From b2f9147c9abf2fc5f4f623107dfd2bd1b47b53e8 Mon Sep 17 00:00:00 2001
From: "Umang G. Patel" <23169768+robonetphy@users.noreply.github.com>
Date: Sat, 23 Apr 2022 10:44:36 +0530
Subject: [PATCH] update: auth route and token verification

---
 src/backend/routes/auth.ts              | 7 ++-----
 src/backend/routes/middlewares/token.ts | 7 ++-----
 2 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/src/backend/routes/auth.ts b/src/backend/routes/auth.ts
index 4968fcd..e09d522 100644
--- a/src/backend/routes/auth.ts
+++ b/src/backend/routes/auth.ts
@@ -1,10 +1,8 @@
 import express, { Request, Response } from 'express';
 import jwt from 'jsonwebtoken';
 import config from 'config';
-import bcrypt from 'bcrypt';
 import csrf from 'csurf';
 import * as dotenv from 'dotenv';
-import Users from '../controllers/users';
 
 dotenv.config();
 
@@ -27,10 +25,9 @@ router.get('/auth', csrfProtection, function (req: Request, res: Response) {
  */
 router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Response) => {
   try {
-    const userDoc = await Users.get();
-    const password = userDoc.password;
+    const password = process.env.PASSWORD;
 
-    if (!password) {
+    if (!process.env.PASSWORD) {
       res.render('auth', {
         title: 'Login page',
         header: 'Password not set',
diff --git a/src/backend/routes/middlewares/token.ts b/src/backend/routes/middlewares/token.ts
index 25dec95..041d7fe 100644
--- a/src/backend/routes/middlewares/token.ts
+++ b/src/backend/routes/middlewares/token.ts
@@ -2,7 +2,6 @@ import * as dotenv from 'dotenv';
 import config from 'config';
 import { NextFunction, Request, Response } from 'express';
 import jwt from 'jsonwebtoken';
-import Users from '../../controllers/users';
 
 dotenv.config();
 
@@ -17,16 +16,14 @@ export default async function verifyToken(req: Request, res: Response, next: Nex
   const token = req.cookies.authToken;
 
   try {
-    const userDoc = await Users.get();
-
-    if (!userDoc.password) {
+    if (!process.env.PASSWORD) {
       res.locals.isAuthorized = false;
       next();
 
       return;
     }
 
-    const decodedToken = jwt.verify(token, userDoc.password + config.get('secret'));
+    const decodedToken = jwt.verify(token, process.env.PASSWORD + config.get('secret'));
 
     res.locals.isAuthorized = !!decodedToken;