app.post('/api/auth/signin', function (req, res) {
//const user = req.body.username;
//const pwd = req.body.password;
const user = req.body.formFields[0].value;
const pwd = req.body.formFields[1].value;
// return 400 status if username/password is not exist
if (!user || !pwd) {
return handleResponse(req, res, 400, null, "Username and Password required.");
}
const userData = userList.find(x => x.username === user && x.password === pwd);
// return 401 status if the credential is not matched
if (!userData) {
return handleResponse(req, res, 401, null, "Username or Password is Wrong.");
}
// get basic user details
const userObj = getCleanUser(userData);
// generate access token
const tokenObj = generateToken(userData);
// generate refresh token
const refreshToken = generateRefreshToken(userObj.userId);
// refresh token list to manage the xsrf token
refreshTokens[refreshToken] = tokenObj.xsrfToken;
// set cookies
res.cookie('refreshToken', refreshToken, COOKIE_OPTIONS);
res.cookie('XSRF-TOKEN', tokenObj.xsrfToken);
return handleResponse(req, res, 200, {
user: userObj,
token: tokenObj.token,
expiredAt: tokenObj.expiredAt
});
});