File size: 5,190 Bytes
3d21646
 
250ca07
3d21646
2c97468
250ca07
 
 
a08dcde
3d21646
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
d747060
 
3d21646
 
 
250ca07
 
 
 
 
 
 
 
 
 
 
 
 
 
 
0469ebe
250ca07
 
 
 
 
6b4f322
250ca07
 
 
 
 
 
 
0469ebe
250ca07
 
 
 
 
d747060
 
250ca07
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
0469ebe
250ca07
 
 
 
 
 
 
 
 
 
 
 
d747060
 
250ca07
 
a08dcde
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
d747060
 
a08dcde
 
6b4f322
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
import { Request, Response } from 'express';
import User from '../models/users';
import { comparePassword, hashPassword } from '../utils/passwordUtils';
import { generateToken } from '../utils/jwtUtils';
import { logger } from '../utils/logger';
import { sendMail } from '../utils/mailer';
import { generateResetToken } from '../utils/tokenUtils';
import { Op } from 'sequelize';
import { AuthenticatedRequest } from 'shared/interfaces/user.interface';

export const login = async (req: Request, res: Response) => {
    
    try {

        const { email, password } = req.body;

        const user = await User.findOne({
            where: {
              email: email,
            },
          })

        if (!user) {
            return res.status(401).json({ error: 'Invalid Credentials' });
        }
        
        const passwordMatch = await comparePassword(password, user.password);
        
        if (!passwordMatch) {
            return res.status(401).json({ error: 'Invalid Credentials' });
        }
        
        if (user.status === 'inactive') {
            return res.status(403).json({ error: 'Forbidden' });
        }

        const payload = {
            id: user.id,
            name: user.name,
            email: user.email,
            role_id: user.role_id
        }

        const token = generateToken(payload);

        return res.status(200).json({ token: token });

    } catch (error) {
        logger.error("Error logging in: ");
        logger.error(error);
        return res.status(500).json({ error: 'Internal server error' });
    }

}

export const forgotPassword = async (req: Request, res: Response) => {
    try {
        const { email } = req.body;

        const user = await User.findOne({
            where: { email }
        });

        if (!user) {
            return res.status(404).json({ error: 'User not found' });
        }

        const resetToken = generateResetToken();
        const resetTokenExpiry = new Date(Date.now() + 3600000);

        await user.update({
            reset_token: resetToken,
            reset_token_expiry: resetTokenExpiry
        });
        const resetLink = `${process.env.APP_URL}reset-password?token=${resetToken}`;

        sendMail({
            subject: 'Your password reset link',
            to: email,
            content: `<p><b>Dear ${user.name},</b></p>
                    <p>Click the link below to reset your password:</p>
                    <p><a href="${resetLink}">Reset Your Password</a></p>
                    <p>Link will expire within 1 hour.</p>
                    <p>Best regards,<br>Team Fusion Bills</p>`
        })
        return res.status(200).json({ message: 'Password reset email sent successfully' });

    } catch (error) {
        logger.error("Error in forgot password: ");
        logger.error(error);
        return res.status(500).json({ error: 'Internal server error' });
    }
}

export const resetPassword = async (req: Request, res: Response) => {
    try {
        const { token, newPassword } = req.body;

        const user = await User.findOne({
            where: { 
                reset_token: token,
                reset_token_expiry: { [Op.gt]: new Date() }
            }
        });

        if (!user) {
            return res.status(400).json({ error: 'Invalid or expired token' });
        }   

        const hashedPassword = await hashPassword(newPassword);

        await user.update({
            password: hashedPassword,
            reset_token: null,
            reset_token_expiry: null
        });

        return res.status(200).json({ message: 'Password reset successfully' });

    } catch (error) {
        logger.error("Error in reset password: ");
        logger.error(error);
        return res.status(500).json({ error: 'Internal server error' });
    }
}

export const changePassword = async (req: AuthenticatedRequest, res: Response) => {
    try {
        const { currentPassword, newPassword, confirmPassword } = req.body;

        const userId = req.user?.id;
        if (!userId) {
            return res.status(401).json({ error: 'Unauthorized' });
        }

        const user = await User.findByPk(userId);
        if (!user) {
            return res.status(404).json({ error: 'User not found' });
        }

        const isPasswordCorrect = await comparePassword(currentPassword, user.password);
        if (!isPasswordCorrect) {
            return res.status(400).json({ error: 'Invalid current password' });
        }

        if (newPassword !== confirmPassword) {
            return res.status(400).json({ error: 'New passwords do not match' });
        }

        if (newPassword.length < 8) {
            return res.status(400).json({ error: 'Password must be at least 8 characters long.' });
        }

        const hashedPassword = await hashPassword(newPassword);
        user.password = hashedPassword;
        await user.save();


        return res.status(200).json({ message: 'Password changed successfully' });

    } catch (error) {
        logger.error("Error changing password: ");
        logger.error(error);
        return res.status(500).json({ error: 'Internal server error' });
    }
}