/**
## /user/token 🎟
Exports the userToken method for the /api/user/token route.
@requires jsonwebtoken
@module /user/key
*/
const jwt = require('jsonwebtoken')
/**
@function userToken
@description
The `/api/user/token` endpoint requests a jsonwebtoken for the user object.
The encoded user token expires in 8hours and does not carry admin rights.
@param {Object} req HTTP request.
@param {Object} res HTTP response.
@param {Object} req.params
Request parameter.
@param {Object} req.params.user
Requesting user.
*/
module.exports = async function userToken(req, res) {
if (!req.params.user) {
return new Error('login_required')
}
const user = req.params.user
if (user.from_token) {
return res.send('Token may not be generated from token authentication.')
}
delete user.admin
delete user.exp
delete user.iat
const token = jwt.sign(
req.params.user,
process.env.SECRET,
{
expiresIn: '8hr'
})
res.send(token)
}