shell bypass 403
const express = require("express")
const User = require("../schema/User")
const router = express.Router()
const bcrypt = require('bcryptjs');
const jwt = require('jsonwebtoken');
const JWT_SECRET = "mU$!cC|@rK";
router.post('/register', async (req, res) => {
try {
const { profilePicture, firstName, lastName, email, password } = req.body
const checkUser = await User.findOne({ email })
if (checkUser) {
return res.json({
success: false,
error: 'Email Already Registered'
})
}
const salt = await bcrypt.genSalt(10)
const hashPassword = await bcrypt.hash(password, salt)
const newUser = await User.create({ profilePicture, firstName, lastName, email, password: hashPassword })
if (newUser) {
const { _id, role } = newUser
const user = {
id: _id, firstName, lastName, email, role
}
const authtoken = jwt.sign(user, JWT_SECRET);
return res.cookie('authtoken', authtoken).json({
success: true,
user,
authtoken
})
}
return res.json({
success: false,
error: 'Something Went Wrong'
})
} catch (error) {
return res.json({
success: false,
error: error.message
})
}
})
router.post('/login', async (req, res) => {
try {
const { email, password } = req.body
const checkUser = await User.findOne({ email })
if (checkUser) {
const passwordCompare = await bcrypt.compare(password, checkUser.password);
if (!passwordCompare) {
return res.json({
success: false,
error: 'Invalid Credentials'
})
}
const { _id, profilePicture, firstName, lastName, email, role } = checkUser
const user = {
id: _id, profilePicture, firstName, lastName, email, role
}
const authtoken = jwt.sign(user, JWT_SECRET);
return res.cookie('authtoken', authtoken).json({
success: true,
user,
authtoken
})
}
return res.json({
success: false,
error: 'Invalid Credentials'
})
} catch (error) {
return res.json({
success: false,
error: error.message
})
}
})
module.exports = router