search

zezung27 / api-mymeostore

1 stars 0 forks source link

index.js #17

Open zezung27 opened 1 year ago

zezung27 commented 1 year ago

require("dotenv").config(); const express = require("express"); const cookieParser = require("cookie-parser"); const cors = require("cors"); const authRouter = require("./router/auth"); const userRouter = require("./router/users");

const app = express();

app.use(express.json()); app.use(cors()); app.use(cookieParser()); //ROUTER app.use("/v1/auth", authRouter); app.use("/list", userRouter);

const PORT = process.env.PORT || 4000;

app.listen(PORT, () => console.log("server is running...."));

zezung27 commented 1 year ago

{ "name": "auth_final", "version": "1.0.0", "description": "", "main": "index.js", "scripts": { "auth": "nodemon authServer", "dev": "nodemon server", "test": "echo \"Error: no test specified\" && exit 1" }, "author": "", "license": "ISC", "dependencies": { "apollo-server-core": "^3.11.1", "apollo-server-express": "^3.11.1", "class-validator": "^0.14.0", "cookie-parser": "^1.4.6", "cors": "^2.8.5", "dotenv": "^16.0.3", "express": "^4.18.2", "graphql": "^16.6.0", "jsonwebtoken": "^9.0.0", "pg": "^8.8.0", "reflect-metadata": "^0.1.13", "type-graphql": "^1.1.1", "typeorm": "^0.3.11" }, "devDependencies": { "nodemon": "^2.0.20" } }

zezung27 commented 1 year ago

router_auth

const authController = require("../controller/auth");

const router = require("express").Router();

//register router.post("/register", authController.registerUser); //login router.post("/login", authController.loginUser); //refresh router.post("/refresh", authController.requestRefresh);

module.exports = router;

zezung27 commented 1 year ago

router_user

const { verifyToken } = require("../controller/auth"); const userController = require("../controller/users");

const router = require("express").Router();

//get all user router.get("/user", verifyToken, userController.getAllUser);

module.exports = router;

zezung27 commented 1 year ago

Controller_Auth

const jwt = require("jsonwebtoken"); const LIST_USER_TEST = require("../database/auth");

const createToken = (user) => { const accessToken = jwt.sign(user, process.env.ACCESS_TOKEN_SECRET, { expiresIn: 60, }); const refreshToken = jwt.sign(user, process.env.REFRESH_TOKEN_SECRET, { expiresIn: "10h", }); return { accessToken, refreshToken }; };

let LIST_REFRESH = []; const authController = { verifyToken: (req, res, next) => { try { const authHeader = req.header("Authorization"); console.log(authHeader); const accessToken = authHeader && authHeader.split(" ")[1]; if (!accessToken) return res.status(401).json({ errMessage: "You are not authenticated!", codeErr: "E500", });

  jwt.verify(accessToken, process.env.ACCESS_TOKEN_SECRET, (err, user) => {
    if (err) {
      console.log(err);
      return res.status(401).json({
        errMessage: err.message ?? "forbidden",
        err,
        codeErr: err.message === "jwt expired" ? "E400" : "E500",
      });
    }

    req.user = user;
    next();
  });
} catch (error) {
  return res.status(403).json({
    error,
    errMessage: "forbidden",
    codeErr: "E500",
  });
}

},

registerUser: async (req, res) => { try { //check if username exist const lUser = LIST_USER_TEST.find((it) => it.mail === req.body.mail); if (lUser) return res.status(400).json({ errMessage: "This mail is register!", }); //need crypt password const userData = { id: LIST_USER_TEST.length + 1, mail: req.body.mail, password: req.body.password, };

  //save db
  LIST_USER_TEST.push(userData);
  res.status(200).json({
    data: userData,
  });
} catch (error) {
  console.log("err:", error);
  return res.status(500).json({
    errMessage: "Not response...",
    error,
  });
}

},

loginUser: async (req, res) => { try { // find user const user = LIST_USER_TEST.find((it) => it.mail === req.body.mail); if (!user) return res.status(400).json({ errMessage: "User or password invalid...", }); //check password if (user.password !== req.body.password) return res.status(400).json({ errMessage: "User or password invalid...", }); // create accesstoken and refreshtoken const { password, ...others } = user; const { accessToken, refreshToken } = createToken({ ...others }); // LIST_REFRESH.push(refreshToken); // res.cookie("refreshToken", refreshToken, { // httpOnly: true, // secure: false, // path: "/", // sameSite: "strict", // });

  res.status(200).json({ data: user, accessToken, refreshToken });
} catch (error) {
  console.log(error);
}

},

requestRefresh: async (req, res) => { const refreskTK = req.body.refreshToken; if (!refreskTK) return res.status(401).json({ errMessage: "you are not authenticated!", }); // if (!LIST_REFRESH.includes(refreskTK)) // return res.status(401).json({ // errMessage: "haven't refreshToken", // }); // LIST_REFRESH = LIST_REFRESH.filter((tk) => tk !== refreskTK); // console.log("refresh_token", refreskTK); jwt.verify(refreskTK, process.env.REFRESH_TOKEN_SECRET, (err, user) => { if (err) return res.status(401).json({ errMessage: "refreshToken not exist", err, }); const newUser = { username: user.username, mail: user.mail, }; const { accessToken, refreshToken } = createToken(newUser); // LIST_REFRESH.push(refreshToken); // res.cookie("refreshToken", refreshToken, { // httpOnly: true, // secure: false, // path: "/", // saneSite: "strict", // }); res.status(200).json({ accessToken, refreshToken }); }); },

userLogout: async (req, res) => { res.clearCookie("refreshToken"); LIST_REFRESH = LIST_REFRESH.filter((tk) => tk !== req.cookies.refreshToken); res.status(200).json("Logout success..."); }, };

module.exports = authController;

zezung27 commented 1 year ago

Controller_User

const LIST_USER_TEST = require("../database/auth");

const userController = { getAllUser: (req, res) => { // const user = req.user; res.status(200).json(LIST_USER_TEST); }, };

module.exports = userController;

zezung27 commented 1 year ago

db_ te st

const LIST_USER_TEST = [ { id: 0, mail: "vinhvumatlol@gmail.com", password: "123456" }, ];

module.exports = LIST_USER_TEST;