require('dotenv').config(); const express = require('express'); const path = require('path'); const app = express(); const port = process.env.PORT || 3000; const bodyParser = require('body-parser'); const cookieParser = require('cookie-parser'); const cors = require('cors'); var corsOptions = { origin: ['http://localhost:8080', "https://social.emmint.com"], credentials: true }; app.use(cors(corsOptions)); app.use(bodyParser.json()); app.use(bodyParser.urlencoded({ extended: true })); app.use(cookieParser()); const bcrypt = require('bcrypt'); const crypto = require('crypto'); const DB = require("./mongoDB.js"); // Utilities const getSessionId = function(req){ const session_id = req.cookies.session_id || req.query.session_id || req.body.session_id; return session_id; } const getUserId = function(req){ const user_sid = req.cookies.user_sid || req.query.user_sid || req.body.user_sid; return user_sid; } const getProfileId = function(req){ const profile_id = req.cookies.profile_id || req.query.profile_id || req.body.profile_id; return profile_id; } // Definitions const Post = require("./def/post.js") const Profile = require("./def/profile.js"); var profileRoute = require('./routes/profile.js'); var postRoute = require('./routes/post.js'); DB.getDB.then((DB)=>{ // middleware function to check for logged-in users const sessionChecker = async (req, res, next) => { const session_id = getSessionId(req); const user_sid = getUserId(req); const profile_id = getProfileId(req); if (session_id && user_sid) { const userInfo = await DB.checkSessionOnDB(session_id, user_sid); req.userInfo = userInfo; req.profileInfo = {_id: profile_id} if(!userInfo) return res.redirect('/login'); next(); } else { return res.redirect('/login'); } }; // route for Home-Page app.get('/', sessionChecker, async (req, res) => { if(req.userInfo) return res.json({ status: "ok", userInfo: req.userInfo, profileInfo:req.profileInfo }); res.json({status: "ok"}); }); // route for user signup const signup = async function(req, res){ const username = req.query.username || req.body.username; const password = req.query.password || req.body.password; const email = req.query.email || req.body.email; const profile = req.query.profile || req.body.profile; if(!username || !password || !email) return res.json({status: "fail"}) //const hashedPassword = await bcrypt.hash(password, 10); const hashedPassword = await bcrypt.hash(password, 10); const success = await DB.newUser({ username: username, email: email, password: hashedPassword }); if(success){ let user = { userid: success.insertedId, profile: profile, } const userObj = new Profile(user); await DB.newProfile(userObj); return await login(req, res); } res.redirect('/signup'); } app.route('/signup').get(async (req, res) => { return await signup(req, res); }).post(async (req, res) => { return await signup(req, res); }); const cookiesOptions = { maxAge: 1000 * 60 * 60 * 24 * 30, // would expire after 30 days httpOnly: true, // The cookie only accessible by the web server //signed: true // Indicates if the cookie should be signed sameSite: 'none', // This and secure are required for properly secure: true, // manage cockies in cros-domain }; // route for user Login const login = async function(req, res){ const session_id = getSessionId(req); const user_sid = getUserId(req); if (session_id && user_sid) { const userInfo = await DB.checkSessionOnDB(session_id, user_sid); if(userInfo) return res.redirect('/'); } const username = req.body.username || req.query.username; const password = req.body.password || req.query.password || ""; const user = await DB.getUser(username); if (!user) return res.json({status: "user not founded"}); const samePass = await bcrypt.compare(password, user.password); if(!samePass) return res.json({status: "incorrect password"}); const doc = await DB.newSession(user._id); res.cookie('user_sid', user._id, cookiesOptions); res.cookie('session_id', doc.insertedId, cookiesOptions); //Chooses the most recent update profile const latestProfile = await DB.latestProfile(user._id); console.log("latestProfile", latestProfile) res.cookie('profile_id', latestProfile._id, cookiesOptions); return res.json({ status: "ok", user_sid: user._id, session_id: doc.insertedId, profile_id: latestProfile._id }); } app.route('/login').get(async (req, res) => { return await login(req, res); }).post(async (req, res) => { return await login(req, res); }); app.post('/changeProfile', sessionChecker, async (req, res) => { const user_sid = getUserId(req); let profile = await DB.getProfile(req.body.profileid); if(!profile || profile.userid != user_sid) return res.json({ status: "profile does not belong to the logged user", }); res.cookie('profile_id', profile._id, cookiesOptions); return res.json({ status: "ok", ...profile }); }); // route for user logout const logout = function(req, res){ const session_id = getSessionId(req); const user_sid = getUserId(req); if (session_id && user_sid) { res.clearCookie('session_id'); res.clearCookie('user_sid'); //remove from DB DB.removeSession(session_id); res.redirect('/'); } else { res.redirect('/login'); } } app.get('/logout', (req, res) => { return logout(req, res); }); app.use('/user', sessionChecker, profileRoute); app.use('/post', sessionChecker, postRoute); // route for handling 404 requests(unavailable routes) app.use(function (req, res, next) { res.status(404).send("Sorry can't find that!") }); app.listen(port, () => { console.log(`Example app listening at http://localhost:${port}`); }); }).catch((err)=>{ throw err; });