Removed apikey from user object and added route for requesting a new one

3 files changed, 17 insertions, 10 deletions

diff --git a/src/api/routes/user/apiKey.js b/src/api/routes/user/apiKey.js
index 820e28c..f80d563 100644
--- a/src/api/routes/user/apiKey.js
+++ b/src/api/routes/user/apiKey.js
@@ -1,21 +1,30 @@
 const Route = require('../../structures/Route');
 const randomstring = require('randomstring');
 const moment = require('moment');
+const bcrypt = require('bcrypt');
+const { dump } = require('dumper.js');
 
 class apiKeyPOST extends Route {
 	constructor() {
-		super('/user/apikey/change', 'post');
+		super('/user/apikey/change', 'post', { noApiKey: true });
 	}
 
 	async run(req, res, db, user) {
 		const now = moment.utc().toDate();
 		const apiKey = randomstring.generate(64);
-		await db.table('users')
-			.where({ id: user.id })
-			.update({
-				apiKey,
-				apiKeyEditedAt: now
-			});
+
+		try {
+			const hash = await bcrypt.hash(apiKey, 10);
+			await db.table('users')
+				.where({ id: user.id })
+				.update({
+					apiKey: hash,
+					apiKeyEditedAt: now
+				});
+		} catch (error) {
+			dump(error);
+			return res.status(401).json({ message: 'There was a problem processing your account' });
+		}
 
 		return res.json({
 			message: 'Successfully created new api key',
diff --git a/src/api/routes/user/userGET.js b/src/api/routes/user/userGET.js
index 7929aac..fe46fd4 100644
--- a/src/api/routes/user/userGET.js
+++ b/src/api/routes/user/userGET.js
@@ -11,8 +11,7 @@ class usersGET extends Route {
 			user: {
 				id: user.id,
 				username: user.username,
-				isAdmin: user.isAdmin,
-				apiKey: user.apiKey
+				isAdmin: user.isAdmin
 			}
 		});
 	}
diff --git a/src/api/routes/verifyGET.js b/src/api/routes/verifyGET.js
index e588c22..5875dbb 100644
--- a/src/api/routes/verifyGET.js
+++ b/src/api/routes/verifyGET.js
@@ -9,7 +9,6 @@ class verifyGET extends Route {
 		const returnUser = {
 			id:	user.id,
 			username: user.username,
-			apiKey: user.apiKey,
 			isAdmin: user.isAdmin
 		};