From 3100a8c6fd042ca1c99875dfef63fbc53daa4795 Mon Sep 17 00:00:00 2001 From: nafiuishaaq Date: Wed, 4 Mar 2026 10:22:40 +0100 Subject: [PATCH 1/5] implemented the middlewares --- src/controllers/auth.controller.js | 29 +++++++++++++++ src/middlewares/auth.js | 59 ++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+) create mode 100644 src/middlewares/auth.js diff --git a/src/controllers/auth.controller.js b/src/controllers/auth.controller.js index d0fd087..e34b6ed 100644 --- a/src/controllers/auth.controller.js +++ b/src/controllers/auth.controller.js @@ -4,6 +4,34 @@ const jwt = require('jsonwebtoken'); const User = require('../models/User.model'); const { sendSuccess } = require('../utils/response'); +/** + * Logout user by invalidating refresh token + * POST /api/auth/logout + */ +const logout = async (req, res, next) => { + try { + const userId = req.userId; + + // Find the user and clear their refresh token + const user = await User.findById(userId); + if (!user) { + const error = new Error('User not found'); + error.statusCode = 404; + error.isOperational = true; + return next(error); + } + + // Clear the stored refresh token + user.refreshTokenHash = null; + user.refreshTokenExpiresAt = null; + await user.save(); + + return sendSuccess(res, {}, 200, 'Logout successful'); + } catch (error) { + return next(error); + } +}; + /** * Register a new user * POST /api/auth/register @@ -124,4 +152,5 @@ const login = async (req, res, next) => { module.exports = { register, login, + logout, }; diff --git a/src/middlewares/auth.js b/src/middlewares/auth.js new file mode 100644 index 0000000..aedf172 --- /dev/null +++ b/src/middlewares/auth.js @@ -0,0 +1,59 @@ +const jwt = require('jsonwebtoken'); +const User = require('../models/User.model'); + +/** + * Authentication middleware - verifies JWT token and attaches user to request + */ +const authenticate = async (req, res, next) => { + try { + // Get token from Authorization header + const authHeader = req.headers.authorization; + if (!authHeader || !authHeader.startsWith('Bearer ')) { + const error = new Error('Authentication required'); + error.statusCode = 401; + error.isOperational = true; + return next(error); + } + + const token = authHeader.substring(7); // Remove 'Bearer ' prefix + + // Verify the token + const decoded = jwt.verify(token, process.env.JWT_SECRET); + + // Check if token is an access token + if (decoded.type !== 'access') { + const error = new Error('Invalid token type'); + error.statusCode = 401; + error.isOperational = true; + return next(error); + } + + // Find the user + const user = await User.findById(decoded.sub); + if (!user) { + const error = new Error('User not found'); + error.statusCode = 401; + error.isOperational = true; + return next(error); + } + + // Attach user to request object + req.user = user; + req.userId = user._id.toString(); + + next(); + } catch (error) { + if (error.name === 'JsonWebTokenError') { + error.message = 'Invalid token'; + error.statusCode = 401; + error.isOperational = true; + } else if (error.name === 'TokenExpiredError') { + error.message = 'Token expired'; + error.statusCode = 401; + error.isOperational = true; + } + next(error); + } +}; + +module.exports = authenticate; From 92e09cb5e377813c282100440d7fa2a41abdfc1a Mon Sep 17 00:00:00 2001 From: nafiuishaaq Date: Wed, 4 Mar 2026 10:22:54 +0100 Subject: [PATCH 2/5] implemented the middlewares --- src/routes/auth.routes.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/routes/auth.routes.js b/src/routes/auth.routes.js index 492199b..9aad5f4 100644 --- a/src/routes/auth.routes.js +++ b/src/routes/auth.routes.js @@ -1,6 +1,7 @@ const express = require('express'); -const { register, login } = require('../controllers/auth.controller'); +const { register, login, logout } = require('../controllers/auth.controller'); const validate = require('../middlewares/validate'); +const authenticate = require('../middlewares/auth'); const { registerSchema, loginSchema } = require('../validators/auth.validators'); const router = express.Router(); @@ -11,4 +12,7 @@ router.post('/register', validate(registerSchema), register); // POST /api/auth/login - Login an existing user router.post('/login', validate(loginSchema), login); +// POST /api/auth/logout - Logout user (requires authentication) +router.post('/logout', authenticate, logout); + module.exports = router; From efb2ed752dfdd8a942d95a71c43b811572867ecc Mon Sep 17 00:00:00 2001 From: nafiuishaaq Date: Wed, 4 Mar 2026 16:59:46 +0100 Subject: [PATCH 3/5] fixed --- src/routes/auth.routes.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/routes/auth.routes.js b/src/routes/auth.routes.js index cf47784..6d6a1d8 100644 --- a/src/routes/auth.routes.js +++ b/src/routes/auth.routes.js @@ -2,7 +2,7 @@ const express = require('express'); const { register, login, logout } = require('../controllers/auth.controller'); const validate = require('../middlewares/validate'); const authenticate = require('../middlewares/auth'); -const { registerSchema, loginSchema } = require('../validators/auth.validators'); +const { loginSchema } = require('../validators/auth.validators'); const { register, login, resetPassword } = require('../controllers/auth.controller'); const validate = require('../middlewares/validate'); const { registerSchema, loginSchema, resetPasswordSchema } = require('../validators/auth.validators'); From ee3e8ae8e1d87b3ace82d837af9ad81aebd1cf22 Mon Sep 17 00:00:00 2001 From: nafiuishaaq Date: Wed, 4 Mar 2026 17:00:52 +0100 Subject: [PATCH 4/5] fixed --- src/routes/auth.routes.js | 1 - 1 file changed, 1 deletion(-) diff --git a/src/routes/auth.routes.js b/src/routes/auth.routes.js index 6d6a1d8..f4af2fb 100644 --- a/src/routes/auth.routes.js +++ b/src/routes/auth.routes.js @@ -2,7 +2,6 @@ const express = require('express'); const { register, login, logout } = require('../controllers/auth.controller'); const validate = require('../middlewares/validate'); const authenticate = require('../middlewares/auth'); -const { loginSchema } = require('../validators/auth.validators'); const { register, login, resetPassword } = require('../controllers/auth.controller'); const validate = require('../middlewares/validate'); const { registerSchema, loginSchema, resetPasswordSchema } = require('../validators/auth.validators'); From 28a49df20c72186222f8c4b70a87421c2bc9a660 Mon Sep 17 00:00:00 2001 From: nafiuishaaq Date: Wed, 4 Mar 2026 17:04:11 +0100 Subject: [PATCH 5/5] fixed --- src/routes/auth.routes.js | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/routes/auth.routes.js b/src/routes/auth.routes.js index f4af2fb..2fa51f7 100644 --- a/src/routes/auth.routes.js +++ b/src/routes/auth.routes.js @@ -1,9 +1,7 @@ const express = require('express'); -const { register, login, logout } = require('../controllers/auth.controller'); +const { register, login, logout, resetPassword } = require('../controllers/auth.controller'); const validate = require('../middlewares/validate'); const authenticate = require('../middlewares/auth'); -const { register, login, resetPassword } = require('../controllers/auth.controller'); -const validate = require('../middlewares/validate'); const { registerSchema, loginSchema, resetPasswordSchema } = require('../validators/auth.validators'); const router = express.Router();