How do I create and save an expiring user token in node js?
First, the user token should be a Model:
var mongoose = require( 'mongoose' );var Schema = mongoose.Schema;var Token = new Schema({ token: {type: String}, createDate: {type: Date, default: Date.now()}});Token.methods.hasExpired= function(){ var now = Date.now(); return (now - Date.parse(createDate)) > 604800000; // Date is converted to milliseconds to calculate 7 days it > one day = 24 hours * 60 minutes * 60 seconds *1000 milliseconds * 7 days = 604800000};//don't forget to add the token as a field in your usermongoose.model( 'Token', Token);
Next, in the router, inside the else
clause, I would change your findOneAndUpdate
to findOne
, because you are not updating the whole User
object, but simply a property on it.
require('crypto').randomBytes(48, function(ex, buf) { var userToken = buf.toString('hex'); User.findOne({email: (req.body.email)}, function(err, usr) { if(err || !usr) { console.log('err'); } usr.token = new Token(token:userToken); usr.save(function(err, usr){ res.redirect('recoverPassword', {title: 'Weblio', message:'Your token was sent by email. Please enter it on the form below.'}); }; });});
In a different route, where your user is POSTing his token, you will do the following:
exports.postToken = function(req, res, next) { if(req.body.token === '') { console.log('err'); } else { User.findOne({email: (req.body.email)}, function(err, usr) { if(err || !usr) { console.log('err'); } if(usr.token == req.body.token && !usr.tokenHasExpired()) { usr.token = undefined; usr.tokenCreated = undefined; usr.save(function(err, usr){ res.redirect('index', {title: 'Weblio', message: 'Here is your password. Please dont lose it again', password: usr.password}); }); } else { res.redirect('recoverPassword', {title: 'Weblio', message:'The token is not set, or has expired. Though luck!'}); } }); });};