adolforeyna/EMI-Backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dcd161aac894e6160faff4496a2f25c9e6f7d66a
EMI-Backend/index.js
Adolfo Reyna dcd161aac8 adding cors
2021-07-20 09:55:19 -07:00

143 lines
4.8 KiB
JavaScript
Raw Blame History

require('dotenv').config();
const express = require('express');
const path = require('path');
const app = express();
const port = process.env.PORT || 3000;
const bodyParser = require('body-parser');
const cookieParser = require('cookie-parser');
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
app.use(cookieParser());
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*"); // update to match the domain you will make the request from
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
});
const bcrypt = require('bcrypt');
const crypto = require('crypto');
const DB = require("./mongoDB.js");
// Utilities
const getSessionId = function(req){
const session_id = req.cookies.session_id || req.query.session_id || req.body.session_id;
return session_id
}
const getUserId = function(req){
const user_sid = req.cookies.user_sid || req.query.user_sid || req.body.user_sid;
return user_sid
}
DB.getDB.then((DB)=>{
// middleware function to check for logged-in users
const sessionChecker = async (req, res, next) => {
const session_id = getSessionId(req);
const user_sid = getUserId(req);
if (session_id && user_sid) {
const userInfo = await DB.checkSessionOnDB(session_id, user_sid);
req.userInfo = userInfo;
if(!userInfo) return res.redirect('/login');
next();
} else {
return res.redirect('/login');
}
};
// route for Home-Page
app.get('/', sessionChecker, async (req, res) => {
if(req.userInfo) return res.json({status: "ok", userInfo: req.userInfo});
res.json({status: "ok"});
});
// route for user signup
const signup = async function(req, res){
const username = req.query.username || req.body.username;
const password = req.query.password || req.body.password;
const email = req.query.email || req.body.email;
if(!username || !password || !email) return res.json({status: "fail"})
const hashedPassword = await bcrypt.hash(password, 10);
const success = await DB.newUser({
username: username,
email: email,
password: hashedPassword
});
if(success){
return login(req, res);
}
res.redirect('/signup');
}
app.route('/signup').get(async (req, res) => {
return await signup(req, res);
}).post(async (req, res) => {
return await signup(req, res);
});
const cookiesOptions = {
maxAge: 1000 * 60 * 60 * 24 * 30, // would expire after 30 days
httpOnly: true, // The cookie only accessible by the web server
//signed: true // Indicates if the cookie should be signed
};
// route for user Login
const login = async function(req, res){
const session_id = getSessionId(req);
const user_sid = getUserId(req);
if (session_id && user_sid) {
const userInfo = await DB.checkSessionOnDB(session_id, user_sid);
if(userInfo) return res.redirect('/');
}
const username = req.body.username || req.query.username;
const password = req.body.password || req.query.password || "";
const user = await DB.getUser(username);
if (!user) return res.json({status: "user not founded"});
const samePass = await bcrypt.compare(password, user.password);
if(!samePass) return res.json({status: "incorrect password"});
const doc = await DB.newSession(user._id);
res.cookie('user_sid', user._id, cookiesOptions);
res.cookie('session_id', doc.insertedId, cookiesOptions);
return res.json({
status: "ok",
user_sid: user._id,
session_id: doc.insertedId
});
}
app.route('/login').get(async (req, res) => {
return await login(req, res);
}).post(async (req, res) => {
return await login(req, res);
});
// route for user logout
const logout = function(req, res){
const session_id = getSessionId(req);
const user_sid = getUserId(req);
if (session_id && user_sid) {
res.clearCookie('session_id');
res.clearCookie('user_sid');
//remove from DB
DB.removeSession(session_id);
res.redirect('/');
} else {
res.redirect('/login');
}
}
app.get('/logout', (req, res) => {
return logout(req, res);
});
// route for handling 404 requests(unavailable routes)
app.use(function (req, res, next) {
res.status(404).send("Sorry can't find that!")
});
app.listen(port, () => {
console.log(`Example app listening at http://localhost:${port}`);
});
}).catch((err)=>{
throw err;
});
Reference in New Issue View Git Blame Copy Permalink