forked from bastienapp/nodejs-jwt-boilerplate
-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.js
119 lines (108 loc) · 3.23 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
const express = require('express');
const cors = require('cors');
const jwt = require('jsonwebtoken');
require('dotenv').config();
const bcrypt = require('bcrypt');
const connection = require('./database');
const { SERVER_PORT, CLIENT_URL, JWT_SECRET } = process.env;
const app = express();
app.use(
cors({
origin: CLIENT_URL,
})
);
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
// Your code here!
// Don't write anything below this line!
app.listen(SERVER_PORT, () => {
console.log(`Server is running on port ${SERVER_PORT}.`);
});
app.post('/register', (req, res)=>{
const {email, password} =req.body;
let hash = bcrypt.hashSync(password, 10);
// Store hash in database
if (email.length < 1 || password.length < 1){
res.status(400).send('Please specify both email and password')
//.json({ errorMessage: 'Please specify both email and password' });
} else {
connection.query('INSERT INTO user(email, password) VALUES (?,?)',[email, hash], (error , result)=>{
console.log('email',email,'pw',password,'hash', hash);
if (error){
console.log(error)
res.status(500).send(`Can't acces to the data. Bad request !`).end();
}else{
console.log('pas error')
res.status(201).send({
id: result.insertId,
email: email,
password: 'hidden',
}).end();
}
})
}
})
app.post('/login', (req, res) => {
const { email, password } = req.body;
if (!email || !password) {
res
.status(400)
.json({ errorMessage: 'Please specify both email and password' });
} else {
connection.query(
`SELECT * FROM user WHERE email=?`,
[email],
(error, result) => {
if (error) {
res.status(500).json({ errorMessage: error.message });
} else if (result.length === 0) {
res.status(403).json({ errorMessage: 'Invalid email' });
} else if (bcrypt.compareSync(password, result[0].password)) {
// Passwords match
const user = {
id: result[0].id,
email,
password: 'hidden',
};
const token = jwt.sign({ id: user.id }, JWT_SECRET, {
expiresIn: '1h',
});
res.status(200).json({ user, token });
} else {
// Passwords don't match
res.status(403).json({ errorMessage: 'Invalid password' });
}
}
);
}
});
const authenticateWithJsonWebToken = (req, res, next) => {
if (req.headers.authorization !== undefined) {
const token = req.headers.authorization.split(' ')[1];
jwt.verify(token, JWT_SECRET, (err) => {
if (err) {
res
.status(401)
.json({ errorMessage: "you're not allowed to access these data" });
} else {
next();
}
});
} else {
res
.status(401)
.json({ errorMessage: "you're not allowed to access these data" });
}
};
app.get('/users', authenticateWithJsonWebToken,(req, res)=>{
connection.query('SELECT * FROM user', (error, result)=>{
if (error){
res.status(500).send('Bad request');
} else {
const rere = result.map((el)=>{
return {...el, passord : 'hidden'}
})
res.status(200).json(rere);
}
})
})