prepare auth api

Author: maxchistt

app.js

@@ -14,8 +14,8 @@ const app = express()
 
 app.use(express.json({ extended: true }))
 
-//app.use('/api/auth', require('./routes/auth.routes'))
-app.use('/server', require('./routes/phpserver.routes'))
+app.use('/api/auth', require('./routes/auth.routes'))
+app.use('/api/server', require('./routes/phpserver.routes'))
 
 if (httpsRedirect) app.use(httpToHttps)
 

client/src/Services/DataService.js

@@ -4,8 +4,7 @@ import Card, { checkCardsArr } from '../Cards/cardType/Card'
 export default function DataService() {
     ////////////////////////////////////////////////////////////
     var user = null
-    const nodeBackend = true
-    const baseUrl = nodeBackend ? '/server/' : 'http://php-server-notes.std-1033.ist.mospolytech.ru/'
+    const baseUrl = '/api/server/'
 
     ////////////////////////////////////////////////////////////
     function updDataServLogin(login) {
@@ -74,7 +73,7 @@ export default function DataService() {
     function checkData(data) {
         //console.log('start check data')
         try {
-            if( data === null) console.log("null data");
+            if (data === null) console.log("null data");
             return data === null || data === [] || checkCardsArr(data)
         } catch {
             return false
@@ -93,7 +92,7 @@ export default function DataService() {
                     .then((d) => {
                         let data = tryParce(d)//here we parce json
                         //console.log("[DATA] from loadData(): ", data)
-                        if(!data)console.log("empty data from server");
+                        if (!data) console.log("empty data from server");
                         if (!checkData(data)) {
                             console.error("[loadData] Bad data format")
                             console.log(data)
@@ -121,10 +120,10 @@ export default function DataService() {
                     ? Promise.reject(rej())
                     : loadData())
                     .then((d) => {
-                        if(!data)console.log("empty data to post");
-                        if(!d)console.log("empty loaded to check");
+                        if (!data) console.log("empty data to post");
+                        if (!d) console.log("empty loaded to check");
                         let pDat = data === null ? (d || []) : data
-                        if(!pDat)console.log("empty will be posted");
+                        if (!pDat) console.log("empty will be posted");
                         requestPostData(pDat).then(res, rej)
                     })
                     .catch(rej)

middleware/auth.middleware.js

@@ -0,0 +1,24 @@
+const jwt = require('jsonwebtoken')
+require('dotenv').config()
+
+module.exports = (req, res, next) => {
+  if (req.method === 'OPTIONS') {
+    return next()
+  }
+
+  try {
+
+    const token = req.headers.authorization.split(' ')[1] // "Bearer TOKEN"
+
+    if (!token) {
+      return res.status(401).json({ message: 'Нет авторизации' })
+    }
+
+    const decoded = jwt.verify(token, process.env.jwtSecret)
+    req.user = decoded
+    next()
+
+  } catch (e) {
+    res.status(401).json({ message: 'Нет авторизации' })
+  }
+}

models/User.js

@@ -0,0 +1,8 @@
+const {Schema, model, Types} = require('mongoose')
+
+const schema = new Schema({
+  email: {type: String, required: true, unique: true},
+  password: {type: String, required: true}
+})
+
+module.exports = model('User', schema)

routes/auth.routes.js

@@ -0,0 +1,94 @@
+const {Router} = require('express')
+const bcrypt = require('bcryptjs')
+require('dotenv').config()
+const jwt = require('jsonwebtoken')
+const {check, validationResult} = require('express-validator')
+const User = require('../models/User')
+const router = Router()
+
+// /api/auth/register
+router.post(
+  '/register',
+  [
+    check('email', 'Некорректный email').isEmail(),
+    check('password', 'Минимальная длина пароля 6 символов')
+      .isLength({ min: 6 })
+  ],
+  async (req, res) => {
+  try {
+    const errors = validationResult(req)
+
+    if (!errors.isEmpty()) {
+      return res.status(400).json({
+        errors: errors.array(),
+        message: 'Некорректный данные при регистрации'
+      })
+    }
+
+    const {email, password} = req.body
+
+    const candidate = await User.findOne({ email })
+
+    if (candidate) {
+      return res.status(400).json({ message: 'Такой пользователь уже существует' })
+    }
+
+    const hashedPassword = await bcrypt.hash(password, 12)
+    const user = new User({ email, password: hashedPassword })
+
+    await user.save()
+
+    res.status(201).json({ message: 'Пользователь создан' })
+
+  } catch (e) {
+    res.status(500).json({ message: 'Что-то пошло не так, попробуйте снова' })
+  }
+})
+
+// /api/auth/login
+router.post(
+  '/login',
+  [
+    check('email', 'Введите корректный email').normalizeEmail().isEmail(),
+    check('password', 'Введите пароль').exists()
+  ],
+  async (req, res) => {
+  try {
+    const errors = validationResult(req)
+
+    if (!errors.isEmpty()) {
+      return res.status(400).json({
+        errors: errors.array(),
+        message: 'Некорректный данные при входе в систему'
+      })
+    }
+
+    const {email, password} = req.body
+
+    const user = await User.findOne({ email })
+
+    if (!user) {
+      return res.status(400).json({ message: 'Пользователь не найден' })
+    }
+
+    const isMatch = await bcrypt.compare(password, user.password)
+
+    if (!isMatch) {
+      return res.status(400).json({ message: 'Неверный пароль, попробуйте снова' })
+    }
+
+    const token = jwt.sign(
+      { userId: user.id },
+      process.env.jwtSecret,
+      { expiresIn: '1h' }
+    )
+
+    res.json({ token, userId: user.id })
+
+  } catch (e) {
+    res.status(500).json({ message: 'Что-то пошло не так, попробуйте снова' })
+  }
+})
+
+
+module.exports = router

routes/phpserver.routes.js

@@ -5,6 +5,7 @@ const router = Router()
 //temporary backend url
 const phpBaseUrl = 'https://php-server-notes.herokuapp.com/'
 
+//auth not used
 router.post('/', /*auth,*/ async (req, res) => {
   try {
     //console.log("backend redirect", req.url)