// controllers/authCtrl.js
const Users = require("../models/userModel");
const bcrypt = require("bcrypt");
const jwt = require("jsonwebtoken");
const authCtrl = {
register: async (req, res) => {
try {
const { fullname, username, email, password, gender } = req.body;
let newUserName = username.toLowerCase().replace(/ /g, "");
const user_name = await Users.findOne({ username: newUserName });
if (user_name) {
return res.status(400).json({ msg: "This username is already taken." });
}
const user_email = await Users.findOne({ email });
if (user_email) {
return res
.status(400)
.json({ msg: "This email is already registered." });
}
if (password.length < 6) {
return res
.status(400)
.json({ msg: "Password must be at least 6 characters long." });
}
const passwordHash = await bcrypt.hash(password, 12);
const newUser = new Users({
fullname,
username: newUserName,
email,
password: passwordHash,
gender,
});
const access_token = createAccessToken({ id: newUser._id });
const refresh_token = createRefreshToken({ id: newUser._id });
res.cookie("refreshtoken", refresh_token, {
httpOnly: true,
path: "/api/refresh_token",
maxAge: 30 * 24 * 60 * 60 * 1000, //validity of 30 days
});
res.json({
msg: "Registered Successfully!",
access_token,
user: {
...newUser._doc,
password: "",
},
});
await newUser.save();
res.json({ msg: "registered" });
} catch (err) {
return res.status(500).json({ msg: err.message });
}
},
changePassword: async (req, res) => {
try {
const { oldPassword, newPassword } = req.body;
const user = await Users.findOne({ _id: req.user._id });
const isMatch = await bcrypt.compare(oldPassword, user.password);
if (!isMatch) {
return res.status(400).json({ msg: "Your password is wrong." });
}
if (newPassword.length < 6) {
return res
.status(400)
.json({ msg: "Password must be at least 6 characters long." });
}
const newPasswordHash = await bcrypt.hash(newPassword, 12);
await Users.findOneAndUpdate({ _id: req.user._id }, { password: newPasswordHash });
res.json({ msg: "Password updated successfully." })
} catch (err) {
return res.status(500).json({ msg: err.message });
}
},
registerAdmin: async (req, res) => {
try {
const { fullname, username, email, password, gender, role } = req.body;
let newUserName = username.toLowerCase().replace(/ /g, "");
const user_name = await Users.findOne({ username: newUserName });
if (user_name) {
return res.status(400).json({ msg: "This username is already taken." });
}
const user_email = await Users.findOne({ email });
if (user_email) {
return res
.status(400)
.json({ msg: "This email is already registered." });
}
if (password.length < 6) {
return res
.status(400)
.json({ msg: "Password must be at least 6 characters long." });
}
const passwordHash = await bcrypt.hash(password, 12);
const newUser = new Users({
fullname,
username: newUserName,
email,
password: passwordHash,
gender,
role
});
await newUser.save();
res.json({ msg: "Admin Registered Successfully." });
} catch (err) {
return res.status(500).json({ msg: err.message });
}
},
login: async (req, res) => {
try {
const { email, password } = req.body;
const user = await Users.findOne({ email, role: "user" }).populate(
"followers following",
"-password"
);
if (!user) {
return res.status(400).json({ msg: "Email or Password is incorrect." });
}
const isMatch = await bcrypt.compare(password, user.password);
if (!isMatch) {
return res.status(400).json({ msg: "Email or Password is incorrect." });
}
const access_token = createAccessToken({ id: user._id });
const refresh_token = createRefreshToken({ id: user._id });
res.cookie("refreshtoken", refresh_token, {
httpOnly: true,
path: "/api/refresh_token",
sameSite: 'lax',
maxAge: 30 * 24 * 60 * 60 * 1000, //validity of 30 days
});
res.json({
msg: "Logged in Successfully!",
access_token,
user: {
...user._doc,
password: "",
},
});
} catch (err) {
return res.status(500).json({ msg: err.message });
}
},
adminLogin: async (req, res) => {
try {
const { email, password } = req.body;
console.log("fd", password);
const user = await Users.findOne({ email, role: "admin" });
console.log("user", user)
if (!user) {
return res.status(400).json({ msg: "Email or Password is incorrect." });
}
const isMatch = await bcrypt.compare(password, user.password);
if (!isMatch) {
return res.status(400).json({ msg: "Email or Password is incorrect." });
}
const access_token = createAccessToken({ id: user._id });
const refresh_token = createRefreshToken({ id: user._id });
res.cookie("refreshtoken", refresh_token, {
httpOnly: true,
path: "/api/refresh_token",
maxAge: 30 * 24 * 60 * 60 * 1000, //validity of 30 days
});
res.json({
msg: "Logged in Successfully!",
access_token,
user: {
...user._doc,
password: "",
},
});
} catch (err) {
return res.status(500).json({ msg: err.message });
}
},
logout: async (req, res) => {
try {
res.clearCookie("refreshtoken", { path: "/api/refresh_token" });
return res.json({ msg: "Logged out Successfully." });
} catch (err) {
return res.status(500).json({ msg: err.message });
}
},
generateAccessToken: async (req, res) => {
try {
const rf_token = req.cookies.refreshtoken;
if (!rf_token) {
return res.status(400).json({ msg: "Please login again." });
}
jwt.verify(
rf_token,
process.env.REFRESH_TOKEN_SECRET,
async (err, result) => {
if (err) {
return res.status(400).json({ msg: "Please login again." });
}
const user = await Users.findById(result.id)
.select("-password")
.populate("followers following", "-password");
if (!user) {
return res.status(400).json({ msg: "User does not exist." });
}
const access_token = createAccessToken({ id: result.id });
res.json({ access_token, user });
}
);
} catch (err) {
return res.status(500).json({ msg: err.message });
}
},
};
const createAccessToken = (payload) => {
return jwt.sign(payload, "AAAA", {
expiresIn: "1d",
});
};
const createRefreshToken = (payload) => {
return jwt.sign(payload, "AAAA", {
expiresIn: "30d",
});
};
module.exports = authCtrl;