index.js

const express = require('express')
const router = express.Router()

router.use('/users', require('./users'))

module.exports = router

passwords.js

const bcrypt = require('bcrypt')

exports.hashPassword = async (password) => {
  return await bcrypt.hash(password, 10)
}

exports.comparePassword = async (password, hash) => {
  return await bcrypt.compare(password, hash)
}

tokens.js

const jwt = require('jsonwebtoken')

exports.createToken = ({ username }) => {
  return jwt.sign({ username }, 'shhhhh')
}

users-controller.js

const User = require('../models/User')
const { hashPassword, comparePassword } = require('../utils/passwords')
const { createToken } = require('../utils/tokens')

exports.register = async (req, res) => {
  try {
    const hash = await hashPassword(req.body.password)
    let user = new User({
      username: req.body.username,
      password: hash,
    })
    user = await user.save()
    const token = createToken(user)
    res.send(token)
  } catch(err) {
    res.status(500).send(err.message)
  }
}

exports.login = async (req, res) => {
  try {
    const { username, password } = req.body
    const user = await User.findOne({
      username: username
    })
    if (!user) {
      res.status(403).end()
    } else {
      const correctPassword = await comparePassword(password, user.password)
      if (!correctPassword) {
        res.status(403).end()
      } else {
        const token = createToken(user)
        res.send(token)
      }
    }
  } catch(err) {
    res.status(500).send(err.message)
  }
}

users.js

const express = require('express')
const router = express.Router()

const { register, login } = require('../controllers/users-controller')

router.post('/register', express.json(), register)

router.post('/login', express.json(), login)

module.exports = router