

 class Token {
-   constructor(user) {
+  constructor(user, admin=false) {
    this.user = user;
+    this.admin = admin;
  }

  /**
@@ -12,7 +13,14 @@ class Token {
    * @returns {String}
    */
  toString(secret) {
-      return jwt.sign({ username: this.user.username }, secret);
+    const user = this.user.username;
+    const admin = this.admin;
+    let data = { user }
+
+    if (admin)
+      data = { ...data, admin }
+
+    return jwt.sign(data, secret, { expiresIn: '90d' });
  }

  /**
@@ -24,13 +32,13 @@ class Token {
  static fromString(jwtToken, secret) {
    let username = null;

-      try {
-         username = jwt.verify(jwtToken, secret).username;
-      } catch (error) {
-         throw new Error('The token is invalid.');
-      }
-      const user = new User(username);
-      return new Token(user);
+    const token = jwt.verify(jwtToken, secret, { clockTolerance: 10000 })
+    if (token.username === undefined)
+      throw new Error('Malformed token')
+
+    username = token.username
+    const user = new User(username)
+    return new Token(user)
  }
 }

--- a/seasoned_api/src/webserver/controllers/user/login.js
+++ b/seasoned_api/src/webserver/controllers/user/login.js
@@ -21,9 +21,9 @@ function loginController(req, res) {
   userSecurity.login(user, password)
      .then(() => userRepository.checkAdmin(user))
      .then((checkAdmin) => {
-         const token = new Token(user).toString(secret);
-         const admin_state = checkAdmin === 1 ? true : false;
-         res.send({ success: true, token, admin: admin_state });
+         const isAdmin = checkAdmin === 1 ? true : false;
+         const token = new Token(user, isAdmin).toString(secret);
+         res.send({ success: true, token });
      })
      .catch((error) => {
         res.status(401).send({ success: false, error: error.message });
--- a/seasoned_api/src/webserver/controllers/user/register.js
+++ b/seasoned_api/src/webserver/controllers/user/register.js
@@ -21,10 +21,10 @@ function registerController(req, res) {
   userSecurity.createNewUser(user, password)
      .then(() => userRepository.checkAdmin(user))
      .then((checkAdmin) => {
-         const token = new Token(user).toString(secret);
-         const admin_state = checkAdmin === 1 ? true : false;
+         const isAdmin = checkAdmin === 1 ? true : false;
+         const token = new Token(user, isAdmin).toString(secret);
         res.send({
-            success: true, message: 'Welcome to Seasoned!', token, admin: admin_state,
+            success: true, message: 'Welcome to Seasoned!', token
         });
      })
      .catch((error) => {