Skip to content

Instantly share code, notes, and snippets.

@mikekoro
Last active October 13, 2018 23:43
Show Gist options
  • Save mikekoro/84ba06714a91493b6761dd71f50aebd4 to your computer and use it in GitHub Desktop.
Save mikekoro/84ba06714a91493b6761dd71f50aebd4 to your computer and use it in GitHub Desktop.
// Configure Passport.js
// JWT Stuff
const LocalStrategy = require('passport-local').Strategy;
const passportJWT = require("passport-jwt");
const JWTStrategy = passportJWT.Strategy;
const ExtractJWT = passportJWT.ExtractJwt;
// Use Passport.js & JWTStrategy
app.use(passport.initialize());
const User = require('./models/User');
passport.use(new LocalStrategy({
usernameField: 'email',
passwordField: 'password'
},
User.authenticate()
));
passport.serializeUser(User.serializeUser());
passport.deserializeUser(User.deserializeUser());
passport.use(new JWTStrategy({
jwtFromRequest: ExtractJWT.fromAuthHeaderAsBearerToken(),
secretOrKey: 'SomeRandomString'
},
(jwtPayload, cb) => {
return User.findById(jwtPayload.id)
.then(user => {
return cb(null, user);
})
.catch(err => {
return cb(err);
});
}
));
// @route POST users/login
// @desc Login User
// @access Private
router.post('/login', passport.authenticate('local', {session: false}), (req, res) => {
req.login(req.user, {session: false}, (err) => {
// generate a signed json web token with the contents of user object and return it in the response
const token = jwt.sign({ id: req.user.id, email: req.user.username}, 'SomeRandomString');
return res.json({user: req.user, token});
});
});
// @route PATCH api/users/password/forgot
// @desc Initiate password reset protocol
// @access Public
router.post("/password/forgot", (req,res) => {
User.findOne({ username: req.body.email }, function(err, user) {
if (!user) {
res.status(404).json({ "error": { "code": 404, "message": "User not found" } });
return;
}
user.resetPasswordToken = crypto.randomBytes(20).toString('hex');
user.resetPasswordExpires = Date.now() + 3600000; // 1 hour
user.save(user => {
res.status(200).json({ "success": { "code": 200, "message": "Please check your e-mail for further instructions." } })
});
});
});
// @route PATCH api/users/password/reset/:token
// @desc Reset Password
// @access Public
router.post("/password/reset/:token", (req,res) => {
User
.find({resetPasswordToken: req.params.token, resetPasswordExpires: { $gt: Date.now() }})
.limit(1)
.exec((err, user) => {
if(user.length==0) {
return res.status(422).json({ "error": { "code": 422, "message": "Password reset token is invalid or has expired." } });
}
if(!req.body.new_password) {
return res.status(422).json({ "error": { "code": 422, "message": "Please provide a new password" } });
}
let user_object = user[0];
user_object.setPassword(req.body.new_password, (err) => {
if (err) {
return res.status(500).json({ "error": { "code": 500, "message": err} });
}
user_object.resetPasswordToken = undefined;
user_object.resetPasswordExpires = undefined;
user_object.save().then(key => {
res.json(user_object);
});
});
});
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment