CODEWITHSUNDEEP
javascriptnode.jsmongodbexpressmongoose
Darshit
Darshit

Reputation: 85

How to make a route to logout user and delete from mongodb database

Hi I am learning to make a web-based chat app in mean stack I had defined routes for login and home page and using Angularjs sattelizer method $auth.logout and deleting token from local storage to log out a User, Now my requirement is as soon as a User logs out I also want to remove User Object from database too, So please let me know how to make a backend route to log out user

Here is My Server.js code

    var express = require('express');
    var socketIO = require('socket.io');
    var http = require('http');
    var bcrypt = require('bcryptjs');
    var bodyParser = require('body-parser');
    var cors = require('cors');
    var jwt = require('jwt-simple');
    var moment = require('moment');
    var mongoose = require('mongoose');
    var path = require('path');
    var request = require('request');

    var config = require('./config');
    var User = require('./models/user');
    mongoose.connect(config.db);

    var port = process.env.PORT || 3000;
    var app = express();
    var server = http.createServer(app);
    var io = socketIO(server);

    app.use(cors());
    app.use(bodyParser.json());
    app.use(bodyParser.urlencoded({ extended: false }));
    app.use(express.static(path.join(__dirname, '../public')));

    function isAuthenticated(req, res, next){
        if(!(req.headers && req.headers.authorization)){
            return res.status(400).send({ message: 'You did not provide a JSON web token in the authorization header' });
        }

        var header = req.headers.authorization.split(' ');
        var token = header[1];
        var payload = jwt.decode(token, config.tokenSecret);
        var now = moment().unix();

        if(now > payload.exp){
            return res.status(401).send({ message: 'Token has expired.' });
        }

        User.findById(payload.sub, function(err, user){
            if(!user){
                return res.status(400).send({ message: 'User no longer exists.' })
            }
            req.user = user;
            next();
        })
    };

    function createToken(user) {
      var payload = {
        exp: moment().add(14, 'days').unix(),
        iat: moment().unix(),
        sub: user._id
      };

      return jwt.encode(payload, config.tokenSecret);
    };

    app.get('/', function(req, res){
        res.sendFile(path.join(__dirname, '../public', 'index.html'));
    });


    app.post('/auth/login', function(req, res){
        User.findOne({email: req.body.email}, '+password', function(err, user){
            if(!user){
                return res.status(401).send({message: { email: 'Incorrect email'}});
            }
            bcrypt.compare(req.body.password, user.password, function(err, isMatch){
                if(!isMatch){
                    return res.status(401).send({message: {password: 'Incorrect password'}});
                }

                user = user.toObject();
                delete user.password;

                var token = createToken(user);
                res.send({token: token, user:  user});
            })
        })
    })

    app.post('/auth/signup', function(req, res){
        User.findOne({email: req.body.email}, function(err, existingUser){
            if(existingUser){
                return res.status(409).send({ message: 'Email is already taken'});
            }
            var user = new User({
                email: req.body.email,
                password: req.body.password
            });
            bcrypt.genSalt(10, function(err, salt){
                bcrypt.hash(user.password, salt, function(err, hash){
                    user.password = hash;

                    user.save(function(){
                        var token = createToken(user);
                        res.send({ token: token, user:user });
                    })
                })
            })
        })
    });

    app.post('/auth/instagram', function(req, res){
        var accessTokenUrl = 'https://api.instagram.com/oauth/access_token';

        var params = {
            client_id: req.body.clientId,
            redirect_uri: req.body.redirectUri,
            client_secret: config.clientSecret,
            code: req.body.code,
            grant_type: 'authorization_code'
        }; 
        request.post({ url: accessTokenUrl, form: params, json: true }, function(error, response, body){
            if(req.headers.authorization){            


               User.findOne({ instagramId: body.user.id }, function(err,  existingUser){
                    var token = req.headers.authorization.split(' ')[1];
                    var payload = jwt.decode(token, config.tokenSecret);

                    User.findById(payload.sub, '+password', function(err, localUser){
                        if(!localUser){
                            return res.status(400).send({message: 'User not found.'});
                        } 
                        if(existingUser){
                            existingUser.email = localUser.email;
                            existingUser.password = localUser.password;

                            localUser.remove();

                            existingUser.save(function(){
                                var token = createToken(existingUser);
                                return res.send({ token: token, user: existingUser });
                            })
                        }else{
                            localUser.instagramId = body.user.id;
                            localUser.username = body.user.username;
                            localUser.fullName = body.user.full_name;
                            localUser.picture = body.user.profile_picture;
                            localUser.accessToken = body.access_token;

                            localUser.save(function(){
                                var token = createToken(localUser);
                                res.send({ token: token, user: localUser });
                            });
                        }
                    })
                });
            } else{
                User.findOne({ instagramId: body.user.id }, function(err, existingUser){
                    if(existingUser){
                        var token = createToken(existingUser);
                        return res.send({ token: token, user: existingUser })
                    }

                    var user = new User({
                        instagramId: body.user.id,
                        username: body.user.username,
                        fullName: body.user.full_name,
                        picture: body.user.profile_picture,
                        accessToken: body.access_token
                    });

                    user.save(function(){
                        var token = createToken(user);
                        res.send({ token: token, user: user });
                    });
                });
            }
        });
    });

app.get('/api/chat', isAuthenticated, function(req, res){
    console.log(User._id);
    User.find({}, function(err, users){
        var userMap = {};

        users.forEach(function(user){
            userMap[user] = user;
        });
        res.send(userMap);
    });
});

app.get('/api/logout', isAuthenticated, function(req, res){

}); 




server.listen(port, function(){
    console.log(`server is running on ${port}`);
})

model.js

var mongoose = require('mongoose');

var userSchema = mongoose.model('User', new mongoose.Schema({
    instagramId: { type: String, index: true },
    email: { type: String, unique: true, lowercase: true },
    password: { type: String, select: false },
    username: String,
    fullName: String,
    picture: String,
    accessToken: String
}));

module.exports = ('User', userSchema);

Upvotes: 0

Views: 2671

Answers (2)

Akhilesh krishnan
Akhilesh krishnan

Reputation: 799

we can use .findOneAndRemove() or .findByIdAndRemove() of mongoose

app.get('/api/logout', isAuthenticated, function(req, res){
    User.findOneAndRemove({email:email-data}, callback(err, res){})
});

we can send the email or document id from client and replace the hardcoded email

Upvotes: 0

Asad Marfani
Asad Marfani

Reputation: 177

You can achieve this by using mongoose findByIdAndRemove. The logged in user must be present in req object. You can access his mongoose object Id by req.user._id. Use the above mentioned method to remove the user by Id.

app.get('/api/logout', isAuthenticated, function(req, res){
    console.log('User Id', req.user._id);
    User.findByIdAndRemove(req.user._id, function(err){
    if(err) res.send(err);
    res.json({ message: 'User Deleted!'});
   })
});

You can see the documentation from here

Upvotes: 3

Related Questions