diff --git a/back-end/config/jwt-config.js b/back-end/config/jwt-config.js index 5e428be..be3e227 100644 --- a/back-end/config/jwt-config.js +++ b/back-end/config/jwt-config.js @@ -17,6 +17,13 @@ let jwtOptions = { const jwtVerifyToken = async function (jwt_payload, next) { // console.log("JWT payload received", jwt_payload) // debugging + // check if the token has expired + const expirationDate = new Date(jwt_payload.exp * 1000) // convert from seconds to milliseconds + if (expirationDate < new Date()) { + // the token has expired + return next(null, false, { message: "JWT token has expired." }) + } + // try to find a matching user in our database // find this user in the database @@ -27,7 +34,7 @@ const jwtVerifyToken = async function (jwt_payload, next) { next(null, user) } else { // we didn't find the user... fail! - next(null, false) + next(null, false, { message: "User not found" }) } } diff --git a/back-end/models/User.js b/back-end/models/User.js index b0c228f..f960b3f 100644 --- a/back-end/models/User.js +++ b/back-end/models/User.js @@ -22,6 +22,7 @@ const UserSchema = new Schema({ // mongoose provides hooks that allow us to run code before or after specific events UserSchema.pre("save", function (next) { const user = this + // if the password has not changed, no need to hash it if (!user.isModified("password")) return next() // otherwise, the password is being modified, so hash it bcrypt.hash(user.password, 10, (err, hash) => { diff --git a/back-end/routes/authentication-routes.js b/back-end/routes/authentication-routes.js index f083d20..d70fe30 100644 --- a/back-end/routes/authentication-routes.js +++ b/back-end/routes/authentication-routes.js @@ -49,7 +49,7 @@ const authenticationRouter = () => { // a route to handle login attempts requested to /auth/login router.post("/login", async function (req, res) { - // brab the name and password that were submitted as POST body data + // grab the name and password that were submitted as POST body data const username = req.body.username const password = req.body.password // console.log(`${username}, ${password}`)