exported token functions to utils

src/handlers/products.ts

@@ -1,12 +1,13 @@
 import express, { Request, Response } from 'express'
 import { Product, ProductStore } from '../models/product'
+import { verifyAuthToken } from './utils'
 
 const productRoutes = (app: express.Application) => {
     app.get('/products', index)
     app.get('/products/:id', read)
-    app.post('/products/create', create)
-    app.put('/products/:id', update)
-    app.delete('/products/:id', destroy)
+    app.post('/products/create', verifyAuthToken, create)
+    app.put('/products/:id', verifyAuthToken, update)
+    app.delete('/products/:id', verifyAuthToken, destroy)
 }
 
 const store = new ProductStore()

src/handlers/users.ts

@@ -1,8 +1,7 @@
 import express, { Request, Response, NextFunction } from 'express'
 import { User, UserStore } from '../models/user'
-import jwt, {Secret} from 'jsonwebtoken'
+import { verifyAuthToken, verifyUserToken} from './utils'
 
-const SECRET = process.env.TOKEN_SECRET as Secret
 
 const userRoutes = (app: express.Application) => {
     app.get('/users', index)
@@ -15,30 +14,6 @@ const userRoutes = (app: express.Application) => {
 
 const store = new UserStore()
 
-const verifyAuthToken = (req: Request, res: Response, next: NextFunction) => {
-    if (!req.headers.authorization) {
-        res.status(401)
-        res.json("Access denied, invalid token")
-    
-        return false
-    }
-
-    try {
-        //const authorizationHeader = req.headers.authorization
-        const token = req.headers.authorization.split(" ")[1]
-        const decoded = jwt.verify(token, SECRET)
-        next()
-    } catch (err) {
-        res.status(401)
-        res.json("Access denied, invalid token")
-    }
-}
-
-let verifyUserToken = (user: User | null) => {
-    return jwt.sign({ user }, SECRET)
-}
-
-
 
 const index = async (req: Request, res: Response) => {
     try {
@@ -111,18 +86,26 @@ const destroy = async (req: Request, res: Response) => {
 }
 
 const authenticate = async (req: Request, res: Response) => {
-    const userInfo: User = {
-        username: req.body.username,
-        password: req.body.password
-    }
+    try {
+        const userInfo: User = {
+            username: req.body.username,
+            password: req.body.password
+        }
+    
+        if (userInfo.username === undefined || userInfo.password === undefined) {
+            res.status(400)
+            res.send("Missing credentials username or password")
 
-    if (userInfo.username === undefined || userInfo.password === undefined) {
-        res.status(400)
-    }
+        }
 
-    try {
-        const auth: User | null = await store.authenticate(userInfo.username, userInfo.password)
-        res.json(verifyUserToken(auth))
+        const authUser: User | null = await store.authenticate(userInfo.username, userInfo.password)
+
+        if (authUser === null) {
+            res.status(401)
+            res.send("Password is incorrect")
+        }
+
+        res.json(verifyUserToken(authUser))
     } catch(err) {
         res.status(401)
         res.json(err)

src/handlers/utils.ts

@@ -0,0 +1,27 @@
+import jwt, {Secret} from "jsonwebtoken"
+import {User} from "../models/user"
+import {NextFunction, Request, Response} from "express"
+
+const SECRET = process.env.TOKEN_SECRET as Secret
+
+export const verifyAuthToken = (req: Request, res: Response, next: NextFunction) => {
+    if (!req.headers.authorization) {
+        res.status(401)
+        res.json("Access denied, invalid token")
+
+        return false
+    }
+
+    try {
+        const token = req.headers.authorization.split(" ")[1]
+        jwt.verify(token, SECRET)
+        next()
+    } catch (err) {
+        res.status(401)
+        res.json("Access denied, invalid token")
+    }
+}
+
+export const verifyUserToken = (user: User | null) => {
+    return jwt.sign({ user }, SECRET)
+}

src/models/user.ts

@@ -75,7 +75,7 @@ export class UserStore {
         try {
 
             const conn = await client.connect()
-            const sql = 'UPDATE users SET fristName=$1, lastName=$2, username=$3, password=$4 WHERE id=$5 RETURNING *'
+            const sql = 'UPDATE users SET firstname=$1, lastName=$2, username=$3, password_digest=$4 WHERE id=$5 RETURNING *'
 
             const result = await conn.query(sql, [u.firstname, u.lastname, u.username, u.password, u.id])
             const user = result.rows[0]