-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathserver.js
91 lines (75 loc) · 2.21 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
const fs = require('fs');
const bodyParser = require('body-parser');
const jsonServer = require('json-server');
const jwt = require('jsonwebtoken');
const server = jsonServer.create();
const router = jsonServer.router('./db.json');
const port = process.env.PORT || 3004;
server.use(bodyParser.urlencoded({ extended: true }));
server.use(bodyParser.json());
server.use(jsonServer.defaults());
const SECRET_KEY = '123456789';
const expiresIn = '24h';
/**
* Create a token from a payload
* @param {Object} payload
*/
function createToken(payload) {
return jwt.sign(payload, SECRET_KEY, { expiresIn });
}
/**
* Verify the token
* @param {String} token
*/
function verifyToken(token) {
return jwt.verify(token, SECRET_KEY, (err, decode) => decode || err);
}
/**
* Check if the user exists in database
* @param {String} email
* @param {String} password
* @returns {Boolean}
*/
function isAuthenticated({ email, password }) {
const userdb = JSON.parse(fs.readFileSync('./db.json', 'UTF-8'));
return userdb.users.find(user => user.email === email && user.password === password);
}
server.post('/auth/login', (req, res) => {
const { email, password } = req.body;
const user = isAuthenticated({ email, password });
if (user) {
const userClone = Object.assign({}, user);
delete userClone.password;
const access_token = createToken(userClone);
res.status(200).json({ access_token, ...userClone });
return;
}
const status = 401;
const message = 'Incorrect email or password';
res.status(status).json({ status, message });
});
server.use(/^(?!\/auth).*$/, (req, res, next) => {
if (!req.headers.authorization || req.headers.authorization.split(' ')[0] !== 'Bearer') {
const status = 401;
const message = 'Error in authorization format';
res.status(status).json({ status, message });
return;
}
try {
verifyToken(req.headers.authorization.split(' ')[1]);
next();
} catch (err) {
const status = 401;
const message = 'Error access_token is revoked';
res.status(status).json({ status, message });
}
});
server.use(
jsonServer.rewriter({
'/auth/signup': '/users',
})
);
server.use(router);
server.listen(port, () => {
console.log('Run API Server');
});