const bcrypt = require('bcrypt-nodejs') const express = require('express') module.exports = (db) => { const router = express.Router() router.get('/:code', async (req, res) => { const row = (await db.allDocs({ include_docs: true })) .rows .find(({ doc }) => doc.pwToken === req.params.code) res.render('resetpw', { doc: row ? row.doc : undefined }) }) router.post('/:code', async (req, res) => { const { doc } = (await db.allDocs({ include_docs: true })) .rows .find(({ doc }) => doc.pwToken === req.params.code) if (doc.expiry < new Date().getTime()) return res.redirect(`/resetpw/${req.params.code}`) bcrypt.hash(req.body.password, null, null, async (err, passwordHash) => { if (err) throw err doc.password = passwordHash delete doc.pwToken delete doc.pwExpiry await db.put(doc) req.login({ _id: doc._id }, err => { if (err) { console.log(err) req.flash('error', err.message) return res.redirect('/') } req.flash('success', `Welcome to ${_CC.config.siteTitle}!`) res.redirect('/') }) }) }) return router }