Checkmate/Server/controllers/authController.js

const express = require("express");
const {
  registerValidation,
  loginValidation,
  editUserParamValidation,
  editUserBodyValidation,
} = require("../validation/joi");
const logger = require("../utils/logger");
require("dotenv").config();
var jwt = require("jsonwebtoken");
const SERVICE_NAME = "auth";
const { sendEmail } = require("../utils/sendEmail");
const {
  registerTemplate,
} = require("../utils/emailTemplates/registerTemplate");
const RecoveryToken = require("../models/RecoveryToken");

/**
 * Creates and returns JWT token with an arbitrary payload
 * @function
 * @param {Object} payload
 * @returns {String}
 */
const issueToken = (payload) => {
  return jwt.sign(payload, process.env.JWT_SECRET, { expiresIn: "99d" });
};

/**
 * @function
 * @param {express.Request} req
 * @param {express.Response} res
 * @returns {{success: Boolean, msg: String}}
 */
const registerController = async (req, res, next) => {
  // joi validation
  try {
    await registerValidation.validateAsync(req.body);
  } catch (error) {
    error.status = 422;
    error.service = SERVICE_NAME;
    error.message = error.details[0].message;
    next(error);
    return;
  }

  // Check if the user exists
  try {
    const isUser = await req.db.getUserByEmail(req, res);
    if (isUser) {
      throw new Error("User already exists");
    }
  } catch (error) {
    error.service = SERVICE_NAME;
    next(error);
    return;
  }

  // Create a new user
  try {
    const newUser = await req.db.insertUser(req, res);
    logger.info("New user created!", {
      service: SERVICE_NAME,
      userId: newUser._id,
    });
    const token = issueToken(newUser._doc);

    // Sending email to user with pre defined template
    const template = registerTemplate("https://www.bluewavelabs.ca");
    await sendEmail(
      [newUser.email],
      "Welcome to Uptime Monitor",
      template,
      "Registered."
    );

    return res
      .status(200)
      .json({ success: true, msg: "User created", data: token });
  } catch (error) {
    error.service = SERVICE_NAME;
    next(error);
  }
};

/**
 * Returns JWT with User info
 * @async
 * @param {Express.Request} req
 * @param {Express.Response} res
 * @returns {Promise<Express.Response>}
 * @throws {Error}
 */
const loginController = async (req, res, next) => {
  try {
    // Validate input
    await loginValidation.validateAsync(req.body);

    // Check if user exists
    const user = await req.db.getUserByEmail(req, res);

    // Compare password
    const match = await user.comparePassword(req.body.password);
    if (!match) {
      throw new Error("Password does not match!");
    }

    // Remove password from user object.  Should this be abstracted to DB layer?
    const userWithoutPassword = { ...user._doc };
    delete userWithoutPassword.password;

    // Happy path, return token
    const token = issueToken(userWithoutPassword);
    return res
      .status(200)
      .json({ success: true, msg: "Found user", data: token });
  } catch (error) {
    error.status = 500;
    // Anything else should be an error
    next(error);
  }
};

const userEditController = async (req, res, next) => {
  try {
    await editUserParamValidation.validateAsync(req.params);
    await editUserBodyValidation.validateAsync(req.body);
  } catch (error) {
    error.status = 422;
    error.service = SERVICE_NAME;
    error.message = error.details[0].message;
    next(error);
    return;
  }

  if (req.params.userId !== req.user._id.toString()) {
    const error = new Error("Unauthorized access");
    error.status = 401;
    error.service = SERVICE_NAME;
    next(error);
    return;
  }

  try {
    const updatedUser = await req.db.updateUser(req, res);
    return res
      .status(200)
      .json({ success: true, msg: "User updated", data: updatedUser });
  } catch (error) {
    error.service = SERVICE_NAME;
    next(error);
    return;
  }
};

const recoveryRequestController = async (req, res, next) => {
  const email = req.body.email;
  try {
    const user = await req.db.getUserByEmail(req, res);
    // TODO Email token to user
    if (user) {
      const recoveryToken = await req.db.requestRecoveryToken(req, res);
      console.log(recoveryToken);
      return res.status(200).json({
        success: true,
        msg: "Created recovery token",
        data: recoveryToken.token,
      });
    }
  } catch (error) {
    error.service = SERVICE_NAME;
    next(error);
    return;
  }
};
module.exports = {
  registerController,
  loginController,
  userEditController,
  recoveryRequestController,
};