selim/AutoCatBackend
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes for authorization error handling

Browse Source
This commit is contained in:
Selim Mustafaev 2023-09-06 20:30:36 +03:00
parent 82256a5d20
commit c554e1750e
3 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.env.example
View File

@ -18,4 +18,5 @@ MONGO_CONNECTION_STRING = "mongodb+srv://$DB_USER_NAME:$DB_USER_PASSWORD@$DB_SER
# JWT secrets # JWT secrets
JWT_SECRET_AUTH = "" JWT_SECRET_AUTH = ""
JWT_SECRET_SHARED_REPORT = "" JWT_SECRET_SHARED_REPORT = ""
JWT_EXPIRATION_TIME = "365d"

4
middleware/jwt.js
View File

@ -16,6 +16,7 @@ module.exports = function (options) {
jsonwebtoken.verify(token, options.secret, (error, decoded) => { jsonwebtoken.verify(token, options.secret, (error, decoded) => {
if(error) { if(error) {
res.status(401).send({ success: false, error: error.message }); res.status(401).send({ success: false, error: error.message });
console.error(error);
} else { } else {
req.user = decoded; req.user = decoded;
next(); next();
@ -23,12 +24,15 @@ module.exports = function (options) {
}); });
} else { } else {
res.status(401).send({ success: false, error: 'Unsupported authorization header' }); res.status(401).send({ success: false, error: 'Unsupported authorization header' });
console.error('Unsupported authorization header');
} }
} else { } else {
res.status(401).send({ success: false, error: 'Invalid authorization header' }); res.status(401).send({ success: false, error: 'Invalid authorization header' });
console.error('Invalid authorization header');
} }
} else { } else {
res.status(401).send({ success: false, error: 'Missing authorization header' }); res.status(401).send({ success: false, error: 'Missing authorization header' });
console.error('Missing authorization header');
} }
}; };
}; };

6
routes/user.js
View File

@ -40,7 +40,7 @@ router.post('/login', async (req, res) => {
return; return;
} }
me.token = jwt.sign({ email }, '#IWantToBelieve', { expiresIn: '365d' }); me.token = jwt.sign({ email }, process.env.JWT_SECRET_AUTH, { expiresIn: process.env.JWT_EXPIRATION_TIME });
res.send({ success: true, data: me }); res.send({ success: true, data: me });
} else { } else {
res.send(makeError('Incorrect login or password', errorCodes.invalidLoginOrPassword)); res.send(makeError('Incorrect login or password', errorCodes.invalidLoginOrPassword));
@ -67,12 +67,12 @@ router.post('/signIn', async (req, res) => {
return; return;
} }
me.token = jwt.sign({ email }, '#IWantToBelieve', { expiresIn: '365d' }); me.token = jwt.sign({ email }, process.env.JWT_SECRET_AUTH, { expiresIn: process.env.JWT_EXPIRATION_TIME });
res.send({ success: true, data: me }); res.send({ success: true, data: me });
} else { } else {
let user = new User(email, password); let user = new User(email, password);
await users.insertOne(user.toDB()); await users.insertOne(user.toDB());
user.token = jwt.sign({ email }, '#IWantToBelieve', { expiresIn: '365d' }); user.token = jwt.sign({ email }, process.env.JWT_SECRET_AUTH, { expiresIn: process.env.JWT_EXPIRATION_TIME });
res.send({ success: true, data: user }); res.send({ success: true, data: user });
} }
} catch(ex) { } catch(ex) {