U2F WorkFlow with MongoDB : Registering and Verification

Register_controller.js

var appId = 'https://127.0.0.1'
var routine = require('routine');

exports.GET = function(req, res, next) {
	var tokens = req.session.tokens || [];
	routine.U2FstartRegistration(req, res, next, appId, tokens);
};

exports.POST = function(req, res, next) {
	var request = req.session.registrationRequest;
	var body = req.body;
	routine.U2FfinishRegistration(req, res, next, request, body);
};

routes.js

var express = require('express');
var router = express.Router();

router.get('/Register', require('Register_controller.js').GET);
router.post('/Register', require('Register_controller.js').POST);
router.get('/Verify', require('Verify_controller.js').GET);
router.post('/Verify', require('Verify_controller.js').POST);
                         
                            

routine.js

var DynamicUserModel = require('dynamicuser');
var u2f = require('authdog');
var flatten = require('flat');

//Registering the key
function U2FstartRegistration(req, res, next, appId, tokens) {
    u2f.startRegistration(appId, tokens)
        .then(function(registrationRequest) {
            // Save to session
            req.session.registrationRequest = registrationRequest;
            res.json(registrationRequest);
        }, function(err) {
            // Handle registration request error
            next(err);
        });
}
exports.U2FstartRegistration = U2FstartRegistration;

function U2FfinishRegistration(req, res, next, request, body) {
    u2f.finishRegistration(request, body)
        .then(function(registrationStatus) {
            var meta = {
                keyHandle: registrationStatus.keyHandle,
                publicKey: registrationStatus.publicKey,
                certificate: registrationStatus.certificate
            }

            if (!req.session.tokens) {
                req.session.tokens = [];
            }

            // Save newly registered token
            req.session.tokens.push(meta);

            //Find the user that has same email as req.session.email
            var newData = {
                U2F: {
                    tokens: req.session.tokens
                }
            };
            newData = flatten(newData);
            DynamicUserModel.findOneAndUpdate({
                email: req.session.email
            }, newData, {
                upsert: true
            }, function(err, doc) {
                if (err) {
                    debugerror('Couldnot update U2F.tokens for user ' + req.session.email + ' , failed with error : ' + err);
                    return next(err);
                }
                debugsuccess('Successfully updated U2F.tokens for user ' + req.session.email);
                res.json(meta);
            });
        }, function(err) {
            // Handle registration request error
            next(err);
        });
}
exports.U2FfinishRegistration = U2FfinishRegistration;

//Authentication
function U2FstartAuthentication(req, res, next, appId, tokens) {
    //Tokens should be req.session.tokens
    u2f.startAuthentication(appId, tokens)
        .then(function(authenticationRequest) {
            // Save registration request to session for later use
            req.session.authenticationRequest = authenticationRequest;
            //Sending response to the UI
            res.json(authenticationRequest);
        }, function(err) {
            // Handle registration request error
            next(err);
        });

}
exports.U2FstartAuthentication = U2FstartAuthentication;

function U2FfinishAuthentication(req, res, next, request, body, tokens) {
    u2f.finishAuthentication(request, body, tokens)
        .then(function(authenticationStatus) {
            // Save registration request to session for later use
            req.session.authenticationStatus = authenticationStatus;
            res.json(authenticationStatus);
        }, function(err) {
            // Handle registration request error
            next(err);
        });
}
exports.U2FfinishAuthentication = U2FfinishAuthentication;

Verify_controller.js

var appId = 'https://127.0.0.1'
var routine = require('routine');
var DynamicUserModel = require('dynamicuser');

exports.GET = function(req, res, next) {
	DynamicUserModel.findOne({
		email: req.session.email
	}).lean().exec(function(err, user) {
		if (err) {
			debugerror('Couldnot find user ' + req.session.email + ' , failed with error : ' + err);
			return next(err);
		}
		debugsuccess('Found the user ' + user.email);
		routine.U2FstartAuthentication(req, res, next, appId, user.U2F.tokens);
	});
};

exports.POST = function(req, res, next) {
	var request = req.session.authenticationRequest;
	DynamicUserModel.findOne({
		email: req.session.email
	}).lean().exec(function(err, user) {
		if (err) {
			debugerror('Couldnot find user ' + req.session.email + ' , failed with error : ' + err);
			return next(err);
		}
		debugsuccess('Found the user ' + user.email);
		routine.U2FfinishAuthentication(req, res, next, request, req.body, user.U2F.tokens);
	});
};