feat. authorization logic implemented

박권수
Commit 084076f7fc770bb87a4d94ade28c61f9e8b06328 084076f7 1 parent 435efead
Showing 1 changed file with 69 additions and 4 deletions
server/src/api/auth/auth.ctrl.js
--- a/server/src/api/auth/auth.ctrl.js
View file @084076f
+++ b/server/src/api/auth/auth.ctrl.js
View file @084076f
 //회원가입, 로그인 및 로그아웃에 관한 api
 const User = require('../../models/user');
 const Joi = require('joi');
- const jwt = require('jsonwebtoken');
 
 exports.register = async(ctx) => {
-     ctx.body = 'register'
+     const { userId, password, passwordCheck } = ctx.request.body;
+ 
+     const schema = Joi.object.keys({
+         userId : Joi.string().min(8).max(15).required(),
+         password : Joi.string().required(),
+         passwordCheck : Joi.string().required(),
+     })
+     
+     const result = schema.validate(ctx.request.body);
+     if(result.error || password !== passwordCheck) {
+         ctx.status = 400;
+         return;
+     }
+ 
+     const existUser = await User.findByUserId(userId);
+     if(existUser) {
+         ctx.status = 409;
+         return;
+     }
+ 
+     const user = new User({
+         userId
+     });
+ 
+     await user.setPassword(password);
+     await user.save();
+ 
+     ctx.status = 200;
+ 
 };
 
 exports.login = async(ctx) => {
-     ctx.body = 'login'
+     const { userId, password } = ctx.request.body;
+ 
+     const schema = Joi.object.keys({
+         userId : Joi.string().min(8).max(15).required(),
+         password : Joi.string().required()
+     })
+ 
+     const result = schema.validate(ctx.request.body);
+     if(result.error) {
+         ctx.status = 400;
+         return;
+     }
+ 
+     const user = await User.findByUserId(userId);
+     if(!user) {
+         ctx.stauts = 401;
+         return;
+     }
+ 
+     const isPasswordTrue = await user.checkPassword(password);
+     if(!isPasswordTrue) {
+         ctx.status = 401;
+         return;
+     }
+ 
+     const token = await user.generateToken();
+     ctx.cookies.set('access_token', token, {
+         httpOnly : true,
+         maxAge : 1000 * 60 * 60 * 24 * 30
+     });
+ 
+     ctx.status = 201;
+     ctx.body = user;
+ 
 };
 
 exports.logout = async(ctx) => {
-     ctx.body = 'logout'
+     ctx.cookies.set('access_token', null, {
+         httpOnly : true,
+         maxAge : 0
+     });
+     ctx.status = 204;
+     ctx.body = null;
 };
\ No newline at end of file