Refactored - now includes fullstack AUTH

server/controllers/auth/get-account.js

@@ -0,0 +1,20 @@
+const Account = require('../../models/Account')
+
+async function getAccount(request, response, next) {
+  try {
+    const {uid} = request.auth
+
+    // Get account from DB, existance not verified because we are already authorized at this point
+    const foundAccount = await Account.findOne({_id: uid}).select('-password')
+
+    response.status(200).json({
+      message: 'Account fetched',
+      data: foundAccount,
+    })
+  } catch (error) {
+    console.error(error)
+    response.status(500).send()
+  }
+}
+
+module.exports = getAccount

server/controllers/auth/login.js

@@ -0,0 +1,59 @@
+const joi = require('joi')
+const bcrypt = require('bcrypt')
+const Account = require('../../models/Account')
+const {signToken} = require('../../middlewares/jsonwebtoken')
+
+async function login(request, response, next) {
+  try {
+    // Validate request data
+    await joi
+      .object({
+        username: joi.string().required(),
+        password: joi.string().required(),
+      })
+      .validateAsync(request.body)
+  } catch (error) {
+    return response.status(400).json({
+      error: 'ValidationError',
+      message: error.message,
+    })
+  }
+
+  try {
+    const {username, password} = request.body
+
+    // Get account from DB, and verify existance
+    const foundAccount = await Account.findOne({username})
+    if (!foundAccount) {
+      return response.status(400).json({
+        message: 'Bad credentials',
+      })
+    }
+
+    // Decrypt and verify password
+    const passOk = await bcrypt.compare(password, foundAccount.password)
+    if (!passOk) {
+      return response.status(400).json({
+        message: 'Bad credentials',
+      })
+    }
+
+    // Remove password from response data
+    foundAccount.password = undefined
+    delete foundAccount.password
+
+    // Generate access token
+    const token = signToken({uid: foundAccount._id})
+
+    response.status(200).json({
+      message: 'Succesfully logged-in',
+      data: foundAccount,
+      token,
+    })
+  } catch (error) {
+    console.error(error)
+    response.status(500).send()
+  }
+}
+
+module.exports = login

server/controllers/auth/register.js

@@ -0,0 +1,60 @@
+const joi = require('joi')
+const bcrypt = require('bcrypt')
+const Account = require('../../models/Account')
+const {signToken} = require('../../middlewares/jsonwebtoken')
+
+async function register(request, response, next) {
+  try {
+    // Validate request data
+    await joi
+      .object({
+        username: joi.string().required(),
+        password: joi.string().required(),
+      })
+      .validateAsync(request.body)
+  } catch (error) {
+    return response.status(400).json({
+      error: 'ValidationError',
+      message: error.message,
+    })
+  }
+
+  try {
+    const {username, password} = request.body
+
+    // Verify account username as unique
+    const existingAccount = await Account.findOne({username})
+    if (existingAccount) {
+      return response.status(400).json({
+        error: username,
+        message: 'An account already exists with that "username"',
+      })
+    }
+
+    // Encrypt password
+    const salt = await bcrypt.genSalt(10)
+    const hash = await bcrypt.hash(password, salt)
+
+    // Create account
+    const newAccount = new Account({username, password: hash})
+    await newAccount.save()
+
+    // Remove password from response data
+    newAccount.password = undefined
+    delete newAccount.password
+
+    // Generate access token
+    const token = signToken({uid: newAccount._id})
+
+    response.status(201).json({
+      message: 'Succesfully registered',
+      data: newAccount,
+      token,
+    })
+  } catch (error) {
+    console.error(error)
+    return response.status(500).send()
+  }
+}
+
+module.exports = register