basic-auth-app/server.js at main · tankcodes-dev/basic-auth-app · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
const express = require("express");
const app = express();
const cors = require("cors");
const jwt = require("jsonwebtoken");
const JSW_SCERET = "iknowyourdeepestsceret";

const users = [];

//middleware
function logger(req, res, next) {
    console.log(req.hostname + req.url);
    console.log(req.method);
    next();
}

function auth(req, res, next) {
    const token = req.headers.authorization;

    if (token) {
        jwt.verify(token, JSW_SCERET, (err, decoded) => {
            if (err) {
                res.status(401).json({
                    msg: "Can't verify - Unauthorize access",
                });
            } else {
                const user = users.find(
                    (user) => user.username === decoded.username
                );
                if (user) {
                    req.user = user;
                    next();
                } else {
                    res.status(401).json({
                        msg: "UserNotFound - Unauthorize access",
                    });
                }
            }
        });
    } else {
        res.status(401).json({
            msg: "Unauthorize",
        });
    }
}

app.use(
    express.json(),
    logger,
    cors({
        origin: ["http://localhost:3001", "http://127.0.0.1:3001"],
    })
);

//routes
app.get("/", (req, res) => {
    res.sendFile(__dirname + "/public/index.html");
});
app.get("/public/:filename", (req, res) => {
    const filename = req.params.filename;
    if (filename === "style.css") {
        res.sendFile(__dirname + "/public/style.css");
        return;
    } else if (filename === "script.js") {
        res.sendFile(__dirname + "/public/script.js");
    }
});
app.get("/", (req, res) => {
    res.sendFile(__dirname + "/public/index.html");
});

app.post("/signup", (req, res) => {
    const username = req.body.username;
    const password = req.body.password;

    const user = {
        username,
        password,
    };

    users.push(user);

    res.json({
        msg: "Signed up successfully",
    });
    console.log(users);
});

app.post("/signin", (req, res) => {
    const username = req.body.username;
    const password = req.body.password;

    const user = users.find(
        (user) => user.username === username && user.password === password
    );

    if (user) {
        const token = jwt.sign({ username: username }, JSW_SCERET);
        res.json({
            token,
        });
        console.log(users);
    } else {
        res.status(403).json({
            msg: "Invalid username or password",
        });
    }
});

app.get("/me", auth, (req, res) => {
    const user = req.user;

    res.json({
        username: user.username,
        password: user.password,
    });
});

app.listen(3000, (err) => {
    console.log(`Server started at http://localhost:${3000}`);
});