bloominstituteoftechnology · JoeyBertschler · Jan 12, 2022 · Jan 12, 2022 · Jan 12, 2022 · Jan 13, 2022
diff --git a/api/auth/auth-middleware.js b/api/auth/auth-middleware.js
@@ -1,3 +1,5 @@
+const User = require('../users/users-model')
+
 /*
   If the user does not have a session saved in the server
 
@@ -6,8 +8,14 @@
     "message": "You shall not pass!"
   }
 */
-function restricted() {
 
+function restricted(req, res, next) {
+  if (req.session.user) {
+    next()
+  } else {
+    next({ message: "You shall not pass!" })
+    console.log('restricted function in auth-middleware.js')
+  }
 }
 
 /*
@@ -18,8 +26,20 @@ function restricted() {
     "message": "Username taken"
   }
 */
-function checkUsernameFree() {
-
+async function checkUsernameFree(req, res, next) {
+  try {
+    const users = await User.findBy({ username: req.body.username })
+    if (!users.length) {
+      next()
+    }
+    else {
+      next ({ message: "Username taken", status: 422 })
+    }
+    } catch (error) {
+      //res.status(500).json({message: 'Something went wrong'})
+      next(error) //error handling middleware in server.js, if there was none
+      //it would use express's default error handling middleware and send back a 500/Internal Server Error
+    }
 }
 
 /*
@@ -30,8 +50,21 @@ function checkUsernameFree() {
     "message": "Invalid credentials"
   }
 */
-function checkUsernameExists() {
-
+async function checkUsernameExists(req, res, next) {
+    try {
+      const users = await User.findBy({ username: req.body.username })
+      if (users.length) {
+        req.user = users[0]
+        next()
+      }
+      else {
+        next ({ message: "Invalid credentials", status: 401 })
+      }
+      } catch (error) {
+        //res.status(500).json({message: 'Something went wrong'})
+        next(error) //error handling middleware in server.js, if there was none
+        //it would use express's default error handling middleware and send back a 500/Internal Server Error
+      }
 }
 
 /*
@@ -42,8 +75,18 @@ function checkUsernameExists() {
     "message": "Password must be longer than 3 chars"
   }
 */
-function checkPasswordLength() {
-
+function checkPasswordLength(req, res, next) {
+  if (!req.body.password || req.body.password.length < 4) {
+    next ({ message: "Password must be longer than 3 chars", status: 422 })
+  } else {
+  next()
+  }
 }
 
 // Don't forget to add these to the `exports` object so they can be required in other modules
+module.exports = {
+  restricted,
+  checkUsernameFree,
+  checkUsernameExists,
+  checkPasswordLength
+}
diff --git a/api/auth/auth-router.js b/api/auth/auth-router.js
@@ -1,6 +1,17 @@
 // Require `checkUsernameFree`, `checkUsernameExists` and `checkPasswordLength`
 // middleware functions from `auth-middleware.js`. You will need them here!
 
+//start with the router
+
+const router = require('express').Router()
+const bycrypt = require('bcryptjs')
+const User = require('../users/users-model')
+
+const {
+  checkUsernameFree,
+  checkUsernameExists,
+  checkPasswordLength
+} = require('./auth-middleware')
 
 /**
   1 [POST] /api/auth/register { "username": "sue", "password": "1234" }
@@ -25,6 +36,20 @@
   }
  */
 
+router.post('/register', checkUsernameFree, checkPasswordLength, (req, res, next) => {
+  //res.json('register')
+  const { username, password } = req.body
+  const hash = bycrypt.hashSync(password, 10) // this is 2^10 rounds of hashing
+
+  User.add({ username, password: hash })
+    .then(saved => {
+      res.status(201).json(saved)
+    })
+    .catch(error => {
+      next(error)
+    })
+})
+
 
 /**
   2 [POST] /api/auth/login { "username": "sue", "password": "1234" }
@@ -42,6 +67,20 @@
   }
  */
 
+  router.post('/login', checkUsernameExists, (req, res, next) => {
+    //res.json('login')
+    const { username, password } = req.body
+    if (bycrypt.compareSync(password, req.user.password) ) {
+      //make it so that the user is logged in
+      req.session.user = req.user
+      res.status(200).json({ message: `Welcome ${username}!` })
+    } else {
+      next({ status: 401, message: "Invalid credentials" })
+    }
+  })
+
+
+
 
 /**
   3 [GET] /api/auth/logout
@@ -59,5 +98,23 @@
   }
  */
 
+  router.get('/logout', (req, res, next) => {
+    //res.json('logout')
+    if (req.session.user) {
+    req.session.destroy(err=>{
+      if(err){
+        next(err)
+      } else {
+        res.status(200).json({ message: "logged out" })
+      }
+    })
+    } else {
+      res.status(200).json({ message: "no session" })
+    }
+  })
+
 
 // Don't forget to add the router to the `exports` object so it can be required in other modules
+
+module.exports = router;
+
diff --git a/api/server.js b/api/server.js
@@ -1,6 +1,11 @@
 const express = require("express");
 const helmet = require("helmet");
 const cors = require("cors");
+const usersRouter = require("./users/users-router.js");
+const authRouter = require("./auth/auth-router.js");
+const session = require("express-session");
+const Store = require("connect-session-knex")(session);
+const knex = require('../data/db-config.js');
 
 /**
   Do what needs to be done to support sessions with the `express-session` package!
@@ -17,16 +22,42 @@ const cors = require("cors");
 
 const server = express();
 
+server.use(session ({
+  name: "chocolatechip",
+  secret: "shh",
+  saveUninitialized: false,
+  resave: false,
+  store: new Store({
+    knex,//: require("../db/knex.js"),
+    createTable: true,
+    clearInterval: 1000 * 60 * 60, //clear expired sessions every hour
+    tablename: "sessions",
+    sidfieldname: "sid",
+  }),
+  cookie: {
+    maxAge: 1000 * 60 * 10, //10 minutes
+    secure: false,
+    httpOnly: true, // this means the cookie is only accessible by the server / the browser (not the client)
+    sameSite: 'none', // this means the cookie is not accessible by javascript, only by https (not http)
+    //sameSite: "lax", // this means the cookie is accessible by the server and the client
+
+  }
+}) )
 server.use(helmet());
 server.use(express.json());
 server.use(cors());
 
+
+
+server.use("/api/users", usersRouter);
+server.use("/api/auth", authRouter);
+
 server.get("/", (req, res) => {
   res.json({ api: "up" });
 });
 
 server.use((err, req, res, next) => { // eslint-disable-line
-  res.status(err.status || 500).json({
+  res.status(err.status || 401).json({
     message: err.message,
     stack: err.stack,
   });

diff --git a/api/users/users-model.js b/api/users/users-model.js
@@ -1,29 +1,40 @@
+const db = require('../../data/db-config')
+
 /**
   resolves to an ARRAY with all users, each user having { user_id, username }
  */
 function find() {
-
+  return db('users').select('user_id', 'username')
 }
 
 /**
   resolves to an ARRAY with all users that match the filter condition
  */
 function findBy(filter) {
-
+  return db('users').where(filter) // filter is an object
 }
 
 /**
   resolves to the user { user_id, username } with the given user_id
  */
 function findById(user_id) {
-
+  return db('users').where('user_id', user_id).first() //.where({ user_id })
+                    .select('user_id', 'username')
 }
 
 /**
   resolves to the newly inserted user { user_id, username }
  */
-function add(user) {
-
+async function add(user) {
+  const [id] = await db('users').insert(user) // , 'user_id')
+  return findById(id)
+ // return db('users').insert(user).returning('*')
 }
 
 // Don't forget to add these to the `exports` object so they can be required in other modules
+module.exports = {
+  find,
+  findBy,
+  findById,
+  add
+}
diff --git a/api/users/users-router.js b/api/users/users-router.js
@@ -1,5 +1,10 @@
 // Require the `restricted` middleware from `auth-middleware.js`. You will need it here!
 
+const router = require ('express').Router() // router is a function that returns an object
+//const restricted = require('./auth-middleware.js') // will check if the user is logged in
+
+const { restricted } = require('../auth/auth-middleware') // will check if the user is logged in
+const User = require('../users/users-model.js') // will check if the user is logged in
 
 /**
   [GET] /api/users
@@ -24,5 +29,19 @@
   }
  */
 
+  router.get('/', restricted, async  (req, res, next) => {
+    //res.send('Welcome to the users API!') // only one res per route
+    //res.json('users')
+    try { // try to find the user in the database
+      const users = await User.find()
+      res.json(users)
+    } catch (err) {
+      next(err)
+    } // if there is an error, call next with the error
+  })
+
 
 // Don't forget to add the router to the `exports` object so it can be required in other modules
+
+
+module.exports = router;
diff --git a/data/auth.db3 b/data/auth.db3
diff --git a/index.js b/index.js
@@ -1,7 +1,8 @@
 const server = require('./api/server.js');
 
-const PORT = process.env.PORT || 9000;
+const PORT = process.env.PORT || 5000;
 
 server.listen(PORT, () => {
   console.log(`Listening on port ${PORT}...`);
+  console.log(`test`)
 });