Logger to store token reset history [subject to change]

Author: a3ryk

src/controllers/v4/internal/user.js

@@ -46,7 +46,11 @@ const processUserAction = async (req, res, next) => {
   }
 
   const userId = req.params.id;
-  const { action, amount, reason, executor, expiry } = req.body; // Extract fields from the request body
+  const { action, amount, reason, executor, expiry, old_token, new_token, isForced } = req.body; // Extract fields from the request body
+
+  if (!action) {
+    return res.status(400).json({ message: 'Action is required in body' }); // Action is required
+  }
 
   try {
     // Fetch user by ID
@@ -154,6 +158,24 @@ const processUserAction = async (req, res, next) => {
         updatedUser = await user.save();
         break;
 
+      case 'addtokenhistory':
+        if (!old_token && !new_token) {
+          return res.status(400).json({ message: 'Old and new tokens are required' });
+        }
+        // Update status history
+        user.token_history.push({
+          _id: user.token_history.length + 1,
+          timestamp: new Date(),
+          reason: reason || 'Self Regenerated',
+          executor: executor || 'Self',
+          isForced: isForced || false,
+          old_token,
+          new_token,
+        });
+
+        updatedUser = await user.save();
+        break;
+
       default:
         return res.status(400).json({ message: `Invalid action: ${action}` });
     }

src/models/schemas/User.js

@@ -43,6 +43,77 @@ const UserSchema = new mongoose.Schema({
    */
   token: { type: String },
 
+  /**
+   * Array to store the history of token resets, including timestamps, reason,
+   * executor, and old/new token values.
+   * @type {Array<{
+   *   timestamp: Date,
+   *   reason: string,
+   *   isForced: boolean,
+   *   executor: string,
+   *   old_token: string,
+   *   new_token: string,
+   *   expiry?: Date
+   * }>}
+   */
+  token_history: [
+    {
+      /**
+       * Unique identifier for the token reset entry.
+       * @type {string}
+       * @required
+       */
+      _id: { type: String, required: true },
+
+      /**
+       * Timestamp of the token reset.
+       * @type {Date}
+       * @default Date.now
+       */
+      timestamp: { type: Date, default: Date.now },
+
+      /**
+       * Optional expiry time if token is meant to be invalidated after a period.
+       * @type {Date}
+       */
+      expiry: { type: Date },
+
+      /**
+       * Reason for the token reset (e.g., "suspicious activity", "user request").
+       * @type {string}
+       */
+      reason: { type: String, default: 'Self Regenerated' },
+
+      /**
+       * Indicates whether the token reset was forced (e.g., by an admin).
+       * @type {boolean}
+       * @default false
+       */
+      isForced: { type: Boolean, default: false },
+
+      /**
+       * Information about the staff member or system who performed the reset.
+       * @type {string}
+       * @required
+       */
+      executor: { type: String, required: true, default: 'Self' },
+
+      /**
+       * The token before the reset.
+       * @type {string}
+       * @required
+       */
+      old_token: { type: String, required: true },
+
+      /**
+       * The token after the reset.
+       * @type {string}
+       * @required
+       */
+      new_token: { type: String, required: true },
+    },
+  ],
+
   /**
    * Flag indicating whether the user is banned.
    * @type {boolean}