-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.js
More file actions
101 lines (91 loc) · 2.62 KB
/
Copy pathindex.js
File metadata and controls
101 lines (91 loc) · 2.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
const express = require('express')
const cors = require('cors')
const session = require('express-session')
const KnexSessionStore = require('connect-session-knex')(session)
const helmet = require('helmet')
const bcrypt = require('bcrypt')
const db = require('./database/config.js')
const server = express()
const sessionConfig = {
name: 'session',
secret: 'bees are underrated',
cookie: {
maxAge: 1000 * 60 * 60,
secure: false
},
httpOnly: true,
resave: false,
saveUninitialized: false,
store: new KnexSessionStore({
tablename: 'sessions',
sidfieldname: 'sid',
knex: db,
createtable: true,
clearInterval: 1000 * 60 * 60
})
}
server.use(express.json())
server.use(cors({ origin: 'http://localhost:3000', credentials: true }))
server.use(session(sessionConfig))
server.use(helmet())
server.use(restricted)
function restricted(req, res, next) {
if (req.url.includes('/api/restricted')) {
req.session && req.session.user ?
next() :
res.status(401).json({ message: 'scram' })
} else {
next()
}
}
server.post('/api/register', (req, res) => {
const creds = req.body
const hash = bcrypt.hashSync(creds.password, 15)
creds.password = hash
db('users')
.insert(creds)
.then(ids => res.status(201).json(ids))
.catch(err => res.status(500).json(err))
})
server.post('/api/login', (req, res) => {
const creds = req.body
db('users')
.where({ username: creds.username })
.first()
.then(user => {
if (user && bcrypt.compareSync(creds.password, user.password)) {
req.session.user = user.id
res.status(200).json({ message: 'login successful!' })
}
else {
res.status(401).json({ message: 'better luck next time >:[' })
}
})
.catch(err => res.json(err))
})
server.get('/api/restricted/users', (req, res) => {
db('users')
.select('id', 'username')
.then(users => res.json(users))
.catch(err => res.send(err))
})
server.get('/api/restricted/me', (req, res) => {
db('users')
.select('id', 'username')
.where({ id: req.session.user })
.first()
.then(user => res.json(user))
.catch(err => res.send(err))
})
server.get('/api/logout', (req, res) => {
if(req.session) {
req.session.destroy(err => {
err ?
res.send('you can never leave') :
res.send('see you next time')
})
} else {
res.end()
}
})
server.listen(3300, () => console.log('\n servin up on port 3300\n'));