Backend #1
7 changed files with 81 additions and 27 deletions
9
backend/app/config/checkFormat.config.js
Normal file
9
backend/app/config/checkFormat.config.js
Normal file
|
|
@ -0,0 +1,9 @@
|
||||||
|
const {sendError} = require ("./response.config");
|
||||||
|
|
||||||
|
function checkFormat(req, res){
|
||||||
|
if(req.get('Content-Type') !== 'application/json') {
|
||||||
|
return sendError(res, 401, -1, "Invalid header format (please use JSON)");
|
||||||
|
}
|
||||||
|
return true; // Is valid
|
||||||
|
}
|
||||||
|
module.exports = checkFormat
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
function sendMessage (res, successCode, data) {
|
function sendMessage (res, successCode, data) {
|
||||||
return res.status(200).json({ status: 'success', successCode: successCode, data: data });
|
res.status(200).json({ status: 'success', successCode: successCode, data: data });
|
||||||
}
|
}
|
||||||
|
|
||||||
function sendError (res, statusCode, errorCode, reason) {
|
function sendError (res, statusCode, errorCode, reason) {
|
||||||
return res.status(statusCode).json({ status: 'error', errorCode: errorCode, reason: reason });
|
res.status(statusCode).json({ status: 'error', errorCode: errorCode, reason: reason });
|
||||||
}
|
}
|
||||||
|
|
||||||
module.exports = { sendMessage, sendError };
|
module.exports = { sendMessage, sendError };
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
const sessionJWTConfig = require ('jsonwebtoken');
|
const sessionJWTConfig = require ('jsonwebtoken');
|
||||||
require('dotenv').config({ path: './app/.env' });
|
require('dotenv').config({ path: './app/.env' });
|
||||||
const {sendError, sendMessage} = require ("./response.config");
|
const {sendError} = require ("./response.config");
|
||||||
|
|
||||||
if(process.env.JWTRS256_PRIVATE_KEY === undefined || process.env.JWTRS256_PUBLIC_KEY === undefined){
|
if(process.env.JWTRS256_PRIVATE_KEY === undefined || process.env.JWTRS256_PUBLIC_KEY === undefined){
|
||||||
console.log('Error Env Variables');
|
console.log('Error Env Variables');
|
||||||
|
|
@ -8,8 +8,9 @@ if(process.env.JWTRS256_PRIVATE_KEY === undefined || process.env.JWTRS256_PUBLIC
|
||||||
}
|
}
|
||||||
|
|
||||||
console.log('Env variables received');
|
console.log('Env variables received');
|
||||||
const JWTRS256_PRIVATE_KEY = Buffer.from(process.env.JWTRS256_PRIVATE_KEY, 'base64');
|
const JWTRS256_PRIVATE_KEY = Buffer.from(process.env.JWTRS256_PRIVATE_KEY, 'base64').toString('utf-8');
|
||||||
const JWTRS256_PUBLIC_KEY = Buffer.from(process.env.JWTRS256_PUBLIC_KEY, 'base64');
|
const JWTRS256_PUBLIC_KEY = Buffer.from(process.env.JWTRS256_PUBLIC_KEY, 'base64').toString('utf-8');
|
||||||
|
|
||||||
|
|
||||||
function createSessionJWT (mail) {
|
function createSessionJWT (mail) {
|
||||||
return sessionJWTConfig.sign(
|
return sessionJWTConfig.sign(
|
||||||
|
|
@ -37,31 +38,50 @@ function createSessionCookie(req, res, payload) {
|
||||||
}
|
}
|
||||||
res.cookie('SESSIONID', jwtToken, {httpOnly:true, secure:false});
|
res.cookie('SESSIONID', jwtToken, {httpOnly:true, secure:false});
|
||||||
}
|
}
|
||||||
module.exports.createSessionCookie = createSessionCookie;
|
|
||||||
|
|
||||||
function decodeSessionCookie(sessionid, res) {
|
function decodeSessionCookie(sessionid) {
|
||||||
if (typeof sessionid === 'undefined') {
|
if (typeof sessionid === 'undefined') {
|
||||||
return { mail: -1 };
|
return {mail: -1};
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
const token = sessionJWTConfig.verify(
|
const token = sessionJWTConfig.verify(
|
||||||
sessionid,
|
sessionid,
|
||||||
JWTRS256_PUBLIC_KEY,
|
JWTRS256_PUBLIC_KEY,
|
||||||
{algorithms: ['RS256']});
|
{algorithms: ['RS256']});
|
||||||
return sendMessage(res,1,{token: token});
|
return {token: token};
|
||||||
}
|
}
|
||||||
catch (err) {
|
catch (err) {
|
||||||
return sendError(res,-1,{mail: -1});
|
return {mail: -1};
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
module.exports.decodeSessionCookie = decodeSessionCookie;
|
|
||||||
|
|
||||||
function getSession (sessionid, res) {
|
function getSession(sessionid) {
|
||||||
return decodeSessionCookie(sessionid, res);
|
return decodeSessionCookie(sessionid);
|
||||||
}
|
}
|
||||||
module.exports.getSession = getSession;
|
module.exports.getSession = getSession
|
||||||
|
|
||||||
function setSessionCookie (req, res, session) {
|
function setSessionCookie (req, res, session) {
|
||||||
createSessionCookie(req, res, session);
|
createSessionCookie(req, res, session);
|
||||||
}
|
}
|
||||||
module.exports.setSessionCookie = setSessionCookie;
|
module.exports.setSessionCookie = setSessionCookie;
|
||||||
|
|
||||||
|
function getMail(session) {
|
||||||
|
if (typeof session === 'undefined' || typeof session.token === 'undefined') return -1;
|
||||||
|
return session.token;
|
||||||
|
}
|
||||||
|
module.exports.getMail = getMail;
|
||||||
|
|
||||||
|
function checkLogin(req, res){
|
||||||
|
if(typeof req.cookies !== 'undefined'){
|
||||||
|
const session = getSession(req.cookies.SESSIONID);
|
||||||
|
const token = getMail(session);
|
||||||
|
if(token.mail === 'undefined' || token.mail === -1){
|
||||||
|
return sendError(res, 500, -1, "User not authenticated.");
|
||||||
|
} else{
|
||||||
|
return token;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
return sendError(res, 500, -1, "Cookies don't exist.");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
module.exports.checkLogin = checkLogin;
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,13 @@
|
||||||
const db = require("../models/mongodb.model");
|
const db = require("../models/mongodb.model");
|
||||||
const {sendError, sendMessage} = require ("../config/response.config");
|
const {sendError, sendMessage} = require ("../config/response.config");
|
||||||
|
const checkFormat = require("../config/checkFormat.config");
|
||||||
const sessionJWT = require('../config/sessionJWT.config');
|
const sessionJWT = require('../config/sessionJWT.config');
|
||||||
|
const {checkLogin} = require("../config/sessionJWT.config");
|
||||||
const User = db.users;
|
const User = db.users;
|
||||||
|
|
||||||
|
|
||||||
// Authenticate an User
|
// Authenticate an User
|
||||||
exports.auth = (req, res) => {
|
exports.auth = (req, res) => {
|
||||||
|
checkFormat(req, res);
|
||||||
// Validate request
|
// Validate request
|
||||||
if (!req.body.mail || !req.body.hashPass) {
|
if (!req.body.mail || !req.body.hashPass) {
|
||||||
sendError(res, 400,-1,"Content can not be empty ! (mail and hashPass needed)");
|
sendError(res, 400,-1,"Content can not be empty ! (mail and hashPass needed)");
|
||||||
|
|
@ -19,7 +21,7 @@ exports.auth = (req, res) => {
|
||||||
return sendMessage(res, 1, true);
|
return sendMessage(res, 1, true);
|
||||||
} else {
|
} else {
|
||||||
sessionJWT.setSessionCookie(req, res, { mail: -1 });
|
sessionJWT.setSessionCookie(req, res, { mail: -1 });
|
||||||
return sendError(res, -1, "Invalid mail or password.");
|
return sendError(res, 500, -1, "Invalid mail or password.");
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
.catch(err => {
|
.catch(err => {
|
||||||
|
|
@ -28,8 +30,19 @@ exports.auth = (req, res) => {
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// Disconnect an User
|
||||||
|
exports.disconnect = (req, res) => {
|
||||||
|
let token;
|
||||||
|
if(checkFormat(req, res) && (token = checkLogin(req, res))) {
|
||||||
|
console.log(token);
|
||||||
|
sessionJWT.setSessionCookie(req, res, {mail: -1});
|
||||||
|
return sendMessage(res, 1, {message: "User disconnected"});
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
// Create and Save a new User
|
// Create and Save a new User
|
||||||
exports.create = (req, res) => {
|
exports.create = (req, res) => {
|
||||||
|
checkFormat(req, res);
|
||||||
// Validate request
|
// Validate request
|
||||||
if (!req.body.login || !req.body.hashPass || !req.body.mail || !req.body.role) {
|
if (!req.body.login || !req.body.hashPass || !req.body.mail || !req.body.role) {
|
||||||
sendError(res, 400,-1,"Content can not be empty ! (login, hashPass, mail and role needed");
|
sendError(res, 400,-1,"Content can not be empty ! (login, hashPass, mail and role needed");
|
||||||
|
|
@ -67,20 +80,25 @@ exports.create = (req, res) => {
|
||||||
|
|
||||||
// Retrieve all Users from the database.
|
// Retrieve all Users from the database.
|
||||||
exports.findAll = (req, res) => {
|
exports.findAll = (req, res) => {
|
||||||
const login = req.query.login;
|
let token;
|
||||||
let condition = login ? { login: { $regex: new RegExp(login), $options: "i" } } : {};
|
if(checkFormat(req, res) && (token = checkLogin(req, res))){
|
||||||
|
console.log(token);
|
||||||
|
const login = req.query.login;
|
||||||
|
let condition = login ? { login: { $regex: new RegExp(login), $options: "i" } } : {};
|
||||||
|
|
||||||
User.find(condition, {hashPass: false})
|
User.find(condition, {hashPass: false})
|
||||||
.then(data => {
|
.then(data => {
|
||||||
sendMessage(res, 1, data)
|
sendMessage(res, 1, data)
|
||||||
})
|
})
|
||||||
.catch(err => {
|
.catch(err => {
|
||||||
sendError(res,500,-1,err.message || "Some error occurred while retrieving users.");
|
sendError(res,500,-1,err.message || "Some error occurred while retrieving users.");
|
||||||
});
|
});
|
||||||
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
// Find a single User with an id
|
// Find a single User with an id
|
||||||
exports.findOne = (req, res) => {
|
exports.findOne = (req, res) => {
|
||||||
|
checkFormat(req, res);
|
||||||
const id = req.params.id;
|
const id = req.params.id;
|
||||||
|
|
||||||
User.findById(id, {hashPass: false})
|
User.findById(id, {hashPass: false})
|
||||||
|
|
@ -98,6 +116,7 @@ exports.findOne = (req, res) => {
|
||||||
|
|
||||||
// Update a User by the id in the request
|
// Update a User by the id in the request
|
||||||
exports.update = (req, res) => {
|
exports.update = (req, res) => {
|
||||||
|
checkFormat(req, res);
|
||||||
if (!req.body) {
|
if (!req.body) {
|
||||||
sendError(res,400,-1,"Data to update can not be empty!");
|
sendError(res,400,-1,"Data to update can not be empty!");
|
||||||
} else{
|
} else{
|
||||||
|
|
@ -119,6 +138,7 @@ exports.update = (req, res) => {
|
||||||
|
|
||||||
// Delete a User with the specified id in the request
|
// Delete a User with the specified id in the request
|
||||||
exports.delete = (req, res) => {
|
exports.delete = (req, res) => {
|
||||||
|
checkFormat(req, res);
|
||||||
const id = req.params.id;
|
const id = req.params.id;
|
||||||
|
|
||||||
User.findByIdAndRemove(id)
|
User.findByIdAndRemove(id)
|
||||||
|
|
@ -136,6 +156,7 @@ exports.delete = (req, res) => {
|
||||||
|
|
||||||
// Delete all Users from the database.
|
// Delete all Users from the database.
|
||||||
exports.deleteAll = (req, res) => {
|
exports.deleteAll = (req, res) => {
|
||||||
|
checkFormat(req, res);
|
||||||
User.deleteMany({})
|
User.deleteMany({})
|
||||||
.then(data => {
|
.then(data => {
|
||||||
sendMessage(res, 1,{
|
sendMessage(res, 1,{
|
||||||
|
|
|
||||||
|
|
@ -14,5 +14,5 @@ module.exports = mongoose => {
|
||||||
return object;
|
return object;
|
||||||
});
|
});
|
||||||
|
|
||||||
return User = mongoose.model("user", schema);
|
return mongoose.model("user", schema);
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -23,5 +23,8 @@ module.exports = app => {
|
||||||
// Authenticate a User
|
// Authenticate a User
|
||||||
router.post("/auth", users.auth);
|
router.post("/auth", users.auth);
|
||||||
|
|
||||||
|
// Disconnect a User
|
||||||
|
router.delete("/auth/disconnect", users.disconnect);
|
||||||
|
|
||||||
app.use('/api/users', router);
|
app.use('/api/users', router);
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -16,5 +16,6 @@
|
||||||
"express": "^4.17.1",
|
"express": "^4.17.1",
|
||||||
"jsonwebtoken": "^8.5.1",
|
"jsonwebtoken": "^8.5.1",
|
||||||
"mongoose": "^6.0.12"
|
"mongoose": "^6.0.12"
|
||||||
}
|
},
|
||||||
|
"devDependencies": {}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Reference in a new issue