initial commit, authentication

index.js

@@ -0,0 +1,136 @@
+require('dotenv').config();
+const express = require('express');
+const path = require('path');
+const app = express();
+const port = process.env.PORT || 3000;
+const bodyParser = require('body-parser');
+const cookieParser = require('cookie-parser');
+
+app.use(bodyParser.json());
+app.use(bodyParser.urlencoded({ extended: true }));
+app.use(cookieParser());
+
+const bcrypt = require('bcrypt');
+const crypto = require('crypto');
+const DB = require("./mongoDB.js");
+
+// Utilities
+const getSessionId = function(req){
+    const session_id = req.cookies.session_id || req.query.session_id || req.body.session_id;
+    return session_id
+}
+const getUserId = function(req){
+    const user_sid = req.cookies.user_sid || req.query.user_sid || req.body.user_sid;
+    return user_sid
+}
+
+DB.getDB.then((DB)=>{
+
+    // middleware function to check for logged-in users
+    const sessionChecker = async (req, res, next) => {
+        const session_id = getSessionId(req);
+        const user_sid = getUserId(req);
+        if (session_id && user_sid) {
+            const userInfo = await DB.checkSessionOnDB(session_id, user_sid);
+            req.userInfo = userInfo;
+            if(!userInfo) return res.redirect('/login');
+            next();          
+        } else {
+            return res.redirect('/login');
+        }
+    };
+
+    // route for Home-Page
+    app.get('/', sessionChecker, async (req, res) => {
+        if(req.userInfo) return res.json({status: "ok", userInfo: req.userInfo});
+        res.json({status: "ok"});
+    });
+
+    // route for user signup
+    const signup = async function(req, res){
+        const username = req.query.username || req.body.username;
+        const password = req.query.password || req.body.password;
+        const email = req.query.email || req.body.email;
+        if(!username || !password || !email) return res.json({status: "fail"})
+        const hashedPassword = await bcrypt.hash(password, 10);
+        const success = await DB.newUser({
+            username: username,
+            email: email,
+            password: hashedPassword
+        });
+        if(success){
+            return login(req, res);
+        }
+        res.redirect('/signup');
+    }
+    app.route('/signup').get(async (req, res) => {
+        return await signup(req, res);
+    }).post(async (req, res) => {
+        return await signup(req, res);
+    });
+
+    const cookiesOptions = {
+        maxAge: 1000 * 60 * 60 * 24 * 30, // would expire after 30 days
+        httpOnly: true, // The cookie only accessible by the web server
+        //signed: true // Indicates if the cookie should be signed
+    };
+
+    // route for user Login
+    const login = async function(req, res){
+        const session_id = getSessionId(req);
+        const user_sid = getUserId(req);
+        if (session_id && user_sid) {
+            const userInfo = await DB.checkSessionOnDB(session_id, user_sid);
+            if(userInfo) return res.redirect('/');
+        }
+        const username = req.body.username || req.query.username;
+        const password = req.body.password || req.query.password || "";
+        const user = await DB.getUser(username);
+        if (!user) return res.json({status: "user not founded"});
+        const samePass = await bcrypt.compare(password, user.password);
+        if(!samePass) return res.json({status: "incorrect password"});
+        const doc = await DB.newSession(user._id);
+        res.cookie('user_sid', user._id, cookiesOptions);
+        res.cookie('session_id', doc.insertedId, cookiesOptions);
+        return res.json({
+            status: "ok",
+            user_sid: user._id,
+            session_id: doc.insertedId
+        });
+    }
+    app.route('/login').get(async (req, res) => {
+        return await login(req, res);
+    }).post(async (req, res) => {
+        return await login(req, res);       
+    });
+
+    // route for user logout
+    const logout = function(req, res){
+        const session_id = getSessionId(req);
+        const user_sid = getUserId(req);
+        if (session_id && user_sid) {
+            res.clearCookie('session_id');
+            res.clearCookie('user_sid');
+            //remove from DB
+            DB.removeSession(session_id);
+            res.redirect('/');
+        } else {
+            res.redirect('/login');
+        }
+    }
+    app.get('/logout', (req, res) => {
+        return logout(req, res);
+    });
+
+    // route for handling 404 requests(unavailable routes)
+    app.use(function (req, res, next) {
+        res.status(404).send("Sorry can't find that!")
+    });
+
+    app.listen(port, () => {
+        console.log(`Example app listening at http://localhost:${port}`);
+    });
+}).catch((err)=>{
+    throw err;
+});
+