Backend #1
9 changed files with 46 additions and 198 deletions
|
|
@ -1,9 +1,9 @@
|
|||
function sendMessage (res, successCode, data) {
|
||||
res.status(200).json({ status: 'success', successCode: successCode, data: data });
|
||||
function sendMessage (res, successCode, data, token=null) {
|
||||
res.status(200).json({ status: 'success', successCode: successCode, token: token, data: data });
|
||||
}
|
||||
|
||||
function sendError (res, statusCode, errorCode, reason) {
|
||||
res.status(statusCode).json({ status: 'error', errorCode: errorCode, reason: reason });
|
||||
function sendError (res, statusCode, errorCode, reason, token=null) {
|
||||
res.status(statusCode).json({ status: 'error', errorCode: errorCode, data: { token: token, reason: reason }});
|
||||
}
|
||||
|
||||
module.exports = { sendMessage, sendError };
|
||||
|
|
|
|||
|
|
@ -12,10 +12,11 @@ const JWTRS256_PRIVATE_KEY = Buffer.from(process.env.JWTRS256_PRIVATE_KEY, 'base
|
|||
const JWTRS256_PUBLIC_KEY = Buffer.from(process.env.JWTRS256_PUBLIC_KEY, 'base64').toString('utf-8');
|
||||
|
||||
|
||||
function createSessionJWT (mail) {
|
||||
function createSessionJWT (login, role) {
|
||||
return sessionJWTConfig.sign(
|
||||
{
|
||||
mail: mail,
|
||||
login: login,
|
||||
role: role,
|
||||
midExp: Math.floor(Date.now() / 1000) + 1800
|
||||
},
|
||||
JWTRS256_PRIVATE_KEY,
|
||||
|
|
@ -28,20 +29,21 @@ function createSessionJWT (mail) {
|
|||
|
||||
function createSessionCookie(req, res, payload) {
|
||||
let jwtToken;
|
||||
if ((typeof payload.mail !== 'undefined') &&
|
||||
(typeof payload.midExp !== 'undefined') &&
|
||||
if (typeof payload.login !== 'undefined' &&
|
||||
typeof payload.role !== 'undefined' &&
|
||||
typeof payload.midExp !== 'undefined' &&
|
||||
(Math.floor(Date.now() / 1000) <= payload.midExp)) {
|
||||
jwtToken = req.headers.cookie;
|
||||
}
|
||||
else {
|
||||
jwtToken = createSessionJWT(payload.mail);
|
||||
jwtToken = createSessionJWT(payload.login, payload.role);
|
||||
}
|
||||
res.cookie('SESSIONID', jwtToken, {httpOnly:true, secure:false});
|
||||
}
|
||||
|
||||
function decodeSessionCookie(sessionid) {
|
||||
if (typeof sessionid === 'undefined') {
|
||||
return {mail: -1};
|
||||
return {login: -1, role: -1};
|
||||
}
|
||||
try {
|
||||
const token = sessionJWTConfig.verify(
|
||||
|
|
@ -51,7 +53,7 @@ function decodeSessionCookie(sessionid) {
|
|||
return {token: token};
|
||||
}
|
||||
catch (err) {
|
||||
return {mail: -1};
|
||||
return {login: -1, role: -1};
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -65,20 +67,28 @@ function setSessionCookie (req, res, session) {
|
|||
}
|
||||
module.exports.setSessionCookie = setSessionCookie;
|
||||
|
||||
function getMail(session) {
|
||||
function getToken(session) {
|
||||
if (typeof session === 'undefined' || typeof session.token === 'undefined') return -1;
|
||||
return session.token;
|
||||
}
|
||||
module.exports.getMail = getMail;
|
||||
module.exports.getToken = getToken;
|
||||
|
||||
function checkLogin(req, res){
|
||||
function checkLogin(req, res, role=null){
|
||||
if(typeof req.cookies !== 'undefined'){
|
||||
const session = getSession(req.cookies.SESSIONID);
|
||||
const token = getMail(session);
|
||||
if(token.mail === 'undefined' || token.mail === -1){
|
||||
const token = getToken(session);
|
||||
if(token.login === 'undefined' || token.login === -1){
|
||||
return sendError(res, 500, -1, "User not authenticated.");
|
||||
} else{
|
||||
if(role === null){
|
||||
return token;
|
||||
} else{
|
||||
if(token.role !== 'undefined' && token.role === role){
|
||||
return token;
|
||||
} else{
|
||||
return sendError(res, 500, -1, "User doesn't have permission.", token);
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
return sendError(res, 500, -1, "Cookies don't exist.");
|
||||
|
|
|
|||
|
|
@ -1,117 +0,0 @@
|
|||
const db = require("../models/mongodb.model");
|
||||
const {sendError, sendMessage} = require ("../config/response.config");
|
||||
const Tutorial = db.tutorials;
|
||||
|
||||
// Create and Save a new Tutorial
|
||||
exports.create = (req, res) => {
|
||||
// Validate request
|
||||
if (!req.body.title) {
|
||||
sendError(res, 400,-1,"Content can not be empty!" );
|
||||
}
|
||||
|
||||
// Create a Tutorial
|
||||
const tutorial = new Tutorial({
|
||||
title: req.body.title,
|
||||
description: req.body.description,
|
||||
published: req.body.published ? req.body.published : false
|
||||
});
|
||||
|
||||
// Save Tutorial in the database
|
||||
tutorial
|
||||
.save(tutorial)
|
||||
.then(data => {
|
||||
sendMessage(res, 1, data)
|
||||
})
|
||||
.catch(err => {
|
||||
sendError(res, 500,-1,err.message || "Some error occurred while creating the Tutorial.");
|
||||
});
|
||||
};
|
||||
|
||||
// Retrieve all Tutorials from the database.
|
||||
exports.findAll = (req, res) => {
|
||||
const title = req.query.title;
|
||||
let condition = title ? { title: { $regex: new RegExp(title), $options: "i" } } : {};
|
||||
|
||||
Tutorial.find(condition)
|
||||
.then(data => {
|
||||
sendMessage(res, 1, data)
|
||||
})
|
||||
.catch(err => {
|
||||
sendError(res,500,-1,err.message || "Some error occurred while retrieving tutorials.");
|
||||
});
|
||||
};
|
||||
|
||||
// Find a single Tutorial with an id
|
||||
exports.findOne = (req, res) => {
|
||||
const id = req.params.id;
|
||||
|
||||
Tutorial.findById(id)
|
||||
.then(data => {
|
||||
if (!data)
|
||||
sendError(res,404,-1,"Not found Tutorial with id " + id );
|
||||
else sendMessage(res, 1, data);
|
||||
})
|
||||
.catch(err => {
|
||||
sendError(res,500,-1,err.message || "Error retrieving Tutorial with id=" + id );
|
||||
});
|
||||
};
|
||||
|
||||
// Update a Tutorial by the id in the request
|
||||
exports.update = (req, res) => {
|
||||
if (!req.body) {
|
||||
sendError(res,400,-1,"Data to update can not be empty!");
|
||||
}
|
||||
|
||||
const id = req.params.id;
|
||||
|
||||
Tutorial.findByIdAndUpdate(id, req.body, { useFindAndModify: false })
|
||||
.then(data => {
|
||||
if (!data) {
|
||||
sendError(res,404,-1,`Cannot update Tutorial with id=${id}. Maybe Tutorial was not found!`);
|
||||
} else sendMessage(res, 1, { message: "Tutorial was updated successfully." });
|
||||
})
|
||||
.catch(err => {
|
||||
sendError(res,500,-1,err.message || "Error updating Tutorial with id=" + id);
|
||||
});
|
||||
};
|
||||
|
||||
// Delete a Tutorial with the specified id in the request
|
||||
exports.delete = (req, res) => {
|
||||
const id = req.params.id;
|
||||
|
||||
Tutorial.findByIdAndRemove(id)
|
||||
.then(data => {
|
||||
if (!data) {
|
||||
sendError(res,404,-1,`Cannot delete Tutorial with id=${id}. Maybe Tutorial was not found!`);
|
||||
} else {
|
||||
sendMessage(res, 1, { message: "Tutorial was deleted successfully!" });
|
||||
}
|
||||
})
|
||||
.catch(err => {
|
||||
sendError(res,500,-1,err.message || "Could not delete Tutorial with id=" + id);
|
||||
});
|
||||
};
|
||||
|
||||
// Delete all Tutorials from the database.
|
||||
exports.deleteAll = (req, res) => {
|
||||
Tutorial.deleteMany({})
|
||||
.then(data => {
|
||||
sendMessage(res, 1, {
|
||||
message: `${data.deletedCount} Tutorials were deleted successfully!`
|
||||
});
|
||||
})
|
||||
.catch(err => {
|
||||
sendError(res,500,-1,err.message || "Some error occurred while removing all tutorials.");
|
||||
});
|
||||
};
|
||||
|
||||
// Find all published Tutorials
|
||||
exports.findAllPublished = (req, res) => {
|
||||
Tutorial.find({ published: true })
|
||||
.then(data => {
|
||||
sendMessage(res, 1, data);
|
||||
})
|
||||
.catch(err => {
|
||||
sendError(res,500,-1,err.message || "Some error occurred while retrieving tutorials.");
|
||||
});
|
||||
};
|
||||
|
|
@ -1,27 +1,26 @@
|
|||
const db = require("../models/mongodb.model");
|
||||
const {sendError, sendMessage} = require ("../config/response.config");
|
||||
const checkFormat = require("../config/checkFormat.config");
|
||||
const sessionJWT = require('../config/sessionJWT.config');
|
||||
const {checkLogin} = require("../config/sessionJWT.config");
|
||||
const {checkLogin, setSessionCookie} = require("../config/sessionJWT.config");
|
||||
const User = db.users;
|
||||
|
||||
// Authenticate an User
|
||||
exports.auth = (req, res) => {
|
||||
checkFormat(req, res);
|
||||
// Validate request
|
||||
if (!req.body.mail || !req.body.hashPass) {
|
||||
sendError(res, 400,-1,"Content can not be empty ! (mail and hashPass needed)");
|
||||
if (!req.body.login || !req.body.hashPass) {
|
||||
sendError(res, 400,-1,"Content can not be empty ! (login and hashPass needed)");
|
||||
} else{
|
||||
// Check User in the database
|
||||
User
|
||||
.findOne({mail: req.body.mail, hashPass: req.body.hashPass}, [{count: {$size: "$_id"}}])
|
||||
.findOne({login: req.body.login, hashPass: req.body.hashPass}, {role: true})
|
||||
.then(data => {
|
||||
if (data !== null){
|
||||
sessionJWT.setSessionCookie(req, res, { mail: req.body.mail });
|
||||
setSessionCookie(req, res, { login: req.body.login, role: data.role});
|
||||
return sendMessage(res, 1, true);
|
||||
} else {
|
||||
sessionJWT.setSessionCookie(req, res, { mail: -1 });
|
||||
return sendError(res, 500, -1, "Invalid mail or password.");
|
||||
setSessionCookie(req, res, { login: -1, role: -1 });
|
||||
return sendError(res, 500, -1, "Invalid login or password.");
|
||||
}
|
||||
})
|
||||
.catch(err => {
|
||||
|
|
@ -35,8 +34,8 @@ exports.disconnect = (req, res) => {
|
|||
let token;
|
||||
if(checkFormat(req, res) && (token = checkLogin(req, res))) {
|
||||
console.log(token);
|
||||
sessionJWT.setSessionCookie(req, res, {mail: -1});
|
||||
return sendMessage(res, 1, {message: "User disconnected"});
|
||||
setSessionCookie(req, res, {login: -1});
|
||||
return sendMessage(res, 1, {message: "User disconnected"}, token);
|
||||
}
|
||||
};
|
||||
|
||||
|
|
@ -44,8 +43,8 @@ exports.disconnect = (req, res) => {
|
|||
exports.create = (req, res) => {
|
||||
checkFormat(req, res);
|
||||
// Validate request
|
||||
if (!req.body.login || !req.body.hashPass || !req.body.mail || !req.body.role) {
|
||||
sendError(res, 400,-1,"Content can not be empty ! (login, hashPass, mail and role needed");
|
||||
if (!req.body.login || !req.body.hashPass || !req.body.mail) {
|
||||
sendError(res, 400,-1,"Content can not be empty ! (login, hashPass and mail needed");
|
||||
}
|
||||
else{
|
||||
User.exists({login: req.body.login}, function (err, docs){
|
||||
|
|
@ -81,17 +80,17 @@ exports.create = (req, res) => {
|
|||
// Retrieve all Users from the database.
|
||||
exports.findAll = (req, res) => {
|
||||
let token;
|
||||
if(checkFormat(req, res) && (token = checkLogin(req, res))){
|
||||
if(checkFormat(req, res) && (token = checkLogin(req, res, 10))){
|
||||
console.log(token);
|
||||
const login = req.query.login;
|
||||
let condition = login ? { login: { $regex: new RegExp(login), $options: "i" } } : {};
|
||||
|
||||
User.find(condition, {hashPass: false})
|
||||
.then(data => {
|
||||
sendMessage(res, 1, data)
|
||||
sendMessage(res, 1, data, token)
|
||||
})
|
||||
.catch(err => {
|
||||
sendError(res,500,-1,err.message || "Some error occurred while retrieving users.");
|
||||
sendError(res,500,-1,err.message || "Some error occurred while retrieving users.", token);
|
||||
});
|
||||
}
|
||||
};
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ mongoose.Promise = global.Promise;
|
|||
const db = {};
|
||||
db.mongoose = mongoose;
|
||||
db.url = dbConfig.url;
|
||||
db.tutorials = require("./tutorial.model")(mongoose);
|
||||
db.users = require("./user.model")(mongoose);
|
||||
|
||||
module.exports = db;
|
||||
|
|
|
|||
|
|
@ -1,17 +0,0 @@
|
|||
module.exports = mongoose => {
|
||||
let schema = mongoose.Schema({
|
||||
title: String,
|
||||
description: String,
|
||||
published: Boolean
|
||||
},
|
||||
{ timestamps: true }
|
||||
);
|
||||
|
||||
schema.method("toJSON", function() {
|
||||
const { __v, _id, ...object } = this.toObject();
|
||||
object.id = _id;
|
||||
return object;
|
||||
});
|
||||
|
||||
return mongoose.model("tutorial", schema);
|
||||
};
|
||||
|
|
@ -3,7 +3,10 @@ module.exports = mongoose => {
|
|||
login: String,
|
||||
hashPass: String, // WARNING: We don't want to send back the hashPass
|
||||
mail: String,
|
||||
role: Object
|
||||
role: {
|
||||
type: Number,
|
||||
default: 0
|
||||
}
|
||||
},
|
||||
{ timestamps: true }
|
||||
);
|
||||
|
|
|
|||
|
|
@ -1,28 +0,0 @@
|
|||
module.exports = app => {
|
||||
const tutorials = require("../controllers/tutorial.controller.js");
|
||||
|
||||
let router = require("express").Router();
|
||||
|
||||
// Create a new Tutorial
|
||||
router.post("/", tutorials.create);
|
||||
|
||||
// Retrieve all Tutorials
|
||||
router.get("/", tutorials.findAll);
|
||||
|
||||
// Retrieve all published Tutorials
|
||||
router.get("/published", tutorials.findAllPublished);
|
||||
|
||||
// Retrieve a single Tutorial with id
|
||||
router.get("/:id", tutorials.findOne);
|
||||
|
||||
// Update a Tutorial with id
|
||||
router.put("/:id", tutorials.update);
|
||||
|
||||
// Delete a Tutorial with id
|
||||
router.delete("/:id", tutorials.delete);
|
||||
|
||||
// Create a new Tutorial
|
||||
router.delete("/", tutorials.deleteAll);
|
||||
|
||||
app.use('/api/tutorials', router);
|
||||
};
|
||||
|
|
@ -27,7 +27,6 @@ db.mongoose
|
|||
});
|
||||
|
||||
require("./app/config/sessionJWT.config");
|
||||
require("./app/routes/tutorial.routes")(app);
|
||||
require("./app/routes/user.routes")(app);
|
||||
|
||||
app.listen(port, '0.0.0.0',() => {
|
||||
|
|
|
|||
Reference in a new issue