diff --git a/__tests__/users.js b/__tests__/users.js new file mode 100644 index 000000000..d1790be76 --- /dev/null +++ b/__tests__/users.js @@ -0,0 +1,13 @@ +const { default: expectCt } = require('helmet/dist/middlewares/expect-ct') +const supertest = require('supertest') +const server= require('../api/server') +const db = require('../database/dbConfig') + +describe('auth testing',() => { + it('adds users', async () => { + const res = await supertest(server) + .post('/register') + .send({username: "hello", password: "shifnf"}) + expect(res.statusCode).toBe(201) + }) +}) \ No newline at end of file diff --git a/api/server.js b/api/server.js index c8acc0eb4..2ff590258 100644 --- a/api/server.js +++ b/api/server.js @@ -1,8 +1,10 @@ +require('dotenv').config(); + const express = require('express'); const cors = require('cors'); const helmet = require('helmet'); -const authenticate = require('../auth/authenticate-middleware.js'); +const { restrict } = require('../auth/authenticate-middleware.js'); const authRouter = require('../auth/auth-router.js'); const jokesRouter = require('../jokes/jokes-router.js'); @@ -12,7 +14,14 @@ server.use(helmet()); server.use(cors()); server.use(express.json()); -server.use('/api/auth', authRouter); -server.use('/api/jokes', authenticate, jokesRouter); +server.use(authRouter); +server.use('/api/jokes', restrict, jokesRouter); + +server.use((err, req, res, next) => { + console.log(err) + res.status(500).json({ + message: "Something went wrong", + }) +}) -module.exports = server; +module.exports = server; \ No newline at end of file diff --git a/auth/auth-router.js b/auth/auth-router.js index 2fa2c9766..abd5901a9 100644 --- a/auth/auth-router.js +++ b/auth/auth-router.js @@ -1,11 +1,75 @@ const router = require('express').Router(); -router.post('/register', (req, res) => { - // implement registration +const User = require('./users-model') + +const {restrict} = require('./authenticate-middleware') + +const bcrypt = require('bcryptjs') + +const jwt = require('jsonwebtoken') + + +router.post('/register', async (req, res, next) => { + try { + const { username, password} = req.body + + const user = await User.findBy({username}).first() + + if(user) { + return res.status(409).json({ + message: "Username is Taken" + }) + } + + const addUser = await User.add({ + username, + password: await bcrypt.hash(password, 14) + }) + + res.status(201).json(addUser) + + } catch(err) { + next(err) + } }); -router.post('/login', (req, res) => { - // implement login +router.post('/login', async (req, res) => { + try { + const { username, password} = req.body + const user = await User.findBy({username}).first() + + if (!user ) { + return res.status(401).json({ + message: "Invalid User" + }) + } + + const validPassword = await bcrypt.compare(password, user.password) + + if(!validPassword) { + return res.status(401).json({ + message: "Invalid Password" + }) + } + + //create new JSON toke with user details + + const token = jwt.sign({ + userID: user.id, + }, process.env.JWT_SECRET) + + // req.session.user = user + + // save client cookie + + res.cookie("token", token) + + res.json({ + message: `Welcome ${user.username} !!!!` + }) + } catch(err) { + + } }); module.exports = router; diff --git a/auth/authenticate-middleware.js b/auth/authenticate-middleware.js index 6ca61d0cd..2e9cf1daa 100644 --- a/auth/authenticate-middleware.js +++ b/auth/authenticate-middleware.js @@ -3,6 +3,23 @@ before granting access to the next middleware/route handler */ -module.exports = (req, res, next) => { - res.status(401).json({ you: 'shall not pass!' }); -}; +const bcrypt = require('bcryptjs') +const Users = require('./users-model') + +function restrict() { + return async (req,res,next) => { + try { + + if(!req.session || !req.user ) { + return res.status(401).json() + } + + } catch(err) { + next(err) + } + } +} + +module.exports = { + restrict +} diff --git a/auth/users-model.js b/auth/users-model.js new file mode 100644 index 000000000..253d50eb9 --- /dev/null +++ b/auth/users-model.js @@ -0,0 +1,30 @@ +const db = require('../database/dbConfig') + +async function add(user) { + const [id] = await db('users').insert(user) + return findById(id) +} + +function findById(id) { + return db('users') + .select('id', 'username') + .where({id}) + .first() +} + +function find(id) { + return db('users').select('id','username') +} + +function findBy(filter) { + return db('users') + .select('id','username','password') + .where(filter) +} + +module.exports = { + add, + findById, + find, + findBy +} \ No newline at end of file diff --git a/database/auth.db3 b/database/auth.db3 index cc6ee6d93..a89343577 100644 Binary files a/database/auth.db3 and b/database/auth.db3 differ diff --git a/index.js b/index.js index fd80bbe6d..0423d82bc 100644 --- a/index.js +++ b/index.js @@ -1,6 +1,9 @@ + + const server = require('./api/server.js'); const PORT = process.env.PORT || 3300; + server.listen(PORT, () => { console.log(`\n=== Server listening on port ${PORT} ===\n`); }); diff --git a/package.json b/package.json index 123178bc0..906324862 100644 --- a/package.json +++ b/package.json @@ -1,10 +1,16 @@ { + "private": true, "name": "nodeauth-challenge", "version": "1.0.0", "description": "Authentication Sprint Challenge", "main": "index.js", "scripts": { - "server": "nodemon index.js" + "server": "nodemon index.js", + "start": " node index.js", + "test": "jest --watch" + }, + "jest": { + "testEnvironment": "node" }, "repository": { "type": "git", @@ -19,11 +25,16 @@ "homepage": "https://github.com/LambdaSchool/Sprint-Challenge-Authentication#readme", "dependencies": { "axios": "^0.20.0", + "bcryptjs": "^2.4.3", "cors": "^2.8.5", + "dotenv": "^8.2.0", "express": "^4.17.1", "helmet": "^4.1.1", + "jest": "^26.6.3", + "jsonwebtoken": "^8.5.1", "knex": "^0.21.6", - "sqlite3": "^5.0.0" + "sqlite3": "^5.0.0", + "supertest": "^6.0.1" }, "devDependencies": { "nodemon": "^2.0.5"