iotsensor fixed but session valid broken

consumerWebsite/functions/api.js

@@ -1,5 +1,5 @@
 const { hash, compareHash } = require("./bcrypt.js");
-const { apikeyModel } = require("../database/model/apiKeyModel");
+const { tokenModel } = require("../database/model/tokenModel.js");
 const { generateUUID } = require("./generateUUID.js");
 
 /*
@@ -11,37 +11,38 @@ const { generateUUID } = require("./generateUUID.js");
 6) store in database
 */
 //can be used for api key or token. Both are the same logic
-async function addAPIKey(userId, permission) {
-	let hashtoken = await generateUUID();
-	let apikey = await hash(hashtoken);
+async function addToken(userId, permission , expiry) {
+	let uuid = await generateUUID();
+	let hashtoken = await hash(uuid);
 
-	let token = await apikeyModel.create({
+	let token = await tokenModel.create({
 		userid: userId,
-		apikey: apikey,
+		token: hashtoken,
 		permission: permission,
+		expiration: expiry,
 	});
 
 	//user token with - tokenid is table id
-	return token.id + "-" + hashtoken;
+	return token.id + "-" + uuid;
 }
 
-async function checkAPikey(SuppliedKey, rowid) {
+async function checkToken(Supplied, rowid) {
 	try {
-		const retrivedKey = await apikeyModel.findOne({
+		const retrivedToken = await tokenModel.findOne({
 			raw: true,
-			attributes: ["apikey", "permission"],
+			attributes: ["token", "permission"],
 			where: {
 				id: rowid,
 			},
 		});
 		//console.log(retrivedKey.apikey);
-		if (compareHash(SuppliedKey, retrivedKey.apikey)) {
+		if (compareHash(Supplied, retrivedToken.token)) {
 			//return true;
-			return retrivedKey.permission;
+			return retrivedToken.permission;
 		}
 	} catch (error) {
 		console.error(error);
 	}
 }
 
-module.exports = { addAPIKey  , checkAPikey };
+module.exports = { addToken  , checkToken };

consumerWebsite/functions/isValid.js

@@ -0,0 +1,20 @@
+const moment = require("moment");
+const currentTime = moment().format("YYYY-MM-DD HH:mm:ss");
+
+//time is taken from the token
+function isValid(time){
+    const timeDiff = moment(currentTime).diff(time, "minutes");
+
+    if (timeDiff > 1) {
+        console.log(timeDiff);
+        return false;
+    }
+
+    return true;
+
+}
+
+
+
+
+module.exports = { isValid };

consumerWebsite/functions/user.js

@@ -1,7 +1,8 @@
 const { Op } = require('sequelize')
 const { hash, compareHash } = require("./bcrypt.js");
-const { addAPIKey } = require("./api");
+const { addToken } = require("./api");
 const { userModel } = require("../database/model/userModel");
+moment = require('moment')
 
 
 
@@ -70,9 +71,9 @@ async function loginUser(user) {
 	if (!match) return false;
 	//console.log('loginUser', userRes.id, userRes.username);
 
-	//generate token
-	let token = await addAPIKey(userRes.id, "auto-generated");
-
+	//generate token and permission and experiation time 
+	const currentTime = moment().format('YYYY-MM-DD HH:mm:ss');
+	let token = await addToken(userRes.id , "canRead" , currentTime);
 	return { token: token, userid: userRes.id, username: userRes.username };
 }