36 lines
1.6 KiB
JavaScript
36 lines
1.6 KiB
JavaScript
const db = require('../surreal');
|
|
const {generateAccesToken, generateRefreshToken, generatePermtoken} = require("../auth/auth");
|
|
const {verify} = require("../auth/password");
|
|
const router = require('express').Router();
|
|
const timestringconverter = require('timestringconverter');
|
|
|
|
|
|
router.post('/', async (req, res) => {
|
|
const {username, password, remember} = req.body;
|
|
|
|
if(!username) return res.status(400).json({error: "Username not provided"});
|
|
if(!password) return res.status(400).json({error: "Password not provided"});
|
|
|
|
const user = await db.query(`SELECT * FROM users WHERE username = string::lowercase("${username}")`);
|
|
|
|
if (user.length == 0) {
|
|
return res.status(400).json({error: 'Wrong credentials'});
|
|
}
|
|
|
|
const validPass = await verify(password, user[0].password);
|
|
|
|
if(!validPass) return res.status(400).json({error: "Wrong credentials"});
|
|
|
|
const accessToken = generateAccesToken(user[0].username);
|
|
const refreshToken = generateRefreshToken(user[0].username);
|
|
if(remember == true){
|
|
const permtoken = generatePermtoken(user[0].username);
|
|
res.cookie('permtoken', permtoken, {httpOnly: true, maxAge: 1000 * timestringconverter.ToSec(process.env.PERMTOKENAGE), path: '/api/refreshtoken'});
|
|
}
|
|
|
|
res.cookie('accessToken', accessToken, {httpOnly: true, maxAge: 1000 * timestringconverter.ToSec(process.env.ACCESSTOKENAGE)});
|
|
res.cookie('refreshToken', refreshToken, {httpOnly: true, maxAge: 1000 * timestringconverter.ToSec(process.env.REFRESHTOKENAGE), path: '/api/refreshtoken'});
|
|
res.status(200).json({message: 'Logged in'});
|
|
});
|
|
|
|
module.exports = router; |