Skip to content

Commit

Permalink
Code rabbit changes
Browse files Browse the repository at this point in the history
  • Loading branch information
samar12-rad committed Oct 9, 2024
1 parent c559c47 commit a12f1b3
Show file tree
Hide file tree
Showing 5 changed files with 32 additions and 13 deletions.
11 changes: 11 additions & 0 deletions backend/config/secret.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
const JWT_SECRET = process.env.JWT_SECRET;
const MONGO_URI = process.env.MONGO_URI;
const PORT = process.env.PORT;
const CORS_ORIGIN = process.env.CORS_ORIGIN;

module.exports = {
JWT_SECRET,
MONGO_URI,
PORT,
CORS_ORIGIN,
};
11 changes: 7 additions & 4 deletions backend/controller/admin.controller.js
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@ async function createAdmin(req, res) {
} catch (error) {
logger.error("Error creating admin:", {
message: error.message,
stack: error.stack,
});
res.status(500).json({ error: "Internal server error" });
}
Expand Down Expand Up @@ -64,9 +63,13 @@ async function loginAdmin(req, res) {
if (!validPassword) {
return res.status(401).json({ error: "Invalid email or password" });
}
const token = jwt.sign({ email: admin.email }, process.env.JWT_SECRET, {
expiresIn: "1h",
});
const token = jwt.sign(
{ id: admin._id, role: "admin" },
process.env.JWT_SECRET,
{
expiresIn: "1h",
}
);
res.json({
message: "Login successful",
token,
Expand Down
2 changes: 1 addition & 1 deletion backend/controller/customer.controller.js
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ async function loginCustomer(req, res) {
return res.status(401).json({ error: "Invalid email or password" });
}
const token = jwt.sign(
{ id: customer._id, username: customer.name },
{ id: customer._id },
process.env.JWT_SECRET,
{ expiresIn: "1h" } // Expires in 1 hour
);
Expand Down
13 changes: 7 additions & 6 deletions backend/middlewares/authAdmin.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,17 @@ const logger = require("../config/logger");
const authenticateAdmin = (req, res, next) => {
const token = req.header("Authorization")?.split(" ")[1]; // Expecting "Bearer <token>"

if (!req.body.admin) {
return res.sendStatus(403); // Forbidden
}
if (token) {
jwt.verify(token, process.env.JWT_SECRET, (err, admin) => {
jwt.verify(token, process.env.JWT_SECRET, (err, decoded) => {
if (err) {
return res.sendStatus(403); // Forbidden
}
req.user = admin;
logger.info(`Admin authenticated: ${JSON.stringify(admin.email)}`);
if (decoded.role !== "admin") {
return res.sendStatus(403); // Forbidden
}

req.user = decoded;
logger.info(`Admin authenticated: ${JSON.stringify(decoded.email)}`);
next();
});
} else {
Expand Down
8 changes: 6 additions & 2 deletions backend/middlewares/authCustomer.js
Original file line number Diff line number Diff line change
@@ -1,13 +1,17 @@
const jwt = require("jsonwebtoken");
const logger = require("../config/logger");
const config = require("../config/secret");

const authenticateCustomer = (req, res, next) => {
const token = req.header("Authorization")?.split(" ")[1]; // Expecting "Bearer <token>"

if (token) {
jwt.verify(token, process.env.JWT_SECRET, (err, user) => {
jwt.verify(token, config.JWT_SECRET, (err, user) => {
if (err) {
return res.sendStatus(403); // Forbidden
if (err.name === "TokenExpiredError") {
return res.status(401).json({ message: "Token expired" });
}
return res.status(403).json({ message: "Invalid token" });
}
req.user = user;
logger.info(`Customer authenticated: ${JSON.stringify(user.username)}`);
Expand Down

0 comments on commit a12f1b3

Please sign in to comment.