-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathapp.js
104 lines (90 loc) · 3.22 KB
/
app.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
var express = require('express');
var path = require('path');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var bcrypt = require('bcryptjs');
const jwt = require('jsonwebtoken');
const exjwt = require('express-jwt');
const PORT = process.env.PORT || 3001;
var app = express();
// Requiring our models for syncing
var db = require("./models");
/*========= Here we want to let the server know that we should expect and allow a header with the content-type of 'Authorization' ============*/
app.use((req, res, next) => {
res.setHeader('Access-Control-Allow-Headers', 'Content-type,Authorization');
next();
});
/*========= This is the typical node server setup so we can be able to parse the requests/responses coming in and out of the server ============*/
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());
app.use(cookieParser());
/*========= Here we will set up an express jsonwebtoken middleware(simply required for express to properly utilize the token for requests) You MUST instantiate this with the same secret that will be sent to the client ============*/
const jwtMW = exjwt({
secret: 'super secret'
});
app.post('/signup', (req, res) => {
const { username, password } = req.body;
const saltRounds = 10;
bcrypt.hash(password, saltRounds, function (err, hash) {
db.user.create({
username: username,
password: hash
}).then((result) => {
console.log("User created: ", result);
res.json("user created!");
})
});
})
/* This is SUPER important! This is the route that the client will be passing the entered credentials for verification to. If the credentials match, then the server sends back a json response with a valid json web token for the client to use for identification. */
app.post('/log-in', (req, res) => {
const { username, password } = req.body;
console.log("User submitted: ", username, password);
db.user.findOne(
{
where: { username: username }
})
.then((user) => {
console.log("User Found: ", user);
if (user === null) {
res.status(401).json({
sucess: false,
token: null,
err: 'Invalid Credentials'
});
}
bcrypt.compare(password, user.password, function (err, result) {
if (result === true) {
console.log("Valid!");
let token = jwt.sign(
{
username: user.username
},
'super secret',
{ expiresIn: 129600 }); // Signing the token
res.json({
sucess: true,
err: null,
token
});
}
else {
console.log("Entered Password and Hash do not match!");
res.status(401).json({
sucess: false,
token: null,
err: 'Entered Password and Hash do not match!'
});
}
});
})
});
app.get('/', jwtMW /* Using the express jwt MW here */, (req, res) => {
console.log("Web Token Checked.")
res.send('You are authenticated'); //Sending some response when authenticated
});
db.sequelize.sync().then(() => {
app.listen(PORT, function () {
console.log("App listening on PORT " + PORT);
});
})
module.exports = app;