Week 4

ryklovae · Feb 8, 2023 · d066fb57c7d4ba61efe2fa373b9838f8ac08d6b2 · d066fb5
1 parent be9e1e5
commit d066fb57c7d4ba61efe2fa373b9838f8ac08d6b2
Show file tree

Hide file tree

Showing 7 changed files with 245 additions and 20 deletions.
diff --git a/controllers/auth.js b/controllers/auth.js
@@ -1,7 +1,9 @@
 const passport = require('koa-passport');
 const basicAuth = require('../strategies/basic');
+const jwtAuth = require('../strategies/jwt');
 
-passport.use(basicAuth);
+//passport.use(basicAuth);
+passport.use(jwtAuth);
 
-module.exports = passport.authenticate(['basic'], {session:false});
+module.exports = passport.authenticate(['jwt'], {session:false});
 
diff --git a/fetches.js b/fetches.js
@@ -44,3 +44,51 @@ const fetchPromise = fetch('https://kiwipanel-gravitycrater-3000.codio-box.uk/ap
     method: 'DELETE'
 });
 fetchPromise.then(res => res.json()).then(res => console.log(res))
+
+const fetchPromise = fetch('https://kiwipanel-gravitycrater-3000.codio-box.uk/api/v1/users/login', {
+    method: 'POST',
+	headers: {
+		'Content-type': 'application/json'
+	},
+    body: JSON.stringify({username: "user", password: 'asd'})
+});
+fetchPromise.then(res => res.json()).then(res => console.log(res))
+
+// JWT
+// correct credentials
+const fetchPromise = fetch('https://kiwipanel-gravitycrater-3000.codio-box.uk/api/v1/users/login', {
+    method: 'POST',
+	headers: {
+		'Content-type': 'application/json'
+	},
+    body: JSON.stringify({username: "user", password: 'asd'})
+});
+fetchPromise.then(res => res.json()).then(res => console.log(res))
+
+const fetchPromise = fetch('https://kiwipanel-gravitycrater-3000.codio-box.uk/api/v1/articles', {
+    method: 'GET',
+	headers: {
+		'Content-type': 'application/json',
+        'Authorization': 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InVzZXIiLCJpYXQiOjE2NzU0NDQ1NzJ9.fY_mVuuxpidoOAzZnARyZFb14RXPa2U8ULS5EYrbcfk'
+	}
+});
+fetchPromise.then(res => res.json()).then(res => console.log(res))
+
+// incorrect username
+const fetchPromise = fetch('https://kiwipanel-gravitycrater-3000.codio-box.uk/api/v1/users/login', {
+    method: 'POST',
+	headers: {
+		'Content-type': 'application/json'
+	},
+    body: JSON.stringify({username: "eliska", password: 'asd'})
+});
+fetchPromise.then(res => res.json()).then(res => console.log(res))
+// incorrect password
+const fetchPromise = fetch('https://kiwipanel-gravitycrater-3000.codio-box.uk/api/v1/users/login', {
+    method: 'POST',
+	headers: {
+		'Content-type': 'application/json'
+	},
+    body: JSON.stringify({username: "user", password: '123'})
+});
+fetchPromise.then(res => res.json()).then(res => console.log(res))
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -14,13 +14,16 @@
   "license": "ISC",
   "dependencies": {
     "bcrypt": "^5.1.0",
+    "dotenv": "^16.0.3",
     "jsonschema": "^1.4.1",
+    "jsonwebtoken": "^9.0.0",
     "koa": "^2.14.1",
     "koa-bodyparser": "^4.3.0",
     "koa-passport": "^5.0.0",
     "koa-router": "^12.0.0",
     "mysql2": "^3.0.1",
     "passport-http": "^0.3.0",
+    "passport-jwt": "^4.0.1",
     "promise-mysql": "^5.2.0",
     "sequelize": "^6.28.0"
   }

diff --git a/routes/articles.js b/routes/articles.js
@@ -3,8 +3,8 @@ const bodyParser = require('koa-bodyparser');
 const model = require('../models/articles');
 const auth = require('../controllers/auth');
 const validator = require('../controllers/validation');
-
 const schema = require('../schemas/article.schema.js');
+
 const router = Router({prefix: '/api/v1/articles'});
 
 router.get('/', auth, getAll);

diff --git a/routes/users.js b/routes/users.js
@@ -1,6 +1,9 @@
 const Router = require('koa-router');
 const bodyParser = require('koa-bodyparser');
 const model = require('../models/users');
+const bcrypt = require('bcrypt');
+require('dotenv').config()
+const jwt = require('jsonwebtoken');
 
 const schema = require('../schemas/user.schema.js');
 const validator = require('../controllers/validation');
@@ -12,6 +15,36 @@ router.get('/asd', updatePassword);
 router.post('/', bodyParser(), validator.makeKoaValidator(schema), createUser);
 router.del('/:id([0-9]{1,})', deleteUser);
 
+router.post('/login', bodyParser(), login);
+
+async function login (ctx)  {
+  const body = ctx.request.body;
+
+  // check if user exists, password is correct
+  let user = await model.findByUsername(body.username)
+  if (user.length == 0) {
+    ctx.status = 401;
+    ctx.body = {message: "Incorrect login details"}
+  } 
+  else if (!bcrypt.compareSync(body.password, user[0].password)) {
+    ctx.status = 401;
+    ctx.body = {message: "Incorrect login details"}
+  } 
+  else {
+    const payload = {
+      username: user[0].username,
+    }
+    console.log(payload)
+
+    // create token
+    const token = jwt.sign(payload, process.env.TOKEN_SECRET)
+    console.log(token)
+
+    // return token  
+    ctx.body = {token: "Bearer " + token}  
+  }
+}
+
 async function getAllUsers(ctx) {
   let users = await model.getAll();
   console.log(users)
@@ -20,7 +53,6 @@ async function getAllUsers(ctx) {
   }
 }
 
-
 async function createUser(ctx) {
   const body = ctx.request.body;
   console.log(body)