From 190313f1b11a50e97d5a48ddafe64ac7a65591c9 Mon Sep 17 00:00:00 2001 From: xfarrow Date: Fri, 13 Oct 2023 10:37:09 +0200 Subject: [PATCH] GET User --- backend/apis/nodejs/.env | 8 +++ backend/apis/nodejs/api.js | 15 ++--- backend/apis/nodejs/api_controller.js | 80 ++++++++++++++++++++------- 3 files changed, 72 insertions(+), 31 deletions(-) create mode 100644 backend/apis/nodejs/.env diff --git a/backend/apis/nodejs/.env b/backend/apis/nodejs/.env new file mode 100644 index 0000000..334f70b --- /dev/null +++ b/backend/apis/nodejs/.env @@ -0,0 +1,8 @@ +# Blink configuration file + +API_SERVER_PORT = 3000 + +POSTGRES_SERVER = localhost +POSTGRES_USERNAME = postgres +POSTGRES_PASSWORD = postgres +POSTGRES_PORT = 5432 \ No newline at end of file diff --git a/backend/apis/nodejs/api.js b/backend/apis/nodejs/api.js index 5a680c4..1493a1e 100644 --- a/backend/apis/nodejs/api.js +++ b/backend/apis/nodejs/api.js @@ -1,5 +1,4 @@ /* - This code is part of Blink licensed under GPLv3 @@ -8,27 +7,23 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - + FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + IN THE SOFTWARE. */ -// require() always returns a function const express = require('express'); const api_controller = require('./api_controller.js'); +require('dotenv').config(); -// We can do express() because the express -// module exports a function. Exporting a function -// means making a JavaScript function defined in one -// module available for use in another module. const app = express(); -const port = 3000; +const port = process.env.API_SERVER_PORT; // Middleware which parses JSON for POST requests app.use(express.json()); app.post('/blinkapi/register', api_controller.register); - app.post('/blinkapi/login', api_controller.login); +app.get('/blinkapi/person/:id', api_controller.verifyToken, api_controller.person); // Start the server app.listen(port, () => { diff --git a/backend/apis/nodejs/api_controller.js b/backend/apis/nodejs/api_controller.js index 9fd2715..89c38ff 100644 --- a/backend/apis/nodejs/api_controller.js +++ b/backend/apis/nodejs/api_controller.js @@ -1,5 +1,4 @@ /* - This code is part of Blink licensed under GPLv3 @@ -8,24 +7,27 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING - FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - + FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + IN THE SOFTWARE. */ const bcrypt = require('bcrypt'); const crypto = require('crypto'); const pgp = require('pg-promise')(); const jwt = require('jsonwebtoken'); +require('dotenv').config(); const database_configuration = { - host: "localhost", - port: 5432, + host: process.env.POSTGRES_SERVER, + port: process.env.POSTGRES_PORT, database: "Blink", - user: "postgres", - password: "postgres" + user: process.env.POSTGRES_USERNAME, + password: process.env.POSTGRES_PASSWORD }; - const db = pgp(database_configuration); +// ======== API ENDPOINTS ======== + +// POST async function register(req, res){ const userData = req.body; @@ -83,7 +85,7 @@ async function register(req, res){ } } -// When the user logs in, the API endpoint must generate a JWT +// POST async function login(req, res){ const userData = req.body; @@ -96,7 +98,7 @@ async function login(req, res){ const person = await checkUserCredentials(userData.email, userData.password); if (person){ - const token = generateToken(person); + const token = generateToken(person.id); res.status(200).json({ token }); } else{ @@ -104,6 +106,26 @@ async function login(req, res){ } } +// GET +async function person(req, res){ + try { + const user = await db.oneOrNone('SELECT * FROM "Person" WHERE id = $1 and enabled = $2' , [req.params.id, false]); + + if(user){ + if(user.id == req.jwt.person_id || user.active == true){ + return res.status(200).send(user); + } + } + return res.status(403); + } + catch (error) { + console.log(error); + return res.status(500); + } +} + +// ======== END API ENDPOINTS ======== + async function checkUserCredentials(email, password){ try { const user = await db.oneOrNone('SELECT * FROM "Person" WHERE email = $1 and enabled = $2', [email, false]); @@ -121,24 +143,40 @@ async function checkUserCredentials(email, password){ } } -function generateToken(person) { +function generateToken(person_id) { const payload = { - id: person.id, - email: person.email, - display_name: person.display_name, - date_of_birth: person.date_of_birth, - available: person.available, - enabled: person.enabled, - place_of_living: person.place_of_living + person_id: person_id }; - // const payload = person; - const token = jwt.sign(payload, 'your-secret-key', { expiresIn: '1h' }); return token; } +// Middlware +function verifyToken(req, res, next) { + const token = req.headers.authorization; + + if (!token) { + return res.status(403).send('No token provided'); + } + + jwt.verify(token, 'your-secret-key', (err, decoded) => { + if (err) { + return res.status(401).send('Failed to authenticate token'); + } + + // If the token is valid, store the decoded data in the request object + req.jwt = decoded; + next(); + }); +} + +// Exporting a function +// means making a JavaScript function defined in one +// module available for use in another module. module.exports = { register, - login + login, + person, + verifyToken }; \ No newline at end of file