UNPKG

myex-cli

Version:

Opinionated Express.js framework with CLI tools

309 lines (275 loc) 8.69 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
import jwt from 'jsonwebtoken'; import bcrypt from 'bcryptjs'; import { logger } from '../utils/logger.js'; import { authService } from '../services/auth.service.js'; export const authController = { /** * Register a new user * @param {import('express').Request} req - Express request object * @param {import('express').Response} res - Express response object */ register: async (req, res) => { try { const { email, password, name } = req.body; // Validate input if (!email || !password || !name) { return res.status(400).json({ status: 'error', message: 'Email, password, and name are required', }); } // Check if user already exists const existingUser = await authService.findUserByEmail(email); if (existingUser) { return res.status(409).json({ status: 'error', message: 'User with this email already exists', }); } // Create new user const user = await authService.createUser({ email, password, // Will be hashed in the service name, role: 'user', // Default role }); // Generate tokens const accessToken = authService.generateAccessToken(user); const refreshToken = authService.generateRefreshToken(user); // Save refresh token to database await authService.saveRefreshToken(user._id, refreshToken); // Return success with tokens res.status(201).json({ status: 'success', message: 'User registered successfully', data: { user: { id: user._id, email: user.email, name: user.name, role: user.role, }, tokens: { accessToken, refreshToken, }, }, }); } catch (error) { logger.error(`Registration error: ${error.message}`); res.status(500).json({ status: 'error', message: 'Failed to register user', }); } }, /** * Login a user * @param {import('express').Request} req - Express request object * @param {import('express').Response} res - Express response object */ login: async (req, res) => { try { const { email, password } = req.body; // Validate input if (!email || !password) { return res.status(400).json({ status: 'error', message: 'Email and password are required', }); } // Find user by email const user = await authService.findUserByEmail(email); if (!user) { return res.status(401).json({ status: 'error', message: 'Invalid email or password', }); } // Check password const isPasswordValid = await bcrypt.compare(password, user.password); if (!isPasswordValid) { logger.warn(`Failed login attempt for user: ${email}`); return res.status(401).json({ status: 'error', message: 'Invalid email or password', }); } // Generate tokens const accessToken = authService.generateAccessToken(user); const refreshToken = authService.generateRefreshToken(user); // Save refresh token to database await authService.saveRefreshToken(user._id, refreshToken); // Return success with tokens res.status(200).json({ status: 'success', message: 'Login successful', data: { user: { id: user._id, email: user.email, name: user.name, role: user.role, }, tokens: { accessToken, refreshToken, }, }, }); } catch (error) { logger.error(`Login error: ${error.message}`); res.status(500).json({ status: 'error', message: 'Failed to login', }); } }, /** * Refresh access token using refresh token * @param {import('express').Request} req - Express request object * @param {import('express').Response} res - Express response object */ refreshToken: async (req, res) => { try { const { refreshToken } = req.body; if (!refreshToken) { return res.status(400).json({ status: 'error', message: 'Refresh token is required', }); } // Check if refresh token is valid const user = await authService.verifyRefreshToken(refreshToken); if (!user) { return res.status(403).json({ status: 'error', message: 'Invalid refresh token', }); } // Generate new access token const newAccessToken = authService.generateAccessToken(user); // Return new access token res.status(200).json({ status: 'success', message: 'Token refreshed successfully', data: { accessToken: newAccessToken, }, }); } catch (error) { logger.error(`Token refresh error: ${error.message}`); res.status(500).json({ status: 'error', message: 'Failed to refresh token', }); } }, /** * Logout a user * @param {import('express').Request} req - Express request object * @param {import('express').Response} res - Express response object */ logout: async (req, res) => { try { const { refreshToken } = req.body; if (!refreshToken) { return res.status(400).json({ status: 'error', message: 'Refresh token is required', }); } // Remove refresh token from database await authService.removeRefreshToken(refreshToken); res.status(200).json({ status: 'success', message: 'Logged out successfully', }); } catch (error) { logger.error(`Logout error: ${error.message}`); res.status(500).json({ status: 'error', message: 'Failed to logout', }); } }, /** * Initiate password reset process * @param {import('express').Request} req - Express request object * @param {import('express').Response} res - Express response object */ forgotPassword: async (req, res) => { try { const { email } = req.body; if (!email) { return res.status(400).json({ status: 'error', message: 'Email is required', }); } // Check if user exists const user = await authService.findUserByEmail(email); if (!user) { return res.status(404).json({ status: 'error', message: 'User not found', }); } // Generate reset token and save it const resetToken = await authService.generatePasswordResetToken(user._id); // In a real app, send email with reset link here // For now, just return the token in the response res.status(200).json({ status: 'success', message: 'Password reset instructions sent to email', data: { resetToken, // Remove this in production }, }); } catch (error) { logger.error(`Forgot password error: ${error.message}`); res.status(500).json({ status: 'error', message: 'Failed to process forgot password request', }); } }, /** * Reset password with reset token * @param {import('express').Request} req - Express request object * @param {import('express').Response} res - Express response object */ resetPassword: async (req, res) => { try { const { token, newPassword } = req.body; if (!token || !newPassword) { return res.status(400).json({ status: 'error', message: 'Token and new password are required', }); } // Verify and use the reset token const userId = await authService.verifyPasswordResetToken(token); if (!userId) { return res.status(403).json({ status: 'error', message: 'Invalid or expired reset token', }); } // Update password await authService.updatePassword(userId, newPassword); // Invalidate token await authService.invalidatePasswordResetToken(token); res.status(200).json({ status: 'success', message: 'Password reset successfully', }); } catch (error) { logger.error(`Reset password error: ${error.message}`); res.status(500).json({ status: 'error', message: 'Failed to reset password', }); } }, };