mod_user_token.js

/**
## /user/token 🎟

Exports the userToken method for the /api/user/token route.

@requires jsonwebtoken

@module /user/key
*/

const jwt = require('jsonwebtoken')

/**
@function userToken

@description
The `/api/user/token` endpoint requests a jsonwebtoken for the user object.

The encoded user token expires in 8hours and does not carry admin rights.

@param {Object} req HTTP request.
@param {Object} res HTTP response.
@param {Object} req.params 
Request parameter.
@param {Object} req.params.user 
Requesting user.
*/

module.exports = async function userToken(req, res) {

  if (!req.params.user) {

    return new Error('login_required')
  }

  const user = req.params.user

  if (user.from_token) {
    return res.send('Token may not be generated from token authentication.')
  }

  delete user.admin
  delete user.exp
  delete user.iat

  const token = jwt.sign(
    req.params.user,
    process.env.SECRET,
    {
      expiresIn: '8hr'
    })

  res.send(token)
}