Skip to content

Commit 2326f88

Browse files
Rahad-UllahRahad-Ullah
committed
inhance: security by strict validation and protect from attackers
1 parent 268ed42 commit 2326f88

File tree

2 files changed

+18
-13
lines changed

2 files changed

+18
-13
lines changed

src/app/modules/auth/auth.controller.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ const loginUser = catchAsync(async (req: Request, res: Response) => {
2424
success: true,
2525
statusCode: StatusCodes.OK,
2626
message: 'User logged in successfully.',
27-
data: result.createToken,
27+
data: result,
2828
});
2929
});
3030

src/app/modules/auth/auth.service.ts

Lines changed: 17 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -18,15 +18,23 @@ import { ResetToken } from '../resetToken/resetToken.model';
1818
import { User } from '../user/user.model';
1919
import { USER_STATUS } from '../user/user.constant';
2020

21-
//login
21+
//------------------ login service ------------------
2222
const loginUserFromDB = async (payload: ILoginData) => {
2323
const { email, password } = payload;
2424
const isExistUser = await User.findOne({ email }).select('+password');
2525
if (!isExistUser) {
26-
throw new ApiError(StatusCodes.BAD_REQUEST, "User doesn't exist!");
26+
throw new ApiError(StatusCodes.BAD_REQUEST, config.node_env === 'development' ? "User doesn't exist!" : 'Invalid email or password');
27+
}
28+
29+
// check if user is deleted
30+
if (isExistUser.isDeleted) {
31+
throw new ApiError(
32+
StatusCodes.BAD_REQUEST,
33+
'It looks like your account has been deleted or deactivated.'
34+
);
2735
}
2836

29-
//check verified and status
37+
//check if user is verified
3038
if (!isExistUser.isVerified) {
3139
throw new ApiError(
3240
StatusCodes.BAD_REQUEST,
@@ -38,26 +46,23 @@ const loginUserFromDB = async (payload: ILoginData) => {
3846
if (isExistUser.status !== USER_STATUS.ACTIVE) {
3947
throw new ApiError(
4048
StatusCodes.BAD_REQUEST,
41-
'You don’t have permission to access this content.It looks like your account has been deactivated.'
49+
'It looks like your account has been suspended or deactivated.'
4250
);
4351
}
4452

4553
//check match password
46-
if (
47-
password &&
48-
!(await User.isMatchPassword(password, isExistUser.password))
49-
) {
50-
throw new ApiError(StatusCodes.BAD_REQUEST, 'Password is incorrect!');
54+
if (!(await User.isMatchPassword(password, isExistUser.password))) {
55+
throw new ApiError(StatusCodes.BAD_REQUEST, config.node_env === 'development' ? 'Password is incorrect!' : 'Invalid email or password');
5156
}
5257

53-
//create token
54-
const createToken = jwtHelper.createToken(
58+
//create access token
59+
const accessToken = jwtHelper.createToken(
5560
{ id: isExistUser._id, role: isExistUser.role, email: isExistUser.email },
5661
config.jwt.jwt_secret as Secret,
5762
config.jwt.jwt_expire_in as string
5863
);
5964

60-
return { createToken };
65+
return { accessToken, role: isExistUser.role };
6166
};
6267

6368
//forget password

0 commit comments

Comments
 (0)