UNPKG

create-nodeapi-backend

Version:

A powerful Node.js backend boilerplate with Express, MongoDB, Firebase, JWT auth, Nodemailer, cron jobs, input validation (Joi), and serverless support for Vercel. Scaffold a full-featured API backend in seconds.

70 lines (56 loc) 1.83 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
const jwt = require("jsonwebtoken"); const config = require("../config/index"); const { User, Token } = require("../model/index"); const jwtSecret = config.jwt.secret; const resetPasswordTokenMiddleware = async (req, res, next) => { try { const { token } = req.body; if (!token.length > 10) { return res .status(httpStatus.UNAUTHORIZED) .json({ message: "Rest password Token is invalid" }); } const decoded = jwt.verify(token, jwtSecret); const { id: userId, exp } = decoded; const currentTime = Math.floor(Date.now() / 1000); if (exp && currentTime > exp) { return res .status(httpStatus.FORBIDDEN) .json({ message: "Reset Password token expired." }); } const user = await User.findById(userId).select("_id email"); if (!user) { return res .status(httpStatus.UNAUTHORIZED) .json({ message: "Invalid User" }); } const storedToken = await Token.findOne({ token, userId, status: "revoked", type: "reset" }); if (!storedToken) { return res .status(httpStatus.UNAUTHORIZED) .json({ message: "Token Expired or Invalid" }); } req.decoded = decoded; next(); } catch (error) { if (error.name === "TokenExpiredError") { return res .status(httpStatus.FORBIDDEN) .json({ message: "Reset password Token expired" }); } if (error.name === "JsonWebTokenError") { return res .status(httpStatus.UNAUTHORIZED) .json({ message: "Invalid Token." }); } return res .status(httpStatus.INTERNAL_SERVER_ERROR) .json({ message: "Internal Server Error." }); } }; module.exports = resetPasswordTokenMiddleware;