import auth related files

auth/auth.mjs

@@ -0,0 +1,80 @@
+import passport from "passport";
+import { Strategy as localStrategy } from "passport-local";
+import { encryptPwd, pwdIsValid } from "../model/model.mjs";
+import { Strategy as JWTstrategy, ExtractJwt } from "passport-jwt";
+import { userDb } from "../db.mjs";
+
+passport.use(
+  "signup",
+  new localStrategy(
+    {
+      usernameField: "username",
+      passwordField: "password",
+    },
+    async (username, password, done) => {
+      console.log("signup auth strategy has begun");
+      try {
+        const encryptedPwd = await encryptPwd(password);
+        const user = await userDb("users")
+          .insert({ username: username, password: encryptedPwd })
+          .returning(["username", "password"]);
+        console.log(`user: ${user}`);
+        return done(null, user);
+      } catch (err) {
+        console.error(err);
+        done(err);
+      }
+    },
+  ),
+);
+
+passport.use(
+  "login",
+  new localStrategy(
+    {
+      usernameField: "username",
+      passwordField: "password",
+      session: false,
+    },
+    async (email, password, done) => {
+      console.log("local strategy called");
+      try {
+        let returnedUser = await userDb("users")
+          .select("username", "password")
+          .where({ username: email });
+        const user = returnedUser[0];
+        console.log(`user: ${user}`);
+        if (!user || returnedUser.length === 0) {
+          return done(null, false, { message: "user not found" });
+        }
+
+        const validate = await pwdIsValid(password, user);
+        console.log(`isValidPassword? ${validate}`);
+
+        if (!validate) {
+          return done(null, false, { message: "wrong password" });
+        }
+
+        return done(null, user, { message: "logged in successfully" });
+      } catch (error) {
+        return done(error);
+      }
+    },
+  ),
+);
+
+passport.use(
+  new JWTstrategy(
+    {
+      secretOrKey: "TOP_SECRET",
+      jwtFromRequest: ExtractJwt.fromAuthHeaderWithScheme("secret_token"),
+    },
+    async (token, done) => {
+      try {
+        return done(null, token.user);
+      } catch (error) {
+        done(error);
+      }
+    },
+  ),
+);

curl-res

@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<title>Error</title>
+</head>
+<body>
+<pre>SyntaxError: Unexpected token &#39;e&#39;, &quot;email:demo@demo.test&quot; is not valid JSON<br> &nbsp; &nbsp;at JSON.parse (&lt;anonymous&gt;)<br> &nbsp; &nbsp;at createStrictSyntaxError (/home/andrzej/dev/sub-manager-backend/node_modules/body-parser/lib/types/json.js:169:10)<br> &nbsp; &nbsp;at parse (/home/andrzej/dev/sub-manager-backend/node_modules/body-parser/lib/types/json.js:86:15)<br> &nbsp; &nbsp;at /home/andrzej/dev/sub-manager-backend/node_modules/body-parser/lib/read.js:128:18<br> &nbsp; &nbsp;at AsyncResource.runInAsyncScope (node:async_hooks:206:9)<br> &nbsp; &nbsp;at invokeCallback (/home/andrzej/dev/sub-manager-backend/node_modules/raw-body/index.js:238:16)<br> &nbsp; &nbsp;at done (/home/andrzej/dev/sub-manager-backend/node_modules/raw-body/index.js:227:7)<br> &nbsp; &nbsp;at IncomingMessage.onEnd (/home/andrzej/dev/sub-manager-backend/node_modules/raw-body/index.js:287:7)<br> &nbsp; &nbsp;at IncomingMessage.emit (node:events:511:28)<br> &nbsp; &nbsp;at endReadableNT (node:internal/streams/readable:1367:12)</pre>
+</body>
+</html>

db.mjs

@@ -1,20 +1,24 @@
 import knex from "knex";
 
 export const db = knex({
-    client: 'sqlite3', 
+  client: "sqlite3",
-    connection: {
+  connection: {
-      filename: "./submissions"
+    filename: "./submissions.db",
-    },
+  },
-    useNullAsDefault: true
+  useNullAsDefault: true,
-  })
+});
-
+export const userDb = knex({
-  export const testDb = knex({
+  client: "sqlite3",
-    client: 'sqlite3', 
+  connection: {
-    connection: {
+    filename: "./users.db",
-      filename: "./test.db"
+  },
-    },
+  useNullAsDefault: true,
-    useNullAsDefault: true
+});
-  })
-
-
 
+export const testDb = knex({
+  client: "sqlite3",
+  connection: {
+    filename: "./test.db",
+  },
+  useNullAsDefault: true,
+});

model/model.mjs

@@ -0,0 +1,9 @@
+import bcrypt from "bcrypt";
+
+export async function encryptPwd(pwd) {
+  return Promise.resolve(bcrypt.hash(pwd, 10));
+}
+
+export async function pwdIsValid(pwd, user) {
+  return Promise.resolve(bcrypt.compare(pwd, user.password));
+}

package.json

@@ -9,16 +9,21 @@
   "author": "Andrzej Stepien",
   "license": "GPL-3.0-or-later",
   "dependencies": {
+    "bcrypt": "^5.1.1",
     "body-parser": "^1.20.2",
     "chai": "^4.3.8",
     "chai-as-promised": "^7.1.1",
     "chai-http": "^4.4.0",
     "cors": "^2.8.5",
-    "express": "^4.18.2",
+    "express": "^4.19.2",
+    "jsonwebtoken": "^9.0.2",
     "knex": "^2.5.1",
     "lodash": "^4.17.21",
     "luxon": "^3.4.3",
     "mocha": "^10.2.0",
+    "passport": "^0.7.0",
+    "passport-jwt": "^4.0.1",
+    "passport-local": "^1.0.0",
     "pino": "^8.15.0",
     "pino-http": "^8.5.0",
     "sqlite3": "^5.1.6"

server.mjs

@@ -1,36 +1,34 @@
-import express from "express"
+import express from "express";
-import pinoHTTP from 'pino-http'
+import pinoHTTP from "pino-http";
 import logger from "./logger.mjs";
 import bodyParser from "body-parser";
+import passport from "passport";
+import "./auth/auth.mjs";
 import { Data } from "./objects/Data.mjs";
 import { db } from "./db.mjs";
 import { getEndpoints, postEndpoints } from "./objects/Endpoints.mjs";
-import cors from 'cors'
+import cors from "cors";
 
-const app = express()
+const app = express();
-const port = 4000
+app.use(passport.initialize());
-const corsOptions={
+const port = 4000;
-  origin: ['http://localhost:5173']
+app.use(cors());
-}
+app.use(pinoHTTP({ logger }));
-app.use(cors())
+app.use(bodyParser.json());
-app.use(pinoHTTP({logger}))
-app.use(bodyParser.json())
-  
-
-
-
-const data = new Data(db)
-await data.init()
-
-
-app.use('/api',getEndpoints(data))
-app.use('/api',postEndpoints(db,data) )
 
+const data = new Data(db);
+await data.init();
 
+app.use("/api", getEndpoints(data));
+app.use(
+  "/api",
+  passport.authenticate("jwt", { session: false }),
+  postEndpoints(db, data),
+);
 
 app.listen(port, (err) => {
-    if (err) logger.error(err);
+  if (err) logger.error(err);
-    logger.info("Server listening on PORT " + port)
+  logger.info("Server listening on PORT " + port);
-  })
+});
 
-  export default app
+export default app;