token expiration

back-end/config/jwt-config.js

@@ -17,6 +17,13 @@ let jwtOptions = {
 const jwtVerifyToken = async function (jwt_payload, next) {
   // console.log("JWT payload received", jwt_payload) // debugging
 
+  // check if the token has expired
+  const expirationDate = new Date(jwt_payload.exp * 1000) // convert from seconds to milliseconds
+  if (expirationDate < new Date()) {
+    // the token has expired
+    return next(null, false, { message: "JWT token has expired." })
+  }
+
   // try to find a matching user in our database
 
   // find this user in the database
@@ -27,7 +34,7 @@ const jwtVerifyToken = async function (jwt_payload, next) {
     next(null, user)
   } else {
     // we didn't find the user... fail!
-    next(null, false)
+    next(null, false, { message: "User not found" })
   }
 }
 

back-end/models/User.js

@@ -22,6 +22,7 @@ const UserSchema = new Schema({
 // mongoose provides hooks that allow us to run code before or after specific events
 UserSchema.pre("save", function (next) {
   const user = this
+  // if the password has not changed, no need to hash it
   if (!user.isModified("password")) return next()
   // otherwise, the password is being modified, so hash it
   bcrypt.hash(user.password, 10, (err, hash) => {

back-end/routes/authentication-routes.js

@@ -49,7 +49,7 @@ const authenticationRouter = () => {
 
   // a route to handle login attempts requested to /auth/login
   router.post("/login", async function (req, res) {
-    // brab the name and password that were submitted as POST body data
+    // grab the name and password that were submitted as POST body data
     const username = req.body.username
     const password = req.body.password
     // console.log(`${username}, ${password}`)