closes #1; | Unathorized user client REST API callings

.gitignore

@@ -13,6 +13,7 @@
 
 # misc
 .DS_Store
+.env
 .env.local
 .env.development.local
 .env.test.local

config/config.js

@@ -8,9 +8,6 @@ const config = {
   //   'mongodb://' + (process.env.IP || 'localhost') + ':' +
   //   (process.env.MONGO_PORT || '27017') +
   //   '/emarker',
-  stripe_connect_test_client_id: 'YOUR_stripe_connect_test_client',
-  stripe_test_secret_key: 'YOUR_stripe_test_secret_key',
-  stripe_test_api_key: 'YOUR_stripe_test_api_key' 
 }
 
 module.exports = config

package.json

@@ -47,7 +47,7 @@
   "scripts": {
     "dev": "concurrently --kill-others-on-fail \"npm run client\" \"npm start\"",
     "server": "cd server && node server.js",
-    "start": "node server/server.js",
+    "start": "nodemon server/server.js",
     "client": "react-scripts start",
     "build": "react-scripts build",
     "test": "react-scripts test",

server/config/config.js

@@ -8,9 +8,6 @@ const config = {
   //   'mongodb://' + (process.env.IP || 'localhost') + ':' +
   //   (process.env.MONGO_PORT || '27017') +
   //   '/emarker',
-  stripe_connect_test_client_id: 'YOUR_stripe_connect_test_client',
-  stripe_test_secret_key: 'YOUR_stripe_test_secret_key',
-  stripe_test_api_key: 'YOUR_stripe_test_api_key' 
 }
 
 module.exports = config

server/controllers/auth.controller.js

@@ -29,7 +29,7 @@ const signin = async(req, res) => {
             })
         return res.json({
                 token,
-                user: {_id: user._id, name: user.name, email: user.email, seller: user.seller}
+                user: {_id: user._id, name: user.name, email: user.email, typeUser: user.type_user}
             })
 
     }
@@ -51,11 +51,25 @@ const signout = (req, res) => {
     })
 }
 
-const requiredSign = expressJWT({
-    secret: config.jwtSecret,
-    algorithms: ['HS256'],
-    userProperty: 'auth'
-})
+const requiredAuthentication = (req, res, next) => {
+    const token = req.headers['access-token']
+    if (token) {
+        jwt.verify(token, config.jwtSecret, (err, decoded) => {
+            if (err) {
+                return res.status('401').json({
+                    error: "Token invalid!"
+                })
+            } else {
+                req.decoded = decoded
+                next()
+            }
+        })
+    } else {
+        res.status('401').json({
+            error: "UnauthorizedError. "
+        })
+    }
+}
 
 const hasAuthorization = (req, res, next) => {
     const authorized = req.profile  && req.profile._id 
@@ -72,6 +86,6 @@ module.exports = {
     signin,
     signout,
     hasAuthorization,
-    requiredSign
+    requiredAuthentication
 
 }

server/express.js

@@ -12,10 +12,11 @@ const userRouter = require('./routers/user.router')
 const productRouter = require('./routers/product.router')
 const customerRouter = require('./routers/customer.router')
 const orderRouter = require('./routers/order.router')
+const config = require('./config/config.js')
 const app = express()
 
-//comment out before building for production
-
+// JWT
+app.set('jwt', config.jwtSecret)
 // parse body params and attache them to req.body
 app.use(bodyParser.json())
 app.use(bodyParser.urlencoded({extended: true }))
@@ -28,6 +29,7 @@ app.use(cors({
 	origin: true,
 	credentials: true,
 }));
+
 //routers
 app.use('/', authRouter)
 app.use('/', userRouter)

server/routers/customer.router.js

@@ -1,7 +1,8 @@
 const express = require('express')
 const customerControl = require('./../controllers/customer.controller')
+const authControl = require('./../controllers/auth.controller')
 const router = express.Router()
 
 router.route('/api/customers')
-    .get(customerControl.list)
+    .get( authControl.requiredAuthentication, customerControl.list)
 module.exports = router

server/routers/product.router.js

@@ -1,7 +1,6 @@
 const express = require('express')
 const productControl = require('./../controllers/product.controller')
 const router = express.Router()
-
 router.route('/api/products')
     .get(productControl.list)
 	.post(productControl.create)

server/routers/user.router.js

@@ -1,15 +1,14 @@
 const express = require('express')
 const userControl = require('./../controllers/user.controller')
 const authControl = require('./../controllers/auth.controller')
-
 const router = express.Router()
 
 router.route('/api/users')
-    .get(userControl.list)
-    .post(userControl.create)
+    .get(authControl.requiredAuthentication, userControl.list)
+    .post(authControl.requiredAuthentication,userControl.create)
 router.route('/api/users/:userId')
-	.put(authControl.hasAuthorization, userControl.update)
-	.delete( authControl.hasAuthorization, userControl.remove)
+	.put(authControl.requiredAuthentication,authControl.hasAuthorization, userControl.update)
+	.delete(authControl.requiredAuthentication, authControl.hasAuthorization, userControl.remove)
 
 router.param('userId', userControl.userById)
 

src/components/auth/auth-api.js

@@ -1,6 +1,9 @@
+const API_KEY = process.env.REACT_APP_KEY_DEV
+
+
 const signin = async (user) => {
     try {
-        let response = await fetch('https://tranquil-peak-84007.herokuapp.com/auth/signin/', {
+        let response = await fetch(`${API_KEY}/auth/signin/`, {
             method: 'POST',
             headers: {
                 'Accept': 'application/json',
@@ -19,7 +22,7 @@ const signin = async (user) => {
 
 const signout = async () => {
     try {
-        let response = await fetch('https://tranquil-peak-84007.herokuapp.com/auth/signout', {method: 'GET'})
+        let response = await fetch(`${API_KEY}/auth/signout`, {method: 'GET'})
         return await response.json()
     }
     catch(err) {

src/components/customers/customer-api.js

@@ -1,10 +1,14 @@
-const customerlist = async() => {
+const API_KEY = process.env.REACT_APP_KEY_DEV
+
+const customerlist = async(credentials, signal) => {
     try {
-        let response = await fetch('https://tranquil-peak-84007.herokuapp.com/api/customers/', {
+        let response = await fetch(`${API_KEY}/api/customers/`, {
             method: 'GET',
+            signal: signal,
             headers: {
                 'Accept': 'application/json',
-                'Content-Type': 'application/json'
+                'Content-Type': 'application/json',
+                'access-token':  credentials.t
             }
         })
         return await response.json()

src/components/customers/customer.js

@@ -1,6 +1,7 @@
 import React, { useEffect, useState } from 'react'
 import Moment from 'react-moment'
 import { customerlist } from './customer-api'
+import auth from './../auth/auth-helper.js'
 import {
     TableBody,
     TableCell,
@@ -13,14 +14,15 @@ import {
 
 export default function CustomersLists(props) {
    const [customers, setCustomers] = useState([]);
+   const jwt = auth.isAuthenticated()
    useEffect(() => {
         const abortController = new AbortController()
         const signal = abortController.signal
-        customerlist({},signal)
+        customerlist({t: jwt.token}, signal)
             .then((res) => {
                 setCustomers(res)
             })
-    });
+    }, []);
     return (
         <TableBody>
         {customers.map((customer) => (

src/components/orders/orders-api.js

@@ -1,6 +1,9 @@
+const API_KEY = process.env.REACT_APP_KEY_DEV
+
+
 const recentorders = async() => {
     try {
-        let response = await fetch('https://tranquil-peak-84007.herokuapp.com/api/orders/', {
+        let response = await fetch(`${API_KEY}/api/orders/`, {
             method: 'GET',
             headers: {
                 'Accept': 'application/json',
@@ -16,7 +19,7 @@ const recentorders = async() => {
 }
 const totalsales = async() => {
     try {
-        let response = await fetch('https://tranquil-peak-84007.herokuapp.com/api/orders/total', {
+        let response = await fetch(`${API_KEY}/api/orders/total`, {
             method: 'GET',
             headers: {
                 'Accept': 'application/json',
@@ -33,7 +36,7 @@ const totalsales = async() => {
 
 const chart = async() => {
     try {
-        let response = await fetch('https://tranquil-peak-84007.herokuapp.com/api/orders/chart', {
+        let response = await fetch(`${API_KEY}/api/orders/chart`, {
             method: 'GET',
             headers: {
                 'Accept': 'application/json',

src/components/product/product-api.js

@@ -1,6 +1,8 @@
+const API_KEY = process.env.REACT_APP_KEY_DEV
+
 const  Create = async(product) => {
 	try {
-		let res = await fetch('https://tranquil-peak-84007.herokuapp.com/api/products', {
+		let res = await fetch(`${API_KEY}/api/products`, {
 			method: 'POST',
 			headers: {
 				'Accept': 'application/json',
@@ -16,7 +18,7 @@ const  Create = async(product) => {
 
 const  update = async(product, id) => {
 	try {
-		let res = await fetch('https://tranquil-peak-84007.herokuapp.com/api/products/'+id, {
+		let res = await fetch(`${API_KEY}/api/products/`+id, {
 			method: 'PUT',
 			headers: {
 				'Accept': 'application/json',
@@ -32,7 +34,7 @@ const  update = async(product, id) => {
 
 const productlist = async() => {
     try {
-        let response = await fetch('https://tranquil-peak-84007.herokuapp.com/api/products', {
+        let response = await fetch(`${API_KEY}/api/products`, {
             method: 'GET',
             headers: {
                 'Accept': 'application/json',
@@ -49,7 +51,7 @@ const productlist = async() => {
 
 const getProductBefore = async(id) => {
     try {
-        let response = await fetch('https://tranquil-peak-84007.herokuapp.com/api/products/'+id, {
+        let response = await fetch(`${API_KEY}/api/products/`+id, {
             method: 'GET',
             headers: {
                 'Accept': 'application/json',

src/components/users/RemoveUser.js

@@ -10,7 +10,7 @@ import { makeStyles } from '@material-ui/core/styles'
 import Typography from '@material-ui/core/Typography'
 import { useSnackbar } from 'notistack';
 import {remove} from './user-api.js'
-
+import auth from '../auth/auth-helper.js'
 import {
 
     IconButton
@@ -25,7 +25,7 @@ const useStyles = makeStyles((theme) => ({
 }));
  const RemoveUser = (props) => {
 	const [open, setOpen] = useState(false)
-
+  const jwt = auth.isAuthenticated()
 	const { enqueueSnackbar } = useSnackbar();
 
 
@@ -59,7 +59,7 @@ if (type === "success") {
 
 
 	const clickDelete = () => {
-		remove(props.id)
+		remove(props.id, {t: jwt.token})
 			.then((data) => {
 				if (data.error)
 				{

src/components/users/UpdateUser.js

@@ -11,7 +11,7 @@ import Autocomplete from '@material-ui/lab/Autocomplete';
 import Grid from '@material-ui/core/Grid';
 import {TextField,  IconButton} from '@material-ui/core'
 import {update} from './user-api.js'
-
+import auth from '../auth/auth-helper.js'
 const useStyles = makeStyles((theme) => ({
 	margin: {
         margin: theme.spacing(1),
@@ -25,10 +25,8 @@ const useStyles = makeStyles((theme) => ({
 }));
  const UpdateUser = (props) => {
 	const [open, setOpen] = useState(false)
-
-
-
-	const handleCloseDialog = () => {
+  const jwt = auth.isAuthenticated()
+  const handleCloseDialog = () => {
 		setOpen(false)
 	}
 	const handleOpenDialog = () => {
@@ -90,7 +88,7 @@ if (type === "success") {
       type_user: values.type_user || undefined,
       status: values.status || undefined
     }
-    update(props.id, user)
+    update(props.id, user, {t: jwt.token})
       .then((data) => {
         if(data.error)
         {