@@ -5,16 +5,9 @@ const bcrypt = require('bcrypt');
55const { zxcvbn } = require ( '@zxcvbn-ts/core' ) ;
66const ms = require ( 'ms' ) ;
77const { validate : emailValidator } = require ( 'deep-email-validator' ) ;
8+ const crypto = require ( 'crypto' ) ;
89const emailSends = require ( '@services/email' ) ;
910
10- /**
11- * @returns number random in 5 digit in string format
12- */
13- function randomCode ( ) {
14- const numberRandom = Math . floor ( ( Math . random ( ) * 5000 ) , 0 ) ;
15- return numberRandom . toString ( ) . padStart ( 5 , Math . floor ( Math . random ( ) * 10 + 1 ) ) . toString ( ) ;
16- }
17-
1811/**
1912 * נרמול כתובת מייל - הסרת נקודות מיותרות, מה שאחרי הפלוס, וכדומה
2013 * לצורך וידוא שהמייל לא רשום כבר
@@ -82,7 +75,7 @@ async function signup (req, res) {
8275 } ) ;
8376 }
8477
85- const verifyEmailCode = randomCode ( ) ;
78+ const verifyEmailCode = crypto . randomInt ( 0 , 99999 ) ;
8679 const userID = new mongoose . Types . ObjectId ( ) ;
8780
8881 const user = new User ( {
@@ -129,12 +122,13 @@ async function login (req, res) {
129122
130123 const session = await Session . create ( {
131124 _id : new mongoose . Types . ObjectId ( ) ,
125+ uuid : crypto . randomUUID ( ) ,
132126 userId : user . _id
133127 } ) ;
134128
135- res . status ( 200 ) . cookie ( 'session' , session . _id , { path : '/' , secure : true , httpOnly : true , maxAge : ms ( '30d' ) } ) . json ( {
129+ res . status ( 200 ) . cookie ( 'session' , session . uuid , { path : '/' , secure : true , httpOnly : true , maxAge : ms ( '30d' ) } ) . json ( {
136130 message : 'Auth successful' ,
137- sessionId : session . _id ,
131+ sessionUuid : session . uuid ,
138132 user : {
139133 name : user . name ,
140134 email : user . emailFront ,
@@ -220,35 +214,8 @@ async function resendVerificationEmail (req, res) {
220214async function resetPassword ( req , res ) {
221215 const { email } = req . body ;
222216
223- /**
224- * normalize-email by regex
225- */
226217 const emailProcessed = normalizeEmail ( email ) ;
227218
228- /**
229- * validate email
230- */
231- const validateEmail = await emailValidator ( {
232- email : emailProcessed ,
233- validateRegex : true ,
234- validateMx : true ,
235- validateTypo : false ,
236- validateDisposable : true ,
237- validateSMTP : false
238- } ) ;
239-
240- if ( ! validateEmail . valid ) {
241- if ( validateEmail . reason === 'disposable' ) {
242- return res . status ( 400 ) . json ( {
243- message : 'disposable email not allowed'
244- } ) ;
245- } else {
246- return res . status ( 400 ) . json ( {
247- message : 'email is not valid'
248- } ) ;
249- }
250- }
251-
252219 const user = await User . findOne ( { emailProcessed } ) ;
253220 if ( ! user ) {
254221 return res . status ( 404 ) . json ( {
@@ -264,7 +231,7 @@ async function resetPassword (req, res) {
264231 } ) ;
265232 }
266233
267- const resetPasswordToken = randomCode ( ) ;
234+ const resetPasswordToken = crypto . randomInt ( 0 , 99999 ) ;
268235 await emailSends . resetPassword ( {
269236 code : resetPasswordToken ,
270237 address : user . emailFront ,
0 commit comments