Implemented Collections, reworked SecureIds to prevent duplication across records, renamed files to be consistently plural.
This commit is contained in:
@@ -3,12 +3,13 @@ import jwt from 'jsonwebtoken';
|
||||
import { UnwrappedRequest } from '../utilities/guard';
|
||||
import { ErrorResponse, OkResponse, UnauthorizedResponse } from '../utilities/responseHelper';
|
||||
import { Claims } from '../orm/claims';
|
||||
import { ChangePasswordRequest, LoginRequest, SecureId } from '../utilities/requestModels';
|
||||
import { ChangePasswordRequest, LoginRequest } from '../utilities/requestModels';
|
||||
import { UserId } from '../utilities/secureIds';
|
||||
|
||||
async function login(request: UnwrappedRequest<LoginRequest>): Promise<Response> {
|
||||
try {
|
||||
const verify: {
|
||||
userId: SecureId;
|
||||
userId: UserId;
|
||||
refreshCount: string;
|
||||
} | null = await orm.users.verifyCredentials(request.body.email, request.body.password);
|
||||
if (!verify) {
|
||||
@@ -53,7 +54,7 @@ async function token(request: UnwrappedRequest): Promise<Response> {
|
||||
r: string;
|
||||
} = jwt.verify(refreshCookie, process.env.JWT_SECRET_KEY as string) as { u: string; r: string };
|
||||
|
||||
if (!(await orm.users.verifyRefreshCount(SecureId.fromID(refreshToken.u), refreshToken.r))) {
|
||||
if (!(await orm.users.verifyRefreshCount(UserId.fromID(refreshToken.u), refreshToken.r))) {
|
||||
const response = new UnauthorizedResponse('Invalid refresh token');
|
||||
response.headers.set('Clear-Site-Data', '"cookies","cache","storage","executionContexts"');
|
||||
return response;
|
||||
@@ -84,7 +85,7 @@ async function changePassword(request: UnwrappedRequest<ChangePasswordRequest>):
|
||||
try {
|
||||
return new OkResponse(
|
||||
await orm.users.changePassword(
|
||||
SecureId.fromHash(request.params.id),
|
||||
UserId.fromHash(request.params.id),
|
||||
request.body.oldPassword,
|
||||
request.body.newPassword,
|
||||
request.claims,
|
||||
|
||||
Reference in New Issue
Block a user