-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.js
123 lines (93 loc) · 3.18 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
require('dotenv').config()
const express = require('express');
const bodyParser = require('body-parser');
const bcrypt = require("bcrypt");
const conDB = require('./config/db');
const jwt = require("jsonwebtoken");
const userModel = require('./userModel');
const app = express();
const port = process.env.PORT || 5000;
// Parse incoming requests with JSON payloads
app.use(bodyParser.json());
// Coonect to the database
conDB();
// router handlers
app.get('/home', (req, res) => {
res.status(200).json('You are welcome');
})
// Define a route that registers users to the databse
app.post('/register', async(req, res) => {
const {fullname, email, password} = req.body
// hash the password
const hashedpassword = await bcrypt.hash(password, 10);
const newUser = new userModel({
fullname,
email,
password: hashedpassword
})
const userCreated = await newUser.save()
if(!userCreated) {
console.log("user cannot be created");
return res.status(500).send("user cannot be created")
} else {
console.log("user has been created to the database");
return res.status(200).send("user has been created to the database")
}
});
// This route handles user login by authenticating the user's email and password
// and generates a JSON Web Token (JWT) for subsequent authentication of protected routes
// login route
app.post('/login', async(req, res) => {
const { email, password } = req.body;
// Find user by email
const user = await userModel.findOne({ email });
if (!user) {
// If the user doesn't exist, return an error
return res.status(401).send('Invalid email or password');
}
// Check if password is correct
const isPasswordCorrect = await bcrypt.compare(password, user.password);
if (!isPasswordCorrect) {
// If the password is incorrect, return an error
return res.status(401).send('Invalid email or password');
}
// If the email and password are correct, create a JWT token
// Secrete Key saved in .env file
const mysecretkey = process.env.SECRET_CODE;
// Payload to generate JWT
const payload = {
fullName: user.fullname,
email: user.email,
password: user.password,
};
// Create a jsonwebtoken
const token = jwt.sign(payload, mysecretkey, { expiresIn: '5d' });
// Send the token back to the client
res.status(200).json({
msg: "User is logged in",
token: token
});
});
app.get('/protected', async(req, res) => {
const token = req.headers.authorization.split(' ')[1]; // Get token from Authorization header
const mysecretkey = process.env.SECRET_CODE;
try {
// Verify token and decode payload
const decoded = jwt.verify(token, mysecretkey);
// Get user email from payload
const userEmail = decoded.email;
// Find user by email in the database
const user = await userModel.findOne({ email: userEmail });
if (user) {
res.json({ message: `Welcome ${user.fullname}! This is a protected route.` });
} else {
res.status(401).json({ error: 'Invalid token' });
}
} catch (error) {
res.status(401).json({ error: 'Invalid token' });
}
});
// Start the server
app.listen(port, () => {
console.log(`Server running at http://localhost:${port}/`);
});