· 6 years ago · Sep 29, 2019, 05:16 PM
1let users = module.exports = require('express').Router();
2let tokenHelper = require('../token-helper');
3let bcrypt = require('bcrypt');
4let jwt = require('jsonwebtoken');
5
6let secretKey = 'secretKey';
7
8/**
9 * Login (localhost:3000/users/auth)
10 * We expect the user to have a correct JSON structure
11 * We expect the user to have all required fields in the JSON body, ex: { "name": "test", "password": "test"" }
12 */
13users.put('/auth', function (req, res) {
14 req.db.get('select * from users where name=?', req.body.name, async function (err, userInfo) {
15 if (Object.keys(req.body).length === 0) {
16 res.status(400).json({ error: "No body" });
17 } else if (req.body.name === '' && req.body.password === '') {
18 res.status(400).json({ error: "Empty fields" })
19 } else if (req.body.name === '') {
20 res.status(400).json({ error: "No name" })
21 } else if (req.body.password === '') {
22 res.status(400).json({ error: "No password" })
23 } else if (typeof req.body.name !== 'string') {
24 res.status(400).json({ error: "Wrong name type" })
25 } else if (typeof req.body.password !== 'string') {
26 res.status(400).json({ error: "Wrong password type" })
27 } else if (userInfo) { //User exists
28 if (await bcrypt.compare(req.body.password, userInfo.bcryptPassword)) { //Password ok
29 jwt.sign({ userInfo }, secretKey, (err, token) => {
30 res.status(200).json({
31 token
32 });
33 });
34 } else {
35 res.status(403).json({ error: "Wrong password" })
36 }
37 } else {
38 res.status(404).json({ error: "No such user" });
39 }
40 });
41});
42
43/**
44 * Get users (localhost:3000/users)
45 * Token required
46*/
47users.get('', tokenHelper.verifyToken, function (req, res) {
48 jwt.verify(req.token, secretKey, (err, userInfo) => {
49 if (err) {
50 res.status(401).json({ error: "Invalid JWT" });
51 } else {
52 req.db.all('select * from users order by level desc, name', function (err, users) {
53 if (users) res.status(200).json(users);
54 else res.status(404).json({ error: "No users in the db" });
55 });
56 }
57 });
58});
59
60/**
61 * Create new user, if the logged in user is an admin (localhost:3000/users/new)
62 * Token required
63 * We expect the user to have a correct JSON structure
64 * We expect the user to have all required fields in the JSON body, ex: { "name": "test", "password": "test", "level": 1 }
65 */
66users.post('/new', tokenHelper.verifyToken, function (req, res) {
67 jwt.verify(req.token, secretKey, (err, userInfo) => {
68 if (err) {
69 res.status(401).json({ error: "Invalid JWT" });
70 } else if (userInfo[Object.keys(userInfo)[0]].level !== 9) { //Not admin
71 res.status(403).json({ error: "Unauthorized access" });
72 } else if (Object.keys(req.body).length === 0) {
73 res.status(400).json({ error: "No body" });
74 } else if (req.body.name === '' && req.body.password === '' && req.body.level === '') {
75 res.status(400).json({ error: "Empty fields" })
76 } else if (req.body.name === '') {
77 res.status(400).json({ error: "No name" })
78 } else if (req.body.password === '') {
79 res.status(400).json({ error: "No password" })
80 } else if (req.body.level === '') {
81 res.status(400).json({ error: "No level" })
82 } else if (typeof req.body.name !== 'string') {
83 res.status(400).json({ error: "Wrong name type" })
84 } else if (typeof req.body.password !== 'string') {
85 res.status(400).json({ error: "Wrong password type" })
86 } else if (typeof req.body.level !== 'number') {
87 res.status(400).json({ error: "Wrong number type" })
88 } else if (req.body.level < 1 || req.body.level > 9) {
89 res.status(400).json({ error: "Wrong number value" })
90 } else {
91 req.db.get('select * from users where name=?', req.body.name, async function (err, user) {
92 if (user) { //User already exists
93 res.status(400).json({ error: "User already exists" });
94 } else {
95 req.db.prepare('insert into users (name, bcryptPassword, level) values (?, ?, ?)').run(req.body.name, await bcrypt.hash(req.body.password, 10), req.body.level);
96 res.status(201).json({ status: "User created" })
97 }
98 });
99 }
100 });
101});