WIP token

2024-01-16 04:43:39 +08:00
parent 290d0653d9
commit 7e4b2d8026
19 changed files with 534 additions and 77 deletions
--- a/consumerWebsite/database/model/apiKeyModel.js
+++ b/consumerWebsite/database/model/apiKeyModel.js
@ -5,8 +5,8 @@ const { userModel } = require("./userModel");

 sequelize.sync();
 const apikeyModel = sequelize.define(
-    "apikey",
-    {
+	"apikey",
+	{
 		id: {
 			type: DataTypes.INTEGER,
 			allowNull: true,
@ -16,39 +16,39 @@ const apikeyModel = sequelize.define(
 				isNumeric: true,
 			},
 		},
-        userid:{
-            type: DataTypes.INTEGER,
-            allowNull: false,
-            validate: {
-                isNumeric: true,
-            },
-            //fk
-            references: {
-                model: userModel,
-                key: "id",
-            },
-        },
-        apikey: {
-            type: DataTypes.STRING,
-            allowNull: false,
-            length: 255,
-            unique: true,
-            validate: {
-                notEmpty: true,
-                len: [1, 255],
-            },
-        },
-        permission: {
-            type: DataTypes.STRING,
-            allowNull: false,
-            length: 255,
-            validate: {
-                notEmpty: true,
-                len: [1, 255],
-                isIn: [['canRead' , 'canWrite']],  
-            },
-        },
-        createdAt: {
+		userid: {
+			type: DataTypes.INTEGER,
+			allowNull: false,
+			validate: {
+				isNumeric: true,
+			},
+			//fk
+			references: {
+				model: userModel,
+				key: "id",
+			},
+		},
+		apikey: {
+			type: DataTypes.STRING,
+			allowNull: false,
+			length: 255,
+			unique: true,
+			validate: {
+				notEmpty: true,
+				len: [1, 255],
+			},
+		},
+		permission: {
+			type: DataTypes.STRING,
+			allowNull: false,
+			length: 255,
+			validate: {
+				notEmpty: true,
+				len: [1, 255],
+				isIn: [["canRead", "canWrite"]],
+			},
+		},
+		createdAt: {
 			type: DataTypes.DATE,
 			allowNull: true,
 		},
@ -56,11 +56,10 @@ const apikeyModel = sequelize.define(
 			type: DataTypes.DATE,
 			allowNull: true,
 		},
-    },
-    {
-        timestamps: true,
-    }
-
-)
+	},
+	{
+		timestamps: true,
+	}
+);

 module.exports = { apikeyModel };
--- a/consumerWebsite/functions/apiDatabase.js
+++ b/consumerWebsite/functions/apiDatabase.js
@ -0,0 +1,30 @@
+const { sequelize }  = require("../database/mySql.js");
+const { apikeyModel } = require("../database/model/apikeyModel.js");
+const { userModel } = require("../database/model/userModel.js");
+const { Op, Sequelize } = require("sequelize");
+
+async function getUser() {
+        const user = await userModel.findAll();
+        return user;
+}
+
+async function addUser(user) {
+    //console.log(user);
+    await userModel.create(user);
+}
+
+async function getAPIKey() {
+    const apikey = await apikeyModel.findAll();
+    return apikey;
+}
+
+async function addAPIKey(apikey) {
+    await apikeyModel.create(apikey);
+}
+
+module.exports = {
+    getUser,
+    addUser,
+    getAPIKey,
+    addAPIKey,
+};
--- a/consumerWebsite/functions/bcrypt.js
+++ b/consumerWebsite/functions/bcrypt.js
@ -0,0 +1,37 @@
+const bcrypt = require('bcrypt');
+const saltRounds = 10;
+//https://github.com/kelektiv/node.bcrypt.js#readme
+
+
+/*
+// Load hash from your password DB.
+bcrypt.compare(myPlaintextPassword, hash, function(err, result) {
+    // result == true
+});
+bcrypt.compare(someOtherPlaintextPassword, hash, function(err, result) {
+    // result == false
+});
+*/
+
+
+/*
+//hash with salt
+bcrypt.hash(myPlaintextPassword, saltRounds, function(err, hash) {
+    // Store hash in your password DB.
+});
+
+*/
+async function hashPassword(password) {
+    return await bcrypt.hash(password, saltRounds);
+}
+
+async function hashAPIKey(apikey) {
+    return await bcrypt.hash(apikey, saltRounds);
+}
+
+
+
+module.exports = { 
+    hashPassword,
+    hashAPIKey,
+};
--- a/consumerWebsite/functions/generateUUID.js
+++ b/consumerWebsite/functions/generateUUID.js
@ -0,0 +1,17 @@
+/*
+const crypto = require('crypto');
+Calling the UUID method returns a UUID of standard length that you can use in your program.
+
+let uuid = crypto.randomUUID();
+console.log(uuid);
+
+*/
+const crypto = require('crypto');
+
+
+async function generateUUID() {
+    let uuid = crypto.randomUUID();
+    return uuid;
+}
+
+module.exports = { generateUUID };
--- a/consumerWebsite/modules/app.js
+++ b/consumerWebsite/modules/app.js
@ -12,16 +12,11 @@ app.disable("x-powered-by");
 app.use(express.json());
 app.set("json spaces", 2);

-
 //middleware logic ( called by next() )
-
-//app.use('/api/v0', require('../middleware/ApiKey.js'));
-a//pp.use('/api/v0', APIlogger, require('../routes/api_route.js'));
+//app.use('/api/v0', APIlogger, require('../routes/api_route.js'));

 //route logic
-//app.use("/api/v0", require("../routes/api_route.js"));
-
-
+app.use("/api/v0", require("../routes/api_routes")); //consumerWebsite\routes\api_routes.js

 // Catch 404 and forward to error handler. If none of the above routes are
 // used, this is what will be called.
--- a/consumerWebsite/routes/api_routes.js
+++ b/consumerWebsite/routes/api_routes.js
@ -0,0 +1,10 @@
+'use strict';
+const router = require('express').Router();
+
+router.use('/user', require('./user'));
+
+router.use('/apikey', require('./apikey'));
+
+module.exports = router;
+
+
--- a/consumerWebsite/routes/apikey.js
+++ b/consumerWebsite/routes/apikey.js
@ -0,0 +1,69 @@
+const { getAPIKey , addAPIKey } = require("../functions/apiDatabase.js");
+const { hashAPIKey } = require("../functions/bcrypt.js");
+const { generateUUID } = require("../functions/generateUUID.js");
+
+const express = require("express");
+const router = express.Router();
+
+router.get("/", async (req, res, next) => {
+	try {
+		const location = await getAPIKey();
+		res.status(200).json(location);
+	} catch (error) {
+		console.error(error);
+		next(error);
+	}
+});
+
+/*
+1) ensure user is logged in (frontend session validation blah or wtv)
+2) when user click on generate api key button, it will generate a random api key 
+3) hash the api key
+4) store the api key in database
+*/
+router.post("/new", async (req, res, next) => {
+	try {
+        let uuid = await generateUUID()
+        //attach uuid to req.body
+        req.body.apikey = uuid
+        //hash apikey
+        req.body.apikey = await hashAPIKey(req.body.apikey)
+
+        await addAPIKey(req.body);
+		res.sendStatus(200);
+
+	} catch (error) {
+		console.error(error);
+		next(error);
+	}
+});
+
+//update
+//delete
+//getbyid
+
+module.exports = router;
+
+
+/*
+async function addAPIKey(userId) {
+    let apikey = await generateUUID()
+    apikey = await hashAPIKey(req.body.apikey)
+    let token =  await apikeyModel.create({apikey, userId});
+    return `${token.id}-${apikey}`
+}
+
+
+router.post("/new", async (req, res, next) => {
+    try {
+        let apikey = await addAPIKey(req.body.userid)
+        res.json({apiKey: apikey})
+
+    } catch (error) {
+        console.error(error);
+        next(error);
+    }
+});
+
+
+*/
--- a/consumerWebsite/routes/user.js
+++ b/consumerWebsite/routes/user.js
@ -0,0 +1,42 @@
+const { getUser, addUser } = require("../functions/apiDatabase.js");
+const { hashPassword } = require("../functions/bcrypt.js");
+
+const express = require("express");
+const router = express.Router();
+
+router.get("/", async (req, res, next) => {
+	try {
+		const location = await getUser();
+		res.status(200).json(location);
+	} catch (error) {
+		console.error(error);
+		next(error);
+	}
+});
+
+/*
+1) req.body is taken from html form or wtv 
+2) bcrpyt and hash the password on the server side
+3) pass to db 
+*/
+router.post("/new", async (req, res, next) => {
+	try {
+		//pass pass to hashPassword
+		let hash = await hashPassword(req.body.password);
+		//add hash back to req.body
+		req.body.password = hash;
+		await addUser(req.body);
+		res.sendStatus(200);
+	} catch (error) {
+		console.error(error);
+		next(error);
+	}
+});
+
+
+//login
+//update
+//delete
+//getbyid
+
+module.exports = router;