CCExtractor · MuntazirHaider · Nov 27, 2023
diff --git a/graphql/resolvers.js b/graphql/resolvers.js
@@ -9,6 +9,7 @@ const Group = require("../models/group.js");
 const Landmark = require("../models/landmark.js");
 const { User } = require("../models/user.js");
 const { MongoServerError } = require("mongodb");
+const { sendEmail } = require('../utils/send_email.js');
 
 const alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
 // even if we generate 10 IDs per hour,
@@ -58,6 +59,37 @@ const resolvers = {
     },
 
     Mutation: {
+
+        requestPasswordReset: async (_parent, { email }) => {
+            if (!email) return new UserInputError("Email is required to reset password");
+            const user = await User.findOne({ email });
+            if (!user) return new UserInputError("User with this email not exist");
+            const otp = sendEmail(email);
+            const encryptOtp = await bcrypt.hash(otp, 10);
+            return { message: "Otp send successfully", success: true, encryptOtp };
+        },
+
+        verifyPasswordResetOtp: async (_parent, { userOtp }, { otp }) => {
+            if (!userOtp || !otp) return new UserInputError("OTP is required");
+            const verified = await bcrypt.compare(userOtp, otp);
+            if (!verified) return new UserInputError("OTP doesn't match");
+            return { message: "Otp matched successfully", success: true };
+        },
+
+        resetPassword: async (_parent, { credentials }) => {
+            const { email, password } = credentials;
+            if (!email) return new UserInputError("Email is required");
+            if (!password) return new UserInputError("Password is required");
+            const user = await User.findOne({ email });
+            if (!user) return new UserInputError("User with this email does not exist");
+            const encryptNewPass = await bcrypt.hash(password, 10);
+            await User.updateOne(
+                { email: email },
+                { $set: { password: encryptNewPass } }
+            );
+            return { message: "Password changed successfully", success: true };
+        },
+
         register: async (_parent, { user }) => {
             const { name, credentials } = user;
 

diff --git a/graphql/schema.js b/graphql/schema.js
@@ -104,6 +104,17 @@ const typeDefs = gql`
         hello: String
     }
 
+    type requestPasswordResetResponse {
+        message: String!
+        success: Boolean!
+        encryptOtp: String!
+      }
+
+      type PasswordResetResponse {
+        message: String!
+        success: Boolean!
+      }
+
     type Mutation {
         """
         if start time not supplied, default is Date.now
@@ -122,6 +133,9 @@ const typeDefs = gql`
         changeBeaconDuration(newExpiresAt: Float!, beaconID: ID!): Beacon!
         createGroup(group: GroupInput): Group!
         joinGroup(shortcode: String!): Group!
+        requestPasswordReset(email: String!): requestPasswordResetResponse!
+        verifyPasswordResetOtp(userOtp: String!): PasswordResetResponse!
+        resetPassword(credentials: AuthPayload): PasswordResetResponse!
     }
 
     type Subscription {

diff --git a/index.mjs b/index.mjs
@@ -21,8 +21,9 @@ const server = new ApolloServer({
         if (connection) {
             return { user: connection.context.user, pubsub };
         }
+        const otp = req?.headers?.otp || (connection?.context?.headers?.otp ? connection.context.headers.otp : null);
         const user = req?.user ? await User.findById(req.user.sub).populate("beacons") : null;
-        return { user, pubsub };
+        return { user, pubsub, otp };
     },
     stopGracePeriodMillis: Infinity,
     stopOnTerminationSignals: false,

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -36,6 +36,8 @@
     "jsonwebtoken": "^8.5.1",
     "mongoose": "^6.2.6",
     "nanoid": "^3.3.1",
+    "nodemailer": "^6.9.7",
+    "otp-generator": "^4.0.1",
     "pm2": "^5.2.0"
   },
   "devDependencies": {

diff --git a/permissions/index.js b/permissions/index.js
@@ -8,6 +8,9 @@ const permissions = shield({
     },
     Mutation: {
         "*": isAuthenticated,
+        requestPasswordReset: not(isAuthenticated),
+        verifyPasswordResetOtp: not(isAuthenticated),
+        resetPassword: not(isAuthenticated),
         register: not(isAuthenticated),
         login: not(isAuthenticated),
     },

diff --git a/utils/generate_otp.js b/utils/generate_otp.js
@@ -0,0 +1,7 @@
+const otpGenerator = require('otp-generator')
+
+const generateOtp = () => {
+    return otpGenerator.generate(6, { upperCaseAlphabets: false, lowerCaseAlphabets: false, specialChars: false });
+}
+
+module.exports = {generateOtp};
diff --git a/utils/send_email.js b/utils/send_email.js
@@ -0,0 +1,36 @@
+const nodemailer = require("nodemailer");
+const { generateOtp } = require("./generate_otp");
+
+const transporter = nodemailer.createTransport({
+  host: process.env.SMTP_HOST,
+  port: process.env.SMTP_PORT,
+  secure: true,
+  auth: {
+    user: process.env.SMTP_MAIL,
+    pass: process.env.SMTP_PASSWORD,
+  },
+});
+
+const sendEmail = (email) => {
+
+    const otp = generateOtp();
+    var mailOptions = {
+        from: process.env.SMTP_MAIL,
+        to: email,
+        subject: "OTP from CCExtractor Beacon",
+        html: `<p>Dear User, Your OTP for reseting password from CCExtractor BEACON is :</p> <b>${otp}</b>`
+    }
+
+    transporter.sendMail(mailOptions, (error, info) => {
+        if(error){
+            console.log("Error -", error);
+            return false;
+        }else{
+            console.log("Email send Successfully");
+            return true;
+        }
+    })
+    return otp;
+}
+
+module.exports = {sendEmail};