init

Author: bastienwcs

Diff for: .env.sample

@@ -0,0 +1,10 @@
+SERVER_PORT=8080
+CLIENT_URL=http://localhost:3000
+
+DB_HOST=localhost
+DB_PORT=3306
+DB_USER=username for database
+DB_PASS=password for user
+DB_NAME=database name
+
+JWT_SECRET=secret to use to generate token

Diff for: .eslintrc.json

@@ -0,0 +1,19 @@
+{
+  "env": {
+    "browser": true,
+    "commonjs": true,
+    "es2021": true,
+    "jest/globals": true
+  },
+  "extends": ["airbnb-base", "prettier"],
+  "parserOptions": {
+    "ecmaVersion": 12
+  },
+  "plugins": ["jest"],
+  "ignorePatterns": ["migrations/**"],
+  "rules": {
+    "no-console": "off",
+    "camelcase": "off",
+    "no-await-in-loop": "off"
+  }
+}

Diff for: .gitignore

@@ -0,0 +1,3 @@
+node_modules
+package-lock.json
+.env

Diff for: .prettierrc.json

@@ -0,0 +1,4 @@
+{
+  "singleQuote": true,
+  "semi": true
+}

Diff for: database.js

@@ -0,0 +1,14 @@
+require("dotenv").config();
+const mysql = require("mysql");
+
+const config = {
+  host: process.env.DB_HOST,
+  port: process.env.DB_PORT,
+  user: process.env.DB_USER,
+  password: process.env.DB_PASS,
+  database: process.env.DB_NAME
+};
+
+const connection = mysql.createPool(config);
+
+module.exports = connection;

Diff for: index.js

@@ -0,0 +1,120 @@
+const express = require('express');
+const jwt = require('jsonwebtoken');
+const cors = require('cors');
+const bcrypt = require('bcrypt');
+require('dotenv').config();
+const connection = require('./database');
+
+const { SERVER_PORT, CLIENT_URL, JWT_SECRET } = process.env;
+
+const app = express();
+
+app.use(
+  cors({
+    origin: CLIENT_URL,
+  })
+);
+app.use(express.json());
+app.use(express.urlencoded({ extended: true }));
+
+// 1. Register route
+app.post('/register', (req, res) => {
+  const { email, password } = req.body;
+  if (!email || !password) {
+    res
+      .status(400)
+      .json({ errorMessage: 'Please specify both email and password' });
+  } else {
+    const hash = bcrypt.hashSync(password, 10);
+    connection.query(
+      `INSERT INTO user(email, password) VALUES (?, ?)`,
+      [email, hash],
+      (error, result) => {
+        if (error) {
+          res.status(500).json({ errorMessage: error.message });
+        } else {
+          res.status(201).json({
+            id: result.insertId,
+            email,
+          });
+        }
+      }
+    );
+  }
+});
+
+// 2. Login route
+app.post('/login', (req, res) => {
+  const { email, password } = req.body;
+  if (!email || !password) {
+    res
+      .status(400)
+      .json({ errorMessage: 'Please specify both email and password' });
+  } else {
+    connection.query(
+      `SELECT * FROM user WHERE email=?`,
+      [email],
+      (error, result) => {
+        if (error) {
+          res.status(500).json({ errorMessage: error.message });
+        } else if (result.length === 0) {
+          res.status(403).json({ errorMessage: 'Invalid email' });
+        } else if (bcrypt.compareSync(password, result[0].password)) {
+          // Passwords match
+          const user = {
+            id: result[0].id,
+            email,
+            password: 'hidden',
+          };
+          const token = jwt.sign({ id: user.id }, JWT_SECRET, {
+            expiresIn: '1 day',
+          });
+          res.status(200).json({ user, token });
+        } else {
+          // Passwords don't match
+          res.status(403).json({ errorMessage: 'Invalid password' });
+        }
+      }
+    );
+  }
+});
+
+// 3. Token middleware
+const authenticateWithJsonWebToken = (req, res, next) => {
+  if (req.headers.authorization !== undefined) {
+    const token = req.headers.authorization.split(' ')[1];
+    jwt.verify(token, JWT_SECRET, (err) => {
+      if (err) {
+        res
+          .status(401)
+          .json({ errorMessage: "you're not allowed to access these data" });
+      } else {
+        next();
+      }
+    });
+  } else {
+    res
+      .status(401)
+      .json({ errorMessage: "you're not allowed to access these data" });
+  }
+};
+
+// 4. Authenticated route
+app.get('/users', authenticateWithJsonWebToken, (req, res) => {
+  connection.query(`SELECT * FROM user`, (error, result) => {
+    if (error) {
+      res.status(500).json({ errorMessage: error.message });
+    } else {
+      res.status(200).json(
+        result.map((user) => {
+          return { ...user, password: 'hidden' };
+        })
+      );
+    }
+  });
+});
+
+// Don't write anything below this line
+app.listen(SERVER_PORT, () => {
+  console.log(`Server is running on port ${SERVER_PORT}.`);
+});

Diff for: package.json

@@ -0,0 +1,27 @@
+{
+  "name": "back-app",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "start": "nodemon index.js"
+  },
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "bcrypt": "^5.0.0",
+    "cors": "^2.8.5",
+    "dotenv": "^8.2.0",
+    "express": "^4.17.1",
+    "jsonwebtoken": "^8.5.1",
+    "mysql": "^2.18.1"
+  },
+  "devDependencies": {
+    "eslint": "^7.14.0",
+    "eslint-config-airbnb-base": "^14.2.1",
+    "eslint-config-prettier": "^6.15.0",
+    "eslint-plugin-import": "^2.22.1",
+    "eslint-plugin-jest": "^24.1.3",
+    "nodemon": "^2.0.6"
+  }
+}