NodeJS + MongoDB - API with Email Sign Up, Verification, Authentication & Forgot Password
For documentation and instructions see https://jasonwatmore.com/post/2020/05/13/node-mongo-api-with-email-sign-up-verification-authentication-forgot-password
NodeJS + MongoDB - Boilerplate API with Email Sign Up, Verification, Authentication & Forgot Password
License: MIT License
NodeJS + MongoDB - API with Email Sign Up, Verification, Authentication & Forgot Password
For documentation and instructions see https://jasonwatmore.com/post/2020/05/13/node-mongo-api-with-email-sign-up-verification-authentication-forgot-password
I'm new at node development but it seems that the accountService refreshToken function will potentially create a new refreshToken entry in the database as often as every 15 minutes. Shouldn't this function just generate a jwt if the refreshToken is still valid. Maybe generate a new refreshToken if the current one is about to expire while the user is active on the site. If they aren't then they just have to login the next time they visit the site.
When I Postman "accounts/register" I get ' "message": "db.Account.countDocuments is not a function" '
I was using Mongo 4.2, and read that 4.2.1 started returning "0" for countDocuments, so I upgraded to 4.2.1 and still get the same error:
This is my postman just in case:
POST: accounts.register
{
"title": "Mr.",
"firstName": "fname",
"lastName": "lname",
"email": "[email protected]",
"password": "!SomePass!",
"confirmPassword": "!SomePass!",
"acceptTerms": true
}
I was crazy confused until I noticed that these functions are not returning a refreshToken.
function authenticate(req, res, next) {
const { email, password } = req.body;
const ipAddress = req.ip;
accountService.authenticate({ email, password, ipAddress })
.then(({ refreshToken, ...account }) => {
setTokenCookie(res, refreshToken);
res.json(account); // missing refresh token
})
.catch(next);
}
function refreshToken(req, res, next) {
const token = req.cookies.refreshToken;
const ipAddress = req.ip;
accountService.refreshToken({ token, ipAddress })
.then(({ refreshToken, ...account }) => {
setTokenCookie(res, refreshToken);
res.json(account); // missing refresh token
})
.catch(next);
}
When I refactored to include the refreshToken it, of course, then showed up in the response.
res.json({...account, refreshToken});
@cornflourblue - terrific work on this! I'm going to use this boilerplate for my project.
Question: In the current implementation, the refreshTokens array under the accounts collection grows indefinitely. To remove expired refresh tokens, my initial thought was to use mongoDB's TTL Indexes, however, the TTL index scope is limited to documents, not to arrays within a document, per the current schema.
How would approach removal of expired tokens?
(node:35564) UnhandledPromiseRejectionWarning: Error: self signed certificate in certificate chain
at TLSSocket.onConnectSecure (_tls_wrap.js:1321:34)
at TLSSocket.emit (events.js:223:5)
at TLSSocket._finishInit (_tls_wrap.js:794:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:608:12)
(node:35564) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:35564) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
While trying to register and also we need a readme file
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.