user controller and routes

[elimelt]

in server/controllers/users.js there are a few endpoints that need to be implemented, including the following:

GET, PUT, DELETE requests for retrieving, updating, and deleting user data respectively.

POST requests for creating new users and authenticating sign in attempts.

we will be using bcrypt for encryption and jsonwebtoken for token based authentication.

[elimelt]

@Harshi-R

As we discussed in yesterday's meeting, we will need to implement several new functions to query and insert into our database.

In particular, here are a few important ones (with some example SQL queries and a description to get you started:

createUser(username, hash, salt)

create a new record in users table with the corresponding data SQL:

INSERT INTO users (username, salt, hash_password, date_created, last_login)
VALUES (username, salt, hash, CURRENT_DATE, NULL);

getSalt(username)

query DB for salt corresponding to username, return salt SQL:

SELECT salt FROM users WHERE username = username;

authenticate(username, hash)

check if the hash matches what we have for the given user SQL:

SELECT hash_password FROM users WHERE username = username;

remember to use prepared statements so we don't get exploited. the meat of the work here will be making sure you handle any potential errors that might occur. also, if possible try to get MySQL working locally so that you can use it for testing!

[elimelt]

@kaitinderr

I am assigning you to the /create endpoint. You'll want to read up a little bit on bcrypt and jsonwebtoken.

here is the basic rundown of how we will implement the endpoint:

1. get username and password from req.body
2. generate a random salt with bcrypt
3. hash the password with the salt
4. call createUser function with username, hash, and salt
5. create a JWT token and send it in the response (we will need to create a secret key and put it in our .env file)

[elimelt]

This is all done!