-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.js
221 lines (180 loc) · 6.38 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
import express from "express";
import bodyParser from "body-parser";
import pg from 'pg';
import axios from "axios";
import dotenv from 'dotenv';
import bcrypt from "bcryptjs";
import cors from "cors";
import cookieParser from "cookie-parser";
import jwt from "jsonwebtoken"
import { dirname, join } from "path";
import { fileURLToPath } from "url";
dotenv.config();
// Properly set __dirname in ES module
const __dirname = dirname(fileURLToPath(import.meta.url));
const app = express();
const port = process.env.PORT || 3000;
const saltRounds = 10;
// connecting to DB
const db = new pg.Client({
user: process.env.DB_USER_SUPABASE,
host: process.env.DB_HOST_SUPABASE,
database: 'postgres',
password: process.env.DB_PASSWORD_SUPABASE,
port: 6543
})
db.connect();
//dummy userData
let userData = [{ "id": 2, "username": "Joy", "email": "helloHi@gmail.com", "pass": "ballbatball" }]
// Middleware to parse URL-encoded data
app.use(bodyParser.urlencoded({ extended: true }));
app.use(cors());
app.use(cookieParser());
// Serve static files **only in production**
if (process.env.NODE_ENV === 'production') {
app.use(express.static(join(__dirname, "dist")));
}
const checkToken = (req, res, next) => {
const userToken = req.cookies.token;
if (userToken) {
jwt.verify(userToken, process.env.JWT_SECRET, (err, authorizedData) => {
if (err) {
console.log(err, 'could not connect to the protected route');
res.status(403).json({ message: "Invalid token" });
} else {
//token verified successfully
req.authorizedData = authorizedData;
next();
}
});
}
else {
//if header is undefined, return 403
res.sendStatus(403);
}
}
app.get("/home/user", checkToken, async (req, res) => {
const { UserId } = req.authorizedData;
console.log("Connected to protected route");
try {
const results = await db.query("SELECT * FROM users WHERE id = $1", [UserId]);
const data = {
"email": results.rows[0].email,
"username": results.rows[0].username
}
if (results.rows.length > 0) {
res.json({
message: "Successful log in",
userData: data
})
}
else {
console.log("User doesn't exist with this id");
}
}
catch (e) {
console.log(e, "error in quering user data from cookie");
}
})
app.get('/logout', (req, res) => {
res.clearCookie('token');
res.status(201).json({ message: "success logout" });
})
app.post("/register", async (req, res) => {
console.log(req.body);
const { username, email, pass } = req.body;
try {
const checkResults = await db.query("SELECT * FROM users WHERE email = $1;", [email]);
if (checkResults.rows.length > 0) {
res.status(409).send("Email already exists. Try loggin in. ");
}
else {
//hashing the password and saving it in the database
bcrypt.hash(pass, saltRounds, (err, hash) => {
if (err) {
console.log("Error hashing password:", err);
}
else {
console.log("Hashed Password:", hash);
const query = `INSERT INTO users (username, email, pass) VALUES($1, $2, $3);`
const values = [username, email, hash];
db.query(query, values, (err, result) => {
if (err) {
console.error("Error executing query", err.stack);
res.status(500).send("Error creating account");
}
else {
console.log("User inserted successfully");
res.status(201).send("Account created successfully");
}
})
}
})
}
}
catch (err) {
console.log(err);
}
})
app.post("/api/login", async (req, res) => {
const { username, pass } = req.body;
try {
const checkResults = await db.query("SELECT * FROM users WHERE username = $1;", [username]);
if (checkResults.rows.length > 0) {
//username exists so check password
const user = checkResults.rows[0];
const storedPassword = user.pass;
//verifying the password
bcrypt.compare(pass, storedPassword, (err, result) => {
if (err) {
console.log("Error comparing passwords:", err);
}
else {
if (result) {
//generate jwt token
const token = jwt.sign(
{ UserId: user.id, Username: user.username }, //payload
process.env.JWT_SECRET, //secret key to sign the token
{ expiresIn: process.env.JWT_EXPIRES_IN }
)
res.status(201).cookie('token', token, {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
sameSite: 'strict',
maxAge: 7 * 24 * 60 * 60 * 1000 //cookie valid for 7 days
}).json({ message: "success" })
}
else {
console.log("username or password is incorrect");
res.sendStatus(401);
}
}
})
}
else {
console.log("username or password is incorrect");
res.sendStatus(401);
}
}
catch (err) {
console.log(err);
}
})
// Proxy endpoint to fetch random paragraph
app.get("/api/proxy", async (req, res) => {
try {
const response = await axios.get("http://metaphorpsum.com/paragraphs/1/6");
res.json(response.data);
} catch (error) {
console.error("Error fetching data:", error);
res.status(500).send("Error fetching data");
}
});
//catch-all route for any unknown paths
app.get("*", (req, res) => {
res.sendFile(join(__dirname, "dist", "index.html"));
})
// Start the server
app.listen(port, () => {
console.log(`Server started on port ${port}`);
});