From 6859b17f6a0704e37ab46ef5256cea9b231bc3ce Mon Sep 17 00:00:00 2001 From: lav-joshi Date: Wed, 22 Apr 2020 19:50:46 +0530 Subject: [PATCH 1/3] access-tokens-instead-of google-id --- middleware/PassportMiddleware.js | 6 +++++- middleware/authadmin.js | 10 ++++++++-- middleware/authuser.js | 10 ++++++++-- models/Admin.js | 3 ++- models/User.js | 1 + routes/api/auth.js | 31 +++++++++++++++++++++++++------ 6 files changed, 49 insertions(+), 12 deletions(-) diff --git a/middleware/PassportMiddleware.js b/middleware/PassportMiddleware.js index 57f93f5..979da17 100644 --- a/middleware/PassportMiddleware.js +++ b/middleware/PassportMiddleware.js @@ -11,7 +11,7 @@ passport.use( callbackURL: "http://localhost:3000/auth/google/callback" }, async function (accessToken, refreshToken, profile, done) { - User.findOne({ googleId: profile.id }, async function (err, user) { + User.findOne({ email: profile.emails[0].value }, async function (err, user) { if (err) { return done(err); } @@ -22,6 +22,10 @@ passport.use( email: profile.emails[0].value, displayPicture: profile.photos[0].value }); + user.accessToken.push(accessToken); + await user.save(); + } else if (user) { + user.accessToken.push(accessToken); await user.save(); } return done(err, user); diff --git a/middleware/authadmin.js b/middleware/authadmin.js index 2a87ab5..b8242ae 100644 --- a/middleware/authadmin.js +++ b/middleware/authadmin.js @@ -4,9 +4,15 @@ const Admin = require("../models/Admin"); const auth = async (req, res, next) => { try { if (req.session.token) { - Admin.findOne({ googleId: req.session.token }, function (err, admin) { + Admin.findOne({ email: req.user.email }, function (err, admin) { if (admin) { - next(); + var x = admin.accessToken.indexOf(req.session.token); + if (x !== -1) { + next(); + } else { + res.cookie("token", ""); + res.redirect("/"); + } } else if (err) { res.cookie("token", ""); res.redirect("/"); diff --git a/middleware/authuser.js b/middleware/authuser.js index a77ac56..7877975 100644 --- a/middleware/authuser.js +++ b/middleware/authuser.js @@ -4,9 +4,15 @@ const User = require("../models/User"); const auth = async (req, res, next) => { try { if (req.session.token) { - User.findOne({ googleId: req.session.token }, function (err, user) { + User.findOne({ email: req.user.email }, function (err, user) { if (user) { - next(); + var x = user.accessToken.indexOf(req.session.token); + if (x !== -1) { + next(); + } else { + res.cookie("token", ""); + res.redirect("/"); + } } else if (err) { res.cookie("token", ""); res.redirect("/"); diff --git a/models/Admin.js b/models/Admin.js index a05e4b5..2f0fbe1 100644 --- a/models/Admin.js +++ b/models/Admin.js @@ -2,7 +2,8 @@ const mongoose = require("mongoose"); const AdminSchema = new mongoose.Schema({ email: String, - googleId: String + googleId: String, + accessToken: [] }); const Admin = mongoose.model("admin", AdminSchema); diff --git a/models/User.js b/models/User.js index 88bc153..50e0d99 100644 --- a/models/User.js +++ b/models/User.js @@ -6,6 +6,7 @@ const UserSchema = new mongoose.Schema({ trim: true, required: true }, + accessToken: [], name: { type: String, trim: true, diff --git a/routes/api/auth.js b/routes/api/auth.js index 5a16fc5..8a40bcd 100644 --- a/routes/api/auth.js +++ b/routes/api/auth.js @@ -16,23 +16,42 @@ router.get( "/google/callback", passport.authenticate("google", { failureRedirect: "/" }), (req, res) => { - req.session.token = req.user.googleId; + req.session.token = req.user.accessToken[req.user.accessToken.length - 1]; + console.log(req.session.token); res.cookie("token", req.session.token); Admin.findOne({ email: req.user.email }, function (err, admin) { if (err) Error(err); if (!admin) { - req.session.client = "user"; - res.redirect("/user/dashboard"); + User.findOne({ email: req.user.email }, function (err, user) { + if (err) Error(err); + var x = user.accessToken.indexOf(req.session.token); + if (x !== -1) { + req.session.client = "user"; + res.redirect("/user/dashboard"); + } else { + res.redirect("/"); + } + }); } else { User.deleteOne({ email: req.user.email }, function (err, user) { if (err) { res.redirect("/"); } else if (user) { + Admin.findOne({ email: req.user.email }, async function (err, admin) { + if (err) Error(err); + admin.accessToken.push(req.session.token); + await admin.save(); + var x = admin.accessToken.indexOf(req.session.token); + if (x !== -1) { + req.session.status = "applied"; + req.session.client = "admin"; + res.redirect("/admin/dashboard"); + } else { + res.redirect("/"); + } + }); } }); - req.session.status = "applied"; - req.session.client = "admin"; - res.redirect("/admin/dashboard"); } }); } From 2588d460e326242d858cfc242c31e2660c3ed7b6 Mon Sep 17 00:00:00 2001 From: lav-joshi Date: Thu, 23 Apr 2020 00:33:51 +0530 Subject: [PATCH 2/3] access-tokens --- middleware/authadmin.js | 2 +- middleware/authuser.js | 2 +- routes/api/auth.js | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/middleware/authadmin.js b/middleware/authadmin.js index b8242ae..8a0c0c5 100644 --- a/middleware/authadmin.js +++ b/middleware/authadmin.js @@ -11,7 +11,7 @@ const auth = async (req, res, next) => { next(); } else { res.cookie("token", ""); - res.redirect("/"); + res.redirect("/auth/logout"); } } else if (err) { res.cookie("token", ""); diff --git a/middleware/authuser.js b/middleware/authuser.js index 7877975..db10425 100644 --- a/middleware/authuser.js +++ b/middleware/authuser.js @@ -11,7 +11,7 @@ const auth = async (req, res, next) => { next(); } else { res.cookie("token", ""); - res.redirect("/"); + res.redirect("/auth/logout"); } } else if (err) { res.cookie("token", ""); diff --git a/routes/api/auth.js b/routes/api/auth.js index 8a40bcd..366709a 100644 --- a/routes/api/auth.js +++ b/routes/api/auth.js @@ -57,7 +57,9 @@ router.get( } ); -router.get("/logout", (req, res) => { +router.get("/logout", async (req, res) => { + + await User.update({email:req.user.email},{$pull:{accessToken: {$in:[req.session.token]}}}) req.logout(); req.session = null; req.token = null; From 1bb4e17b9a62f91e7ae2de3e38ea24491f737798 Mon Sep 17 00:00:00 2001 From: blurry-x-face Date: Thu, 23 Apr 2020 03:52:05 +0530 Subject: [PATCH 3/3] fix schema --- models/Admin.js | 2 +- models/User.js | 2 +- routes/api/auth.js | 3 +-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/models/Admin.js b/models/Admin.js index 2f0fbe1..4abd70a 100644 --- a/models/Admin.js +++ b/models/Admin.js @@ -3,7 +3,7 @@ const mongoose = require("mongoose"); const AdminSchema = new mongoose.Schema({ email: String, googleId: String, - accessToken: [] + accessToken: [String] }); const Admin = mongoose.model("admin", AdminSchema); diff --git a/models/User.js b/models/User.js index 50e0d99..5a79094 100644 --- a/models/User.js +++ b/models/User.js @@ -6,7 +6,7 @@ const UserSchema = new mongoose.Schema({ trim: true, required: true }, - accessToken: [], + accessToken: [String], name: { type: String, trim: true, diff --git a/routes/api/auth.js b/routes/api/auth.js index 366709a..048abbc 100644 --- a/routes/api/auth.js +++ b/routes/api/auth.js @@ -58,8 +58,7 @@ router.get( ); router.get("/logout", async (req, res) => { - - await User.update({email:req.user.email},{$pull:{accessToken: {$in:[req.session.token]}}}) + await User.update({ email: req.user.email }, { $pull: { accessToken: { $in: [req.session.token] } } }); req.logout(); req.session = null; req.token = null;