Livebeat is now able to send, store and show beats

2020-10-23 00:39:36 +02:00
parent f722ee9595
commit 13f8437f29
52 changed files with 1948 additions and 442 deletions
--- a/backend/endpoints/user.ts
+++ b/backend/endpoints/user.ts
@@ -3,7 +3,8 @@ import { verifyPassword } from "../lib/crypto";
 import { User } from "../models/user/user.model";
 import { sign, decode, verify } from 'jsonwebtoken';
 import { JWT_SECRET, logger } from "../app";
-import { IUser } from "../models/user/user.interface";
+import { LivebeatRequest } from '../lib/request';
+import { SchemaTypes } from "mongoose";

 export async function GetUser(req: Request, res: Response) {
    
@@ -48,7 +49,7 @@ export async function LoginUser(req: Request, res: Response) {
    }

    // We're good. Create JWT token.
-    const token = sign({ user: user._id }, JWT_SECRET!, { notBefore: Date.now(), expiresIn: '30d' });
+    const token = sign({ user: user._id }, JWT_SECRET, { expiresIn: '30d' });

    logger.info(`User ${user.name} logged in.`)
    res.status(200).send({ token });
@@ -58,29 +59,34 @@ export async function LoginUser(req: Request, res: Response) {
 * This middleware validates any tokens that are required to access most of the endpoints.
 * Note: This validation doesn't contain any permission checking. 
 */
-export async function MW_User(req: Request, res: Response, next: () => void) {
+export async function MW_User(req: LivebeatRequest, res: Response, next: () => void) {
    if (req.headers.token === undefined) {
-        res.status(401).send();
+        res.status(401).send({ message: "Token not specified" });
        return;
    }
    const token = req.headers.token.toString();

    try {
        // Verify token
-        if(await verify(token, JWT_SECRET!, { algorithms: ['HS256'] })) {
+        if(await verify(token, JWT_SECRET, { algorithms: ['HS256'] })) {
            // Token is valid, now look if user is in db (in case he got deleted)
-            const id: number = Number(decode(token, { json: true })!.id);
-            const db = await User.findOne({ where: { id } });
-            if (db !== undefined) {
+            const id = decode(token, { json: true })!.user;
+            const db = await User.findById(id);
+
+            if (db !== undefined && db !== null) {
+                req.user = db
                next();
                return;
            } else {
-                res.status(401).send();
+                res.status(401).send({ message: "Token is not valid" });
            }
        } else {
-            res.status(401).send();
+            res.status(401).send({ message: "Token is not valid" });
        }
    } catch (err) {
-        if (err) res.status(401).send();
+        if (err) {
+            res.status(500).send({ message: "We failed validating your token for some reason." });
+            logger.error(err);
+        }
    }
 }