added logout

netlify/functions/api.js

@@ -1,35 +1,26 @@
 import serverless from "serverless-http";
 import jwt from 'jsonwebtoken';
-// import swaggerJsdoc from 'swagger-jsdoc';
-// import {swaggerOptions} from './swaggerConfig.js';
 import morgan from 'morgan';
 import cors from 'cors';
-import swaggerUi from 'swagger-ui-express';
 import express, {Router} from "express";
 // import {io} from "socket.io-client";
-import spec from '@netlify/open-api'
 
 const api = express();
-
 const router = Router();
 
 api.use(express.json());
 api.use(morgan('combined', {
     stream: {
         write: (message) => {
-            console.log(message)
-            // io.emit('log', message.trim());
+            console.log(message);
         }
     }
-})); // Log all requests
-// api.use(morgan('combined')); // Log all requests
-api.use(cors()); // Enable CORS for all routes
-
-// Serve static files from the "public" directory
+}));
+api.use(cors());
 api.use(express.static('public'));
 
 const users = [
-    { id: 1, email: 'user@example.com', password: 'password', role: 'user' },
+    { id: 1, email: 'user@example.com', password: 'password@123', role: 'user', username: 'user1' },
 ];
 
 const SECRET_KEY = 'vW8nF/bLKidnpIHC2ngYZNbdOe+tbFcoZ7muV0vCRYk=';
@@ -41,32 +32,8 @@ const generateTokens = (user) => {
     return { accessToken, refreshToken };
 };
 
-// Swagger setup
-// const specs = swaggerJsdoc(swaggerOptions);
-router.use('/api-docs', swaggerUi.serve, swaggerUi.setup(spec));
-
-/**
- * @swagger
- * /api/signin:
- *   post:
- *     summary: Sign in a user
- *     requestBody:
- *       required: true
- *       content:
- *         application/json:
- *           schema:
- *             type: object
- *             properties:
- *               email:
- *                 type: string
- *               password:
- *                 type: string
- *     responses:
- *       200:
- *         description: Successful sign in
- *       401:
- *         description: Invalid email or password
- */
+const tokenBlacklist = new Set();
+
 router.post('/signin', (req, res) => {
     const { email, password } = req.body;
     const user = users.find((u) => u.email === email && u.password === password);
@@ -79,59 +46,28 @@ router.post('/signin', (req, res) => {
     }
 });
 
-/**
- * @swagger
- * /api/signup:
- *   post:
- *     summary: Sign up a new user
- *     requestBody:
- *       required: true
- *       content:
- *         application/json:
- *           schema:
- *             type: object
- *             properties:
- *               email:
- *                 type: string
- *               password:
- *                 type: string
- *     responses:
- *       201:
- *         description: User created successfully
- *       409:
- *         description: User already exists
- */
 router.post('/signup', (req, res) => {
-    const { email, password } = req.body;
+    const { username, email, password, passwordConfirmation } = req.body;
+    if (password !== passwordConfirmation) {
+        return res.status(400).json({ message: 'Passwords do not match' });
+    }
     const userExists = users.some((u) => u.email === email);
 
     if (userExists) {
         res.status(409).json({ message: 'User already exists' });
     } else {
-        const newUser = { id: users.length + 1, email, password, role: 'user' };
+        const newUser = { id: users.length + 1, username, email, password, role: 'user' };
         users.push(newUser);
         const tokens = generateTokens(newUser);
         res.status(201).json({ user: newUser, ...tokens });
     }
 });
 
-/**
- * @swagger
- * /api/user:
- *   get:
- *     summary: Get authenticated user details
- *     security:
- *       - bearerAuth: []
- *     responses:
- *       200:
- *         description: User details retrieved successfully
- *       401:
- *         description: Invalid token
- *       404:
- *         description: User not found
- */
 router.get('/user', (req, res) => {
     const token = req.headers.authorization.split(' ')[1];
+    if (tokenBlacklist.has(token)) {
+        return res.status(401).json({ message: 'Token has been invalidated' });
+    }
     try {
         const decoded = jwt.verify(token, SECRET_KEY);
         const user = users.find((u) => u.id === decoded.id);
@@ -145,28 +81,11 @@ router.get('/user', (req, res) => {
     }
 });
 
-/**
- * @swagger
- * /api/refresh:
- *   post:
- *     summary: Refresh access token
- *     requestBody:
- *       required: true
- *       content:
- *         application/json:
- *           schema:
- *             type: object
- *             properties:
- *               refreshToken:
- *                 type: string
- *     responses:
- *       200:
- *         description: Token refreshed successfully
- *       401:
- *         description: Invalid refresh token
- */
 router.post('/refresh', (req, res) => {
     const { refreshToken } = req.body;
+    if (tokenBlacklist.has(refreshToken)) {
+        return res.status(401).json({ message: 'Refresh token has been invalidated' });
+    }
     try {
         const decoded = jwt.verify(refreshToken, REFRESH_SECRET_KEY);
         const user = users.find((u) => u.id === decoded.id);
@@ -181,28 +100,16 @@ router.post('/refresh', (req, res) => {
     }
 });
 
-/**
- * @swagger
- * /api/check:
- *   get:
- *     summary: Check if the server is working
- *     responses:
- *       200:
- *         description: Server is working
- */
+router.post('/logout', (req, res) => {
+    const token = req.headers.authorization.split(' ')[1];
+    tokenBlacklist.add(token);
+    res.status(200).json({ message: 'User logged out successfully' });
+});
+
 router.get('/check', (req, res) => {
     res.status(200).json({ message: 'All working' });
 });
 
-/**
- * @swagger
- * /api/users:
- *   get:
- *     summary: Get all users
- *     responses:
- *       200:
- *         description: List of users retrieved successfully
- */
 router.get('/users', (req, res) => {
     res.status(200).json({ users });
 });