Open zezung27 opened 1 year ago
{ "name": "auth_final", "version": "1.0.0", "description": "", "main": "index.js", "scripts": { "auth": "nodemon authServer", "dev": "nodemon server", "test": "echo \"Error: no test specified\" && exit 1" }, "author": "", "license": "ISC", "dependencies": { "apollo-server-core": "^3.11.1", "apollo-server-express": "^3.11.1", "class-validator": "^0.14.0", "cookie-parser": "^1.4.6", "cors": "^2.8.5", "dotenv": "^16.0.3", "express": "^4.18.2", "graphql": "^16.6.0", "jsonwebtoken": "^9.0.0", "pg": "^8.8.0", "reflect-metadata": "^0.1.13", "type-graphql": "^1.1.1", "typeorm": "^0.3.11" }, "devDependencies": { "nodemon": "^2.0.20" } }
const authController = require("../controller/auth");
const router = require("express").Router();
//register router.post("/register", authController.registerUser); //login router.post("/login", authController.loginUser); //refresh router.post("/refresh", authController.requestRefresh);
module.exports = router;
const { verifyToken } = require("../controller/auth"); const userController = require("../controller/users");
const router = require("express").Router();
//get all user router.get("/user", verifyToken, userController.getAllUser);
module.exports = router;
const jwt = require("jsonwebtoken"); const LIST_USER_TEST = require("../database/auth");
const createToken = (user) => { const accessToken = jwt.sign(user, process.env.ACCESS_TOKEN_SECRET, { expiresIn: 60, }); const refreshToken = jwt.sign(user, process.env.REFRESH_TOKEN_SECRET, { expiresIn: "10h", }); return { accessToken, refreshToken }; };
let LIST_REFRESH = []; const authController = { verifyToken: (req, res, next) => { try { const authHeader = req.header("Authorization"); console.log(authHeader); const accessToken = authHeader && authHeader.split(" ")[1]; if (!accessToken) return res.status(401).json({ errMessage: "You are not authenticated!", codeErr: "E500", });
jwt.verify(accessToken, process.env.ACCESS_TOKEN_SECRET, (err, user) => {
if (err) {
console.log(err);
return res.status(401).json({
errMessage: err.message ?? "forbidden",
err,
codeErr: err.message === "jwt expired" ? "E400" : "E500",
});
}
req.user = user;
next();
});
} catch (error) {
return res.status(403).json({
error,
errMessage: "forbidden",
codeErr: "E500",
});
}
},
registerUser: async (req, res) => { try { //check if username exist const lUser = LIST_USER_TEST.find((it) => it.mail === req.body.mail); if (lUser) return res.status(400).json({ errMessage: "This mail is register!", }); //need crypt password const userData = { id: LIST_USER_TEST.length + 1, mail: req.body.mail, password: req.body.password, };
//save db
LIST_USER_TEST.push(userData);
res.status(200).json({
data: userData,
});
} catch (error) {
console.log("err:", error);
return res.status(500).json({
errMessage: "Not response...",
error,
});
}
},
loginUser: async (req, res) => { try { // find user const user = LIST_USER_TEST.find((it) => it.mail === req.body.mail); if (!user) return res.status(400).json({ errMessage: "User or password invalid...", }); //check password if (user.password !== req.body.password) return res.status(400).json({ errMessage: "User or password invalid...", }); // create accesstoken and refreshtoken const { password, ...others } = user; const { accessToken, refreshToken } = createToken({ ...others }); // LIST_REFRESH.push(refreshToken); // res.cookie("refreshToken", refreshToken, { // httpOnly: true, // secure: false, // path: "/", // sameSite: "strict", // });
res.status(200).json({ data: user, accessToken, refreshToken });
} catch (error) {
console.log(error);
}
},
requestRefresh: async (req, res) => { const refreskTK = req.body.refreshToken; if (!refreskTK) return res.status(401).json({ errMessage: "you are not authenticated!", }); // if (!LIST_REFRESH.includes(refreskTK)) // return res.status(401).json({ // errMessage: "haven't refreshToken", // }); // LIST_REFRESH = LIST_REFRESH.filter((tk) => tk !== refreskTK); // console.log("refresh_token", refreskTK); jwt.verify(refreskTK, process.env.REFRESH_TOKEN_SECRET, (err, user) => { if (err) return res.status(401).json({ errMessage: "refreshToken not exist", err, }); const newUser = { username: user.username, mail: user.mail, }; const { accessToken, refreshToken } = createToken(newUser); // LIST_REFRESH.push(refreshToken); // res.cookie("refreshToken", refreshToken, { // httpOnly: true, // secure: false, // path: "/", // saneSite: "strict", // }); res.status(200).json({ accessToken, refreshToken }); }); },
userLogout: async (req, res) => { res.clearCookie("refreshToken"); LIST_REFRESH = LIST_REFRESH.filter((tk) => tk !== req.cookies.refreshToken); res.status(200).json("Logout success..."); }, };
module.exports = authController;
const LIST_USER_TEST = require("../database/auth");
const userController = { getAllUser: (req, res) => { // const user = req.user; res.status(200).json(LIST_USER_TEST); }, };
module.exports = userController;
const LIST_USER_TEST = [ { id: 0, mail: "vinhvumatlol@gmail.com", password: "123456" }, ];
module.exports = LIST_USER_TEST;
require("dotenv").config(); const express = require("express"); const cookieParser = require("cookie-parser"); const cors = require("cors"); const authRouter = require("./router/auth"); const userRouter = require("./router/users");
const app = express();
app.use(express.json()); app.use(cors()); app.use(cookieParser()); //ROUTER app.use("/v1/auth", authRouter); app.use("/list", userRouter);
const PORT = process.env.PORT || 4000;
app.listen(PORT, () => console.log("server is running...."));