added api page
added login added api.ejs added middleware for authorization check
This commit is contained in:
newtbot
@ -3,45 +3,58 @@ const { apikeyModel } = require("../database/model/apikeyModel.js");
|
||||
const { userModel } = require("../database/model/userModel.js");
|
||||
const { Op, Sequelize } = require("sequelize");
|
||||
const { generateUUID } = require("../functions/generateUUID.js");
|
||||
const { hashPassword , comparePassword , hashAPIKey } = require("../functions/bcrypt.js");
|
||||
const {
|
||||
hashPassword,
|
||||
comparePassword,
|
||||
hashAPIKey,
|
||||
} = require("../functions/bcrypt.js");
|
||||
|
||||
//helper function
|
||||
//getuser
|
||||
//api/v0/user/me
|
||||
async function getUserID(userid) {
|
||||
//console.log(userid);
|
||||
//console.log(userid.id);
|
||||
let userRes = await userModel.findByPk(userid.id, {
|
||||
attributes: {
|
||||
exclude: ["password"],
|
||||
},
|
||||
});
|
||||
|
||||
if (!userRes) return false;
|
||||
return userRes;
|
||||
|
||||
}
|
||||
|
||||
|
||||
//api/v0/user/register
|
||||
|
||||
|
||||
//api/v0/auth/register
|
||||
/* Registering new user
|
||||
1) req.body is taken from html form or wtv
|
||||
2) bcrpyt and hash the password on the server side
|
||||
3) pass to db
|
||||
*/
|
||||
async function addUser(user) {
|
||||
console.log(user);
|
||||
//hash password
|
||||
let hash = await hashPassword(user.password);
|
||||
|
||||
const addRes = await userModel.create({
|
||||
const addRes = await userModel.create({
|
||||
firstname: user.firstname,
|
||||
lastname: user.lastname,
|
||||
username: user.username,
|
||||
password: hash,
|
||||
email: user.email,
|
||||
address: user.address,
|
||||
phone: user.phone,
|
||||
});
|
||||
if (addRes){
|
||||
return true;
|
||||
}
|
||||
else{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
//add token to db
|
||||
async function addToken(userid , token) {
|
||||
console.log(userid);
|
||||
console.log(token);
|
||||
|
||||
if (addRes) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
//api/v0/auth/login
|
||||
async function loginUser(user) {
|
||||
//look up username or email in db
|
||||
const userRes = await userModel.findOne({
|
||||
@ -55,44 +68,19 @@ async function loginUser(user) {
|
||||
},
|
||||
],
|
||||
},
|
||||
})
|
||||
//if user exists
|
||||
if (userRes){
|
||||
//compare password
|
||||
let match = await comparePassword(user.password, userRes.password);
|
||||
if (match){
|
||||
console.log(userRes.id);
|
||||
console.log(userRes.username);
|
||||
});
|
||||
// Make sure user exists
|
||||
if (!userRes) return false;
|
||||
|
||||
// Compare passwords
|
||||
let match = await comparePassword(user.password, userRes.password);
|
||||
if (!match) return false;
|
||||
//console.log('loginUser', userRes.id, userRes.username);
|
||||
|
||||
//generate token
|
||||
let token = await generateUUID();
|
||||
//generate token
|
||||
let token = await addAPIKey(userRes.id, "auto-generated");
|
||||
|
||||
//add to db
|
||||
addToken(userRes.id, token);
|
||||
|
||||
|
||||
//sucessful login
|
||||
/*
|
||||
1) generate token
|
||||
2) store in db and localstorage (maybe hash it?)
|
||||
3) return userid and username and token and store in localstorage
|
||||
*/
|
||||
return { token: token, userid: userRes.id, username: userRes.username };
|
||||
}
|
||||
else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
else{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
async function getAPIKey() {
|
||||
const apikey = await apikeyModel.findAll();
|
||||
return apikey;
|
||||
return { token: token, userid: userRes.id, username: userRes.username };
|
||||
}
|
||||
|
||||
/*
|
||||
@ -103,27 +91,47 @@ async function getAPIKey() {
|
||||
5) you give the user rowid-uuidv4
|
||||
6) store in database
|
||||
*/
|
||||
|
||||
//can be used for api key or token. Both are the same logic
|
||||
async function addAPIKey(userId, permission) {
|
||||
let token = await generateUUID();
|
||||
let usertoken = userId + "-" + token;
|
||||
let apikey = await hashAPIKey(token);
|
||||
let hashtoken = await generateUUID();
|
||||
let apikey = await hashAPIKey(hashtoken);
|
||||
|
||||
console.log(token);
|
||||
console.log(apikey);
|
||||
let token = await apikeyModel.create({
|
||||
userid: userId,
|
||||
apikey: apikey,
|
||||
permission: permission,
|
||||
});
|
||||
|
||||
await apikeyModel.create({
|
||||
userid: userId,
|
||||
apikey: apikey,
|
||||
permission: permission
|
||||
});
|
||||
|
||||
|
||||
//user token with -
|
||||
return usertoken;
|
||||
//user token with - tokenid is table id
|
||||
return token.id + "-" + hashtoken;
|
||||
}
|
||||
|
||||
//api/v0/user/logout
|
||||
async function deleteUserToken(token) {
|
||||
//get row id
|
||||
let splitAuthToken = token.split("-");
|
||||
let rowid = splitAuthToken[0];
|
||||
|
||||
//console.log(rowid);
|
||||
|
||||
//delete from db
|
||||
let delRes = await apikeyModel.destroy({
|
||||
where: {
|
||||
id: rowid,
|
||||
},
|
||||
});
|
||||
|
||||
if (!delRes) return false;
|
||||
return true;
|
||||
|
||||
|
||||
|
||||
}
|
||||
module.exports = {
|
||||
getUserID,
|
||||
addUser,
|
||||
loginUser,
|
||||
addAPIKey,
|
||||
deleteUserToken,
|
||||
};
|
||||
|
||||
@ -21,6 +21,8 @@ bcrypt.hash(myPlaintextPassword, saltRounds, function(err, hash) {
|
||||
});
|
||||
|
||||
*/
|
||||
|
||||
//hash for pass or token lol doesnt matter
|
||||
async function hashPassword(password) {
|
||||
return await bcrypt.hash(password, saltRounds);
|
||||
}
|
||||
@ -29,6 +31,7 @@ async function hashAPIKey(apikey) {
|
||||
return await bcrypt.hash(apikey, saltRounds);
|
||||
}
|
||||
|
||||
//can be used to compare password or token
|
||||
async function comparePassword(password, hash) {
|
||||
return await bcrypt.compare(password, hash);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user