kajvans/forum-backend
1
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases Wiki Activity

tuned some things and added some to user route

Browse Source
This commit is contained in:
kaj van schalkwijk
2024-01-24 16:28:02 +01:00
parent 49cd0b1953
commit 421ab338fc
8 changed files with 500 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files
auth/middleware.js
+89 -15
View File
@@ -1,50 +1,124 @@
const {verifyToken, generateAccesToken, generateRefreshToken} = require("./auth");
const { verifyToken, generateAccesToken, generateRefreshToken } = require("./auth");
const auth = (req, res, next) => {
const refreshToken = req.cookies.refreshToken;
const accessToken = req.cookies.accessToken;
const permtoken = req.cookies.permtoken;
if(!refreshToken && !accessToken && !permtoken) return res.status(401).json({error: "Unauthorized"});
if (!refreshToken && !accessToken && !permtoken) return res.status(401).json({ error: "Unauthorized" });
if(accessToken){
if (accessToken) {
const result = verifyToken(accessToken);
if(result.user){
if (result == false) {
//remove refresh token
res.cookie("accessToken", "", { httpOnly: true });
}
if (result.user) {
req.user = result.user;
return next();
}
}
else if(refreshToken && !accessToken){
else if (refreshToken && !accessToken) {
const result = verifyToken(refreshToken);
if(result != false){
if (result != false) {
//create new access token
const newAccessToken = generateAccesToken(result.user);
res.cookie("accessToken", newAccessToken, {httpOnly: true});
res.cookie("accessToken", newAccessToken, { httpOnly: true });
}
if(result.user){
else {
//remove refresh token
res.cookie("refreshToken", "", { httpOnly: true });
}
if (result.user) {
req.user = result.user;
return next();
}
}
else if(permtoken){
else if (permtoken) {
const result = verifyToken(permtoken);
if(result != false){
if (result != false) {
//create new access token
const newAccessToken = generateAccesToken(result.user);
res.cookie("accessToken", newAccessToken, {httpOnly: true});
res.cookie("accessToken", newAccessToken, { httpOnly: true });
//create new refresh token
const newRefreshToken = generateRefreshToken(result.user);
res.cookie("refreshToken", newRefreshToken, {httpOnly: true});
res.cookie("refreshToken", newRefreshToken, { httpOnly: true });
}
if(result.user){
else {
//remove permtoken
res.cookie("permtoken", "", { httpOnly: true });
}
if (result.user) {
req.user = result.user;
return next();
}
}
return res.status(401).json({error: "Unauthorized"});
return res.status(401).json({ error: "Unauthorized" });
}
module.exports = auth;
const publicauth = (req, res, next) => {
const refreshToken = req.cookies.refreshToken;
const accessToken = req.cookies.accessToken;
const permtoken = req.cookies.permtoken;
if (!refreshToken && !accessToken && !permtoken) {
req.user = null;
return next();
}
if (accessToken) {
const result = verifyToken(accessToken);
if (result == false) {
//remove refresh token
res.cookie("accessToken", "", { httpOnly: true });
}
if (result.user) {
req.user = result.user;
return next();
}
}
else if (refreshToken && !accessToken) {
const result = verifyToken(refreshToken);
if (result != false) {
//create new access token
const newAccessToken = generateAccesToken(result.user);
res.cookie("accessToken", newAccessToken, { httpOnly: true });
}
else {
//remove refresh token
res.cookie("refreshToken", "", { httpOnly: true });
}
if (result.user) {
req.user = result.user;
return next();
}
}
else if (permtoken) {
const result = verifyToken(permtoken);
if (result != false) {
//create new access token
const newAccessToken = generateAccesToken(result.user);
res.cookie("accessToken", newAccessToken, { httpOnly: true });
//create new refresh token
const newRefreshToken = generateRefreshToken(result.user);
res.cookie("refreshToken", newRefreshToken, { httpOnly: true });
}
else {
//remove permtoken
res.cookie("permtoken", "", { httpOnly: true });
}
if (result.user) {
req.user = result.user;
return next();
}
}
req.user = null;
}
module.exports = { auth, publicauth };
auth/middleware.test.js
+88 -12
View File
@@ -1,6 +1,6 @@
const dotenv = require("dotenv");
const { generateAccesToken, generateRefreshToken, generatePermtoken, verifyToken} = require("./auth");
const middleware = require("./middleware");
const {auth, publicauth} = require("./middleware");
dotenv.config();
describe('Middleware.js Tests', () => {
@@ -23,61 +23,61 @@ describe('Middleware.js Tests', () => {
test('should call next() if access token is valid', () => {
const token = generateAccesToken(user);
req.cookies.accessToken = token;
middleware(req, res, next);
auth(req, res, next);
expect(next).toHaveBeenCalled();
});
test('should call next() if refresh token is valid', () => {
const token = generateRefreshToken(user);
req.cookies.refreshToken = token;
middleware(req, res, next);
auth(req, res, next);
expect(next).toHaveBeenCalled();
});
test('should call next() if permtoken is valid', () => {
const token = generatePermtoken(user);
req.cookies.permtoken = token;
middleware(req, res, next);
auth(req, res, next);
expect(next).toHaveBeenCalled();
});
test('should return 401 if no tokens are present', () => {
middleware(req, res, next);
auth(req, res, next);
expect(res.status).toHaveBeenCalledWith(401);
});
test('should return 401 if access token is invalid', () => {
const token = generateAccesToken(user);
req.cookies.accessToken = token + 'a';
middleware(req, res, next);
auth(req, res, next);
expect(res.status).toHaveBeenCalledWith(401);
});
test('should return 401 if refresh token is invalid', () => {
const token = generateRefreshToken(user);
req.cookies.refreshToken = token + 'a';
middleware(req, res, next);
auth(req, res, next);
expect(res.status).toHaveBeenCalledWith(401);
});
test('should return 401 if permtoken is invalid', () => {
const token = generatePermtoken(user);
req.cookies.permtoken = token + 'a';
middleware(req, res, next);
auth(req, res, next);
expect(res.status).toHaveBeenCalledWith(401);
});
test('should return access token if refresh token is valid', () => {
const token = generateRefreshToken(user);
req.cookies.refreshToken = token;
middleware(req, res, next);
auth(req, res, next);
expect(res.cookie).toHaveBeenCalledWith('accessToken', expect.any(String), { httpOnly: true });
});
test('should return access token and refresh if permtoken is valid', () => {
const token = generatePermtoken(user);
req.cookies.permtoken = token;
middleware(req, res, next);
auth(req, res, next);
expect(res.cookie).toHaveBeenCalledWith('accessToken', expect.any(String), { httpOnly: true });
expect(res.cookie).toHaveBeenCalledWith('refreshToken', expect.any(String), { httpOnly: true });
});
@@ -85,14 +85,90 @@ describe('Middleware.js Tests', () => {
test('should not return refresh token if access token is valid', () => {
const token = generateAccesToken(user);
req.cookies.accessToken = token;
middleware(req, res, next);
auth(req, res, next);
expect(res.cookie).not.toHaveBeenCalledWith('refreshToken', expect.any(String), { httpOnly: true });
});
test('should not return permtoken token if refresh is valid', () => {
const token = generatePermtoken(user);
req.cookies.permtoken = token;
middleware(req, res, next);
auth(req, res, next);
expect(res.cookie).not.toHaveBeenCalledWith('permtoken', expect.any(String), { httpOnly: true });
});
test('should return req.user equals null if no tokens are present for publicauth', () => {
publicauth(req, res, next);
expect(req.user).toBe(null);
});
test('should return req.user equals null if access token is invalid for publicauth', () => {
const token = generateAccesToken(user);
req.cookies.accessToken = token + 'a';
publicauth(req, res, next);
expect(req.user).toBe(null);
});
test('should return req.user equals null if refresh token is invalid for publicauth', () => {
const token = generateRefreshToken(user);
req.cookies.refreshToken = token + 'a';
publicauth(req, res, next);
expect(req.user).toBe(null);
});
test('should return req.user equals null if permtoken is invalid for publicauth', () => {
const token = generatePermtoken(user);
req.cookies.permtoken = token + 'a';
publicauth(req, res, next);
expect(req.user).toBe(null);
});
test('should return req.user equals user if access token is valid for publicauth', () => {
const token = generateAccesToken(user);
req.cookies.accessToken = token;
publicauth(req, res, next);
expect(req.user).toEqual(user);
});
test('should remove access token if access token is invalid', () => {
const token = generateAccesToken(user);
req.cookies.accessToken = token + 'a';
auth(req, res, next);
expect(res.cookie).toHaveBeenCalledWith('accessToken', '', { httpOnly: true });
});
test('should remove refresh token if refresh token is invalid', () => {
const token = generateRefreshToken(user);
req.cookies.refreshToken = token + 'a';
auth(req, res, next);
expect(res.cookie).toHaveBeenCalledWith('refreshToken', '', { httpOnly: true });
});
test('should remove permtoken if permtoken is invalid', () => {
const token = generatePermtoken(user);
req.cookies.permtoken = token + 'a';
auth(req, res, next);
expect(res.cookie).toHaveBeenCalledWith('permtoken', '', { httpOnly: true });
});
test('should remove access token if access token is invalid for publicauth', () => {
const token = generateAccesToken(user);
req.cookies.accessToken = token + 'a';
publicauth(req, res, next);
expect(res.cookie).toHaveBeenCalledWith('accessToken', '', { httpOnly: true });
});
test('should remove refresh token if refresh token is invalid for publicauth', () => {
const token = generateRefreshToken(user);
req.cookies.refreshToken = token + 'a';
publicauth(req, res, next);
expect(res.cookie).toHaveBeenCalledWith('refreshToken', '', { httpOnly: true });
});
test('should remove permtoken if permtoken is invalid for publicauth', () => {
const token = generatePermtoken(user);
req.cookies.permtoken = token + 'a';
publicauth(req, res, next);
expect(res.cookie).toHaveBeenCalledWith('permtoken', '', { httpOnly: true });
});
});