frm.so/server/auth.js

import dotenv from 'dotenv';
import jwt from 'jsonwebtoken';
import argon2 from 'argon2';

dotenv.config();

export default class AuthHandler {
    ips = new Map()
    #secret

    constructor() {
        this.#secret = process.env.JWT_SECRET;
    }

    isLoggedInUser(req, res) {
        const token = req.cookies.auth_token;

        if (!token) {
            return false;
        }

        try {
            const decoded = jwt.verify(token, process.env.JWT_SECRET);
            req.user = decoded;
            return true;
        } catch (err) {
            return false;
        }
    }

    getProfile(req, res) {
        const token = req.cookies.auth_token;
        if (!token) return res.status(401).send({ error: "No auth token" });

        try {
            const payload = jwt.verify(token, process.env.JWT_SECRET);
            const email = payload.email;

            const user = db.members.getByEmail(email);
            let connections = db.MEMBER_IN_NETWORK.getByFrom(db.members.prefix + "-" + user.id)
            let userOrgs = connections.map((v) => {
                return db.networks.get(v.id)
            })
            console.log(userOrgs)
            res.send({ email: user.email, name: user.firstName + " " + user.lastName, networks: userOrgs});
        } catch (e) {
            console.error("Error getting profile: ", e)
            res.status(401).send({ error: "Invalid token" });
        }
    }

    async login(req, res) {
        const { email, password } = req.body;
        let foundUser = global.db.members.getByEmail(email)
        if(!foundUser) {
            res.status(400).json({ error: 'Incorrect email.' });
            return;
        }
        const storedHash = foundUser.password
        const valid = await argon2.verify(storedHash, password);
        if (!valid) {
            res.status(400).json({ error: 'Incorrect password.' });
        } else {
            const payload = { email: foundUser.email };
            console.log(payload)
            const secret = process.env.JWT_SECRET;
            const options = { expiresIn: "2h" };
            const token = jwt.sign(payload, secret, options);

            res.cookie("auth_token", token, {
                httpOnly: true,               // cannot be accessed by JS
                secure: process.env.ENV === "production", // only over HTTPS
                sameSite: "lax",              // like SameSiteLaxMode
                maxAge: 2 * 60 * 60 * 1000,   // 2 hours in milliseconds
                path: "/",                     // available on entire site
                domain: process.env.ENV === "production" ? "." + process.env.BASE_URL : undefined
            });

            res.redirect("/")
        }
    }

    logout(req, res) {
        res.cookie('auth_token', '', {
            httpOnly: true,
            secure: process.env.NODE_ENV === 'production',
            sameSite: 'lax',
            maxAge: 0, // expire immediately
            path: '/',
            domain: process.env.ENV === "production" ? "." + process.env.BASE_URL : undefined
        });

        res.redirect("/")
    }
}