From 10997e5231d4a8713ab5447c11baae4f5342d08a Mon Sep 17 00:00:00 2001 From: Elizabeth Hagag Date: Sun, 8 Nov 2020 08:06:58 -0600 Subject: [PATCH 1/5] user model setup --- auth/users-model.js | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 auth/users-model.js diff --git a/auth/users-model.js b/auth/users-model.js new file mode 100644 index 000000000..253d50eb9 --- /dev/null +++ b/auth/users-model.js @@ -0,0 +1,30 @@ +const db = require('../database/dbConfig') + +async function add(user) { + const [id] = await db('users').insert(user) + return findById(id) +} + +function findById(id) { + return db('users') + .select('id', 'username') + .where({id}) + .first() +} + +function find(id) { + return db('users').select('id','username') +} + +function findBy(filter) { + return db('users') + .select('id','username','password') + .where(filter) +} + +module.exports = { + add, + findById, + find, + findBy +} \ No newline at end of file From 53ec2ab9990cfae54a7f74bcddf89c4f08fec50e Mon Sep 17 00:00:00 2001 From: Elizabeth Hagag Date: Sun, 8 Nov 2020 09:02:20 -0600 Subject: [PATCH 2/5] added .env --- auth/auth-router.js | 67 +++++++++++++++++++++++++++++++-- auth/authenticate-middleware.js | 25 ++++++++++-- package.json | 3 ++ 3 files changed, 89 insertions(+), 6 deletions(-) diff --git a/auth/auth-router.js b/auth/auth-router.js index 2fa2c9766..69444e1a0 100644 --- a/auth/auth-router.js +++ b/auth/auth-router.js @@ -1,11 +1,72 @@ const router = require('express').Router(); -router.post('/register', (req, res) => { - // implement registration +const User = require('./users-model') + +const {restrict} = require('./authenticate-middleware') + +const bcrypt = require('bcryptjs') + +const jwt = require('jsonwebtoken') + + +router.post('/register', async (req, res, next) => { + try { + const { username, password} = req.body + + const user = await User.findBy({username}).first() + + if(user) { + return res.status(409).json({ + message: "Username is Taken" + }) + } + + const addUser = await User.add({ + username, + password: await bcrypt.hash(password, 14) + }) + + res.status(201).json(addUser) + + } catch(err) { + next(err) + } }); router.post('/login', (req, res) => { - // implement login + try { + const { username, password} = req.body + const user = await User.findBy({username}).first() + + if (!user ) { + return res.status(401).json({ + message: "Invalid User" + }) + } + + const validPassword = await bcrypt.compare(password, user.password) + + if(!validPassword) { + return res.status(401).json({ + message: "Invalid Password" + }) + } + + //create new JSON toke with user details + + const token = jwt.sign({ + userID: user.id, + + }) + + req.session.user = user + + res.json({ + message: `Welcome ${user.username} !!!!` + }) + } catch(err) { + + } }); module.exports = router; diff --git a/auth/authenticate-middleware.js b/auth/authenticate-middleware.js index 6ca61d0cd..79f883347 100644 --- a/auth/authenticate-middleware.js +++ b/auth/authenticate-middleware.js @@ -3,6 +3,25 @@ before granting access to the next middleware/route handler */ -module.exports = (req, res, next) => { - res.status(401).json({ you: 'shall not pass!' }); -}; +const bcrypt = require('bcryptjs') +const Users = require('./users-model') + +function restrict() { + return async (req,res,next) => { + try { + + if(!req.session || !req.user ) { + return res.status(401).json({ + message: "Invalid Credentials" + }) + } + + } catch(err) { + next(err) + } + } +} + +module.exports = { + restrict +} \ No newline at end of file diff --git a/package.json b/package.json index 123178bc0..1cbb4f7fe 100644 --- a/package.json +++ b/package.json @@ -19,9 +19,12 @@ "homepage": "https://github.com/LambdaSchool/Sprint-Challenge-Authentication#readme", "dependencies": { "axios": "^0.20.0", + "bcryptjs": "^2.4.3", "cors": "^2.8.5", + "dotenv": "^8.2.0", "express": "^4.17.1", "helmet": "^4.1.1", + "jsonwebtoken": "^8.5.1", "knex": "^0.21.6", "sqlite3": "^5.0.0" }, From 097e833354230d8444606f65f83537ceecd9b583 Mon Sep 17 00:00:00 2001 From: Elizabeth Hagag Date: Sun, 8 Nov 2020 09:08:45 -0600 Subject: [PATCH 3/5] auth working --- auth/auth-router.js | 9 ++++++--- index.js | 2 ++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/auth/auth-router.js b/auth/auth-router.js index 69444e1a0..5b3a76872 100644 --- a/auth/auth-router.js +++ b/auth/auth-router.js @@ -56,10 +56,13 @@ router.post('/login', (req, res) => { const token = jwt.sign({ userID: user.id, - - }) + }, process.env.JWT_SECRET) + + // req.session.user = user + + // save client cookie - req.session.user = user + res.cookie("token", token) res.json({ message: `Welcome ${user.username} !!!!` diff --git a/index.js b/index.js index fd80bbe6d..063f09284 100644 --- a/index.js +++ b/index.js @@ -1,3 +1,5 @@ +require('dotenv').config(); + const server = require('./api/server.js'); const PORT = process.env.PORT || 3300; From 7eb75550f5fee6b1c82c61f21b03313c42ee4922 Mon Sep 17 00:00:00 2001 From: Elizabeth Hagag Date: Sun, 8 Nov 2020 09:25:50 -0600 Subject: [PATCH 4/5] server running --- api/server.js | 17 +++++++++++++---- auth/auth-router.js | 2 +- auth/authenticate-middleware.js | 6 ++---- index.js | 3 ++- package.json | 4 +++- 5 files changed, 21 insertions(+), 11 deletions(-) diff --git a/api/server.js b/api/server.js index c8acc0eb4..2ff590258 100644 --- a/api/server.js +++ b/api/server.js @@ -1,8 +1,10 @@ +require('dotenv').config(); + const express = require('express'); const cors = require('cors'); const helmet = require('helmet'); -const authenticate = require('../auth/authenticate-middleware.js'); +const { restrict } = require('../auth/authenticate-middleware.js'); const authRouter = require('../auth/auth-router.js'); const jokesRouter = require('../jokes/jokes-router.js'); @@ -12,7 +14,14 @@ server.use(helmet()); server.use(cors()); server.use(express.json()); -server.use('/api/auth', authRouter); -server.use('/api/jokes', authenticate, jokesRouter); +server.use(authRouter); +server.use('/api/jokes', restrict, jokesRouter); + +server.use((err, req, res, next) => { + console.log(err) + res.status(500).json({ + message: "Something went wrong", + }) +}) -module.exports = server; +module.exports = server; \ No newline at end of file diff --git a/auth/auth-router.js b/auth/auth-router.js index 5b3a76872..abd5901a9 100644 --- a/auth/auth-router.js +++ b/auth/auth-router.js @@ -33,7 +33,7 @@ router.post('/register', async (req, res, next) => { } }); -router.post('/login', (req, res) => { +router.post('/login', async (req, res) => { try { const { username, password} = req.body const user = await User.findBy({username}).first() diff --git a/auth/authenticate-middleware.js b/auth/authenticate-middleware.js index 79f883347..2e9cf1daa 100644 --- a/auth/authenticate-middleware.js +++ b/auth/authenticate-middleware.js @@ -11,9 +11,7 @@ function restrict() { try { if(!req.session || !req.user ) { - return res.status(401).json({ - message: "Invalid Credentials" - }) + return res.status(401).json() } } catch(err) { @@ -24,4 +22,4 @@ function restrict() { module.exports = { restrict -} \ No newline at end of file +} diff --git a/index.js b/index.js index 063f09284..0423d82bc 100644 --- a/index.js +++ b/index.js @@ -1,8 +1,9 @@ -require('dotenv').config(); + const server = require('./api/server.js'); const PORT = process.env.PORT || 3300; + server.listen(PORT, () => { console.log(`\n=== Server listening on port ${PORT} ===\n`); }); diff --git a/package.json b/package.json index 1cbb4f7fe..2ad83b6ff 100644 --- a/package.json +++ b/package.json @@ -1,10 +1,12 @@ { + "private": true, "name": "nodeauth-challenge", "version": "1.0.0", "description": "Authentication Sprint Challenge", "main": "index.js", "scripts": { - "server": "nodemon index.js" + "server": "nodemon index.js", + "start": " node index.js" }, "repository": { "type": "git", From f583c72cb0daf0fb878d2a8f6187d87cad9e6392 Mon Sep 17 00:00:00 2001 From: Elizabeth Hagag Date: Sun, 8 Nov 2020 09:33:06 -0600 Subject: [PATCH 5/5] hit mvp!!!!!! --- __tests__/users.js | 13 +++++++++++++ database/auth.db3 | Bin 24576 -> 24576 bytes package.json | 10 ++++++++-- 3 files changed, 21 insertions(+), 2 deletions(-) create mode 100644 __tests__/users.js diff --git a/__tests__/users.js b/__tests__/users.js new file mode 100644 index 000000000..d1790be76 --- /dev/null +++ b/__tests__/users.js @@ -0,0 +1,13 @@ +const { default: expectCt } = require('helmet/dist/middlewares/expect-ct') +const supertest = require('supertest') +const server= require('../api/server') +const db = require('../database/dbConfig') + +describe('auth testing',() => { + it('adds users', async () => { + const res = await supertest(server) + .post('/register') + .send({username: "hello", password: "shifnf"}) + expect(res.statusCode).toBe(201) + }) +}) \ No newline at end of file diff --git a/database/auth.db3 b/database/auth.db3 index cc6ee6d93c913bdd08a9c0d42269f9e4d30d7d0d..a8934357773465d382e7b71740bbb414ae3e49f7 100644 GIT binary patch delta 251 zcmZoTz}Rqrae_1>+e8^>RyGDb`z9@VS-P4#S^5O!nwe}C@wI|moaoI^-L`d^eama p$WAHt(&J)aU|`~Z$H4!N|Ho!QgGc;AoIv-3oyWw^EXoP8007<)Nb~>z delta 68 zcmZoTz}Rqrae_1>%S0JxRu%?5oq&xg3*