지금까지 정리한 걸 보니 토큰 생성하는 부분 정리하는 걸 빼먹어서 일부 코드라도 올려본다ㅎㅎ..
userSchema.pre('save', function (next) {
var user = this
if (user.isModified('password')) {
bcrypt.genSalt(saltRounds, function (err, salt) {
if (err) return next(err)
bcrypt.hash(user.password, salt, function (err, hash) {
if (err) return next(err)
user.password = hash
next()
})
})
} else {
next()
}
})
userSchema.methods.comparePassword = function (plainPassword) {
console.log(plainPassword)
return new Promise((resolve, reject) => {
bcrypt.compare(plainPassword, this.password, (err, isMatch) => {
if (err) {
reject(err)
} else {
resolve(isMatch)
}
})
})
}
userSchema.methods.generateToken = function () {
const user = this
const token = jwt.sign({ userId: user._id.toHexString() }, "secretToken")
user.token = token
return user.save()
.then(() => token)
}
userSchema.statics.findByToken = function (token) {
const user = this
return new Promise((resolve, reject) => {
jwt.verify(token, 'secretToken', (err, decoded) => {
if (err) {
reject(err)
}
user.findOne({ '_id': decoded.userId, 'token': token })
.then(user => {
resolve(user)
})
.catch(err => {
reject(err)
})
})
})
}
app.post('/api/users/register', async (req, res) => {
const user = new User(req.body)
const result = await user.save().then(() => {
res.status(200).json({
success: true
})
}).catch((err) => {
res.json({ success: false, err })
})
})
app.post('/api/users/login', async (req, res) => {
try {
const user = await User.findOne({ email: req.body.email })
if (!user) {
return res.json({
loginSuccess: false,
message: "제공된 이메일에 해당하는 유저가 없습니다."
})
}
const isMatch = await user.comparePassword(req.body.password)
console.log(isMatch)
if (!isMatch) {
return res.json({ loginSuccess: false, message: "비밀번호가 틀렸습니다." })
}
const token = await user.generateToken()
res.cookie("user_auth", token).status(200).json({ loginSuccess: true, userId: user._id })
} catch (err) {
return res.status(400).send(err)
}
})
app.get('/api/users/auth', auth, (req, res) => {
res.status(200).json({
_id: req.user._id,
isAdmin: req.user.role === 0 ? true : false,
isAuth: true,
email: req.user.email,
name: req.user.name,
role: req.user.role,
image: req.user.image
})
})
app.get('/api/users/logout', auth, async (req, res) => {
try {
await User.findOneAndUpdate(
{ _id: req.user._id },
{ token: '' }
)
return res.status(200).send({
success: true
})
} catch (err) {
return res.json({ success: false, err })
}
})