forked from bloominstituteoftechnology/node-auth1-project
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathserver.js
More file actions
82 lines (71 loc) · 2.11 KB
/
server.js
File metadata and controls
82 lines (71 loc) · 2.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
const express = require('express');
const helmet = require('helmet');
const cors = require('cors');
const bcrypt = require('bcryptjs');
const session = require('express-session');
const KnexSessionStore = require('connect-session-knex')(session);
const db = require('./database/dbConfig.js');
const Users = require('./users/users-module.js');
const restrictedRouter = require('./routes/restricted');
const { authenticate } = require('./Auth/authenticate');
const server = express();
const sessionConfig = {
name: 'Alpha-Romeo-Juliet',
secret: 'Check',
cookie: {
maxAge: 1000 * 60 * 60, // in ms
secure: false, // used over https only
},
httpOnly: true, // cannot access the cookie from js using document.cookie
resave: false,
saveUninitialized: false, // GDPR laws against setting cookies automatically
store: new KnexSessionStore({
knex: db,
tablename: 'sessions',
sidfieldname: 'sid',
createtable: true,
clearInterval: 1000 * 60 * 60, // in ms
}),
};
server.use(helmet());
server.use(express.json());
server.use(cors());
server.use(session(sessionConfig));
server.use('/api/restricted', authenticate, restrictedRouter);
server.get('/', (req, res) => {
res.send("It's alive!");
});
server.post('/api/register', (req, res) => {
let user = req.body;
const hash = bcrypt.hashSync(user.password, 8);
user.password = hash;
Users.add(user)
.then(saved => {
req.session.user = saved;
res.status(201).json(saved);
})
.catch(err => {
res.status(500).json(err);
});
});
server.post('/api/login', (req, res) => {
let { username, password } = req.body;
Users.findBy({ username })
.first()
.then(user => {
if (user && bcrypt.compareSync(password, user.password)) {
req.session.user = user;
res.status(200).json({ message: `Welcome ${user.username}!` });
} else {
res.status(401).json({ message: 'Invalid Credentials' });
}
});
});
server.get('/api/users', authenticate, (req, res) => {
Users.find()
.then(users => {
res.json(users);
})
.catch(err => res.send(err));
});
module.exports = server;