Added extending token features

backend/controller/authController.js

@@ -54,10 +54,17 @@ exports.signin = (req, res) => {
         var token = jwt.sign({id: user.id}, config.secret, {
             expiresIn: config.jwtExpireTime
         });
-
-        res.status(200).send({
-            auth: true,
-            accessToken: token
+        
+        User.update(
+            {validToken: token}, 
+            {where: {id: user.id}}
+        ).then(() => {
+            res.status(200).send({
+                auth: true,
+                accessToken: token
+            });
+        }).error(() => {
+            res.status(500).send("Error saving new token");
         });
     }).catch(err => {
         res.status(500).send('Error -> ' + err);

backend/controller/testController.js

@@ -6,7 +6,7 @@ const Role = models.role;
 exports.memberContent = (req, res) => {
     User.findOne({
         where: {
-            id: req.userId
+            id: res.locals.userId
         },
         attributes: ['id', 'name', 'username', 'email'],
         include: [{
@@ -21,7 +21,7 @@ exports.memberContent = (req, res) => {
     }).catch(err => {
         res.status(500).json({
             "description": "Can not access User Page",
-            "error": er
+            "error": err.message
         });
     })
 }

backend/migrations/20190329134047-add-jwt-column-to-user.js

+'use strict';
+
+module.exports = {
+  up: (queryInterface, Sequelize) => {
+    /*
+      Add altering commands here.
+      Return a promise to correctly handle asynchronicity.
+
+      Example:
+      return queryInterface.createTable('users', { id: Sequelize.INTEGER });
+    */
+    return queryInterface.addColumn('users', 'validToken', {
+      type: Sequelize.STRING
+    });
+  },
+
+  down: (queryInterface, Sequelize) => {
+    /*
+      Add reverting commands here.
+      Return a promise to correctly handle asynchronicity.
+
+      Example:
+      return queryInterface.dropTable('users');
+    */
+    return queryInterface.removeColumn('users', 'validToken');
+  }
+};

backend/models/user.js

@@ -4,7 +4,8 @@ module.exports = (sequelize, DataTypes) => {
     name: DataTypes.STRING,
     email: DataTypes.STRING,
     password: DataTypes.STRING,
-    username: DataTypes.STRING
+    username: DataTypes.STRING,
+    validToken: DataTypes.STRING
   }, {});
   user.associate = function(models) {
     models.user.belongsTo(models.role);

backend/router/jwtTokenHandler.js

+const jwt = require('jsonwebtoken');
+const config = require('../config/app.config.js');
+const models = require('../models');
+const User = models.user;
+
+extendJwtToken = (req, res, next) => {
+    var userId = res.locals.userId;
+    var token = jwt.sign({id: userId}, config.secret, {
+        expiresIn: config.jwtExpireTime
+    });
+    res.locals.token = token;
+    next();
+}
+
+saveTokenToUser = (req, res, next) => {
+    token = res.locals.token;
+    userId = res.locals.userId;
+    User.update({
+        validToken: token
+    }, {
+        where: {
+            id: userId
+        }
+    }).then(() => {
+        next();
+    });
+}
+
+const jwtTokenHandler = {};
+
+jwtTokenHandler.extendJwtToken = extendJwtToken;
+jwtTokenHandler.saveTokenToUser = saveTokenToUser;
+
+module.exports = jwtTokenHandler;
\ No newline at end of file

backend/router/router.js

 const verifySignUp = require('./verifySignUp');
-const authJwt = require('./verifyJwtToken');
+const verifyJwtToken = require('./verifyJwtToken');
+const tokenHandler = require('./jwtTokenHandler');
 
 module.exports = function(app) {
     const authController = require('../controller/authController.js');
@@ -7,6 +8,6 @@ module.exports = function(app) {
     app.post('/api/auth/signup', [verifySignUp.checkDuplicateUserNameOrEmail, verifySignUp.checkRolesExisted], authController.signup);
     app.post('/api/auth/login', authController.signin);
 
-    app.get('/api/test/admin', [authJwt.verifyToken, authJwt.isAdmin], testController.adminContent);
-    app.get('/api/test/member', [authJwt.verifyToken], testController.memberContent);
+    app.get('/api/test/admin', [verifyJwtToken.verifyToken, verifyJwtToken.isAdmin, tokenHandler.extendJwtToken, tokenHandler.saveTokenToUser], testController.adminContent);
+    app.get('/api/test/member', [verifyJwtToken.verifyToken, tokenHandler.extendJwtToken, tokenHandler.saveTokenToUser], testController.memberContent);
 }
\ No newline at end of file

backend/router/verifyJwtToken.js

@@ -21,16 +21,29 @@ verifyToken = (req, res, next) => {
                 auth: false
             });
         }
-        req.userId = decoded.id;
-        next();
+        res.locals.userId = decoded.id;
+
+        // check if token is same
+        User.findOne({
+            where: {
+                id: decoded.id
+            }
+        }).then(user => {
+            if (user.validToken === token) {
+                next();
+            } else {
+                res.status(403).send("Cannot match token!");
+            }
+        });
     });
 }
 
 isAdmin = (req, res, next) => {
-    User.findByPk(req.userId)
+    User.findByPk(res.locals.userId)
         .then(user => {
             user.getRole().then(role => {
-                if (role === 'Master Admin Diskominfo' || role === 'Admin Diskominfo' || role === 'Admin Dinas') {
+                if (role.name === 'Master Admin Diskominfo' || role.name === 'Admin Diskominfo' || role.name === 'Admin Dinas') {
+                    res.locals.userId = res.locals.userId; 
                     next();
                     return;
                 }

backend/router/verifySignUp.js

@@ -33,7 +33,6 @@ checkRolesExisted = (req, res, next) => {
         res.status(400).send("Fail -> Role does NOT exist = " + req.body.role);
         return;
     }
-
     next();
 }