From 1ae20955826522be27f91c44a342391c3666bf52 Mon Sep 17 00:00:00 2001 From: Raul Tarampi Date: Tue, 7 Nov 2023 10:38:19 +0100 Subject: [PATCH 1/2] not done --- .env | 3 +- app.js | 7 +++++ config/session.config.js | 25 ++++++++++++++++ middleware/route-guard.js | 25 ++++++++++++++++ models/User.model.js | 7 ++++- package.json | 3 ++ routes/auth.routes.js | 63 +++++++++++++++++++++++++++++++++++++++ routes/user.routes.js | 11 +++++++ views/auth/login.hbs | 26 ++++++++++++++++ views/auth/signup.hbs | 23 ++++++++++++++ views/layout.hbs | 58 +++++++++++++++++++++++++++-------- 11 files changed, 237 insertions(+), 14 deletions(-) create mode 100644 config/session.config.js create mode 100644 middleware/route-guard.js create mode 100644 routes/auth.routes.js create mode 100644 routes/user.routes.js create mode 100644 views/auth/login.hbs create mode 100644 views/auth/signup.hbs diff --git a/.env b/.env index c0c68b1ca0..6ed643f4b8 100644 --- a/.env +++ b/.env @@ -1 +1,2 @@ -PORT=3000 \ No newline at end of file +PORT=3000 +SESS_SECRET=supersecreto diff --git a/app.js b/app.js index 2ecc9f2220..9ef398f455 100644 --- a/app.js +++ b/app.js @@ -17,6 +17,7 @@ const app = express(); // ℹ️ This function is getting exported from the config folder. It runs most middlewares require('./config')(app); +require('./config/session.config')(app) // default value for title local const projectName = 'lab-express-basic-auth'; @@ -28,6 +29,12 @@ app.locals.title = `${capitalized(projectName)}- Generated with Ironlauncher`; const index = require('./routes/index'); app.use('/', index); +const authRoutes = require('./routes/auth.routes') +app.use('/', authRoutes) + +const userRoutes = require("./routes/user.routes") +app.use("/", userRoutes) + // ❗ To handle errors. Routes that don't exist or errors that you handle in specific routes require('./error-handling')(app); diff --git a/config/session.config.js b/config/session.config.js new file mode 100644 index 0000000000..89faf9c278 --- /dev/null +++ b/config/session.config.js @@ -0,0 +1,25 @@ +const session = require('express-session'); +const MongoStore = require('connect-mongo'); +const mongoose = require('mongoose'); + +module.exports = app => { + + app.set('trust proxy', 1); + + app.use( + session({ + secret: process.env.SESS_SECRET, + resave: true, + saveUninitialized: false, + cookie: { + sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax', + secure: process.env.NODE_ENV === 'production', + httpOnly: true, + maxAge: 600000 + }, + store: MongoStore.create({ + mongoUrl: process.env.MONGODB_URI || 'mongodb://localhost/basic-auth' + }) + }) + ); +}; \ No newline at end of file diff --git a/middleware/route-guard.js b/middleware/route-guard.js new file mode 100644 index 0000000000..be21834a9c --- /dev/null +++ b/middleware/route-guard.js @@ -0,0 +1,25 @@ +const { models } = require("mongoose") + +const isLoggedIn = (req, res, next) => { + if (req.session.currentUser) { + next() + } + else { + res.redirect('/login') + } +} + + +const isLoggedOut = (req, res, next) => { + if (!req.session.currentUser) { + next() + } + else { + res.redirect('/') + } +} + +module.exports = { + isLoggedIn, + isLoggedOut +} \ No newline at end of file diff --git a/models/User.model.js b/models/User.model.js index 9cdd3a3ce4..0d0e2b4a0e 100644 --- a/models/User.model.js +++ b/models/User.model.js @@ -4,9 +4,14 @@ const { Schema, model } = require("mongoose"); const userSchema = new Schema({ username: { type: String, + trim: true, + required: [true, 'Username Required'], unique: true }, - password: String + password: { + type: String, + required: [true, 'No password inserted'] + } }); const User = model("User", userSchema); diff --git a/package.json b/package.json index 19489d9695..787f92d140 100644 --- a/package.json +++ b/package.json @@ -7,9 +7,12 @@ "dev": "nodemon server.js" }, "dependencies": { + "bcryptjs": "^2.4.3", + "connect-mongo": "^5.1.0", "cookie-parser": "^1.4.5", "dotenv": "^8.2.0", "express": "^4.17.1", + "express-session": "^1.17.3", "hbs": "^4.1.1", "mongoose": "^6.1.2", "morgan": "^1.10.0", diff --git a/routes/auth.routes.js b/routes/auth.routes.js new file mode 100644 index 0000000000..5e106810c7 --- /dev/null +++ b/routes/auth.routes.js @@ -0,0 +1,63 @@ +const express = require('express') +const router = express.Router() + +const bcrypt = require('bcryptjs') +const User = require('./../models/User.model') +const saltRounds = 10 + +const { isLoggedOut } = require('../middleware/route-guard') + +router.get('/register', isLoggedOut, (req, res) => { + res.render('auth/signup') +}) + +router.post('/register', isLoggedOut, (req, res, next) =>{ + + const{ username, plainPassword} = req.body + + + bcrypt + .genSalt(saltRounds) + .then(salt => bcrypt.hash(plainPassword, salt)) + .then(passwordHash => User.create({username, passwordHash})) + .then(() => res.redirect('/login')) + .catch(err => next(err)) +}) + +router.get('/login', isLoggedOut, (req, res) =>{ + res.render('auth/login') +}) + +router.post('/login', isLoggedOut, (req, res, next) => { + const { username, password } = req.body + + if(username.length === 0 || password.length === 0){ + res.render('auth/login', { errorMessage: 'Required'}) + return + } + + User + .findOne({username}) + .then(foundUser => { + if(!foundUser){ + res.render('auth/login', {errorMessage:'Username not registered'}) + return + } + if (bcrypt.compareSync(password, foundUser.password) === false) { + res.render('auth/login', { errorMessage: 'Try again' }) + return + } + + req.session.currentUser = foundUser + console.log('Welcome to hell', req.session) + res.redirect('/') + }) + .catch(err => next(err)) +}) + +router.get('/logout', (req, res) => { + req.session.destroy(() => res.redirect('/')) +}) + +module.exports = router; + diff --git a/routes/user.routes.js b/routes/user.routes.js new file mode 100644 index 0000000000..9f06b09610 --- /dev/null +++ b/routes/user.routes.js @@ -0,0 +1,11 @@ +const express = require('express') +const router = express.Router() + +const { isLoggedIn } = require('../middleware/route-guard') + +router.get('/profile', isLoggedIn, (req, res) =>{ + res.render('user/profile', { user: req.session.currentUser}) + +}) + +module.exports = router \ No newline at end of file diff --git a/views/auth/login.hbs b/views/auth/login.hbs new file mode 100644 index 0000000000..2d6544c90c --- /dev/null +++ b/views/auth/login.hbs @@ -0,0 +1,26 @@ +
+
+
+

Access

+
+
+
+ + +
+
+ + +
+ + {{#if errorMessage}} +

{{errorMessage}}

+ {{/if}} + +
+ +
+
+
+
+
\ No newline at end of file diff --git a/views/auth/signup.hbs b/views/auth/signup.hbs new file mode 100644 index 0000000000..c3e1eb9b62 --- /dev/null +++ b/views/auth/signup.hbs @@ -0,0 +1,23 @@ +
+
+
+

Register

+
+
+
+ + +
No trolling pls!
+
+
+ + +
Mínimo 4 caracteres.
+
+
+ +
+
+
+
+
- - - - - {{title}} - - + + + + + {{appTitle}} + + + - + - {{{body}}} + - - - \ No newline at end of file + {{{body}}} + + + + + + + Date: Mon, 15 Apr 2024 20:53:19 +0200 Subject: [PATCH 2/2] done --- config/session.config.js | 4 +- db/index.js | 2 +- models/User.model.js | 1 + package.json | 4 +- routes/auth.routes.js | 83 ++++++++++++++++++++-------------------- views/auth/signup.hbs | 2 +- 6 files changed, 48 insertions(+), 48 deletions(-) diff --git a/config/session.config.js b/config/session.config.js index 89faf9c278..8f55440304 100644 --- a/config/session.config.js +++ b/config/session.config.js @@ -15,10 +15,10 @@ module.exports = app => { sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax', secure: process.env.NODE_ENV === 'production', httpOnly: true, - maxAge: 600000 + maxAge: 1000 }, store: MongoStore.create({ - mongoUrl: process.env.MONGODB_URI || 'mongodb://localhost/basic-auth' + mongoUrl: process.env.MONGODB_URI || "mongodb://127.0.0.1:27017/lab-express-basic-auth" }) }) ); diff --git a/db/index.js b/db/index.js index 5da532b6ee..89b32ae466 100644 --- a/db/index.js +++ b/db/index.js @@ -6,7 +6,7 @@ const mongoose = require("mongoose"); // If no env has been set, we dynamically set it to whatever the folder name was upon the creation of the app const MONGO_URI = process.env.MONGODB_URI || "mongodb://127.0.0.1:27017/lab-express-basic-auth"; - +// mongodb://0.0.0.0:27017 mongoose .connect(MONGO_URI) .then((x) => { diff --git a/models/User.model.js b/models/User.model.js index 0d0e2b4a0e..fc4f279fe3 100644 --- a/models/User.model.js +++ b/models/User.model.js @@ -1,5 +1,6 @@ const { Schema, model } = require("mongoose"); + // TODO: Please make sure you edit the user model to whatever makes sense in this case const userSchema = new Schema({ username: { diff --git a/package.json b/package.json index 787f92d140..c518562335 100644 --- a/package.json +++ b/package.json @@ -4,7 +4,7 @@ "private": true, "scripts": { "start": "node server.js", - "dev": "nodemon server.js" + "dev": "nodemon server.js -e js, hbs" }, "dependencies": { "bcryptjs": "^2.4.3", @@ -12,7 +12,7 @@ "cookie-parser": "^1.4.5", "dotenv": "^8.2.0", "express": "^4.17.1", - "express-session": "^1.17.3", + "express-session": "^1.18.0", "hbs": "^4.1.1", "mongoose": "^6.1.2", "morgan": "^1.10.0", diff --git a/routes/auth.routes.js b/routes/auth.routes.js index 5e106810c7..e22381879c 100644 --- a/routes/auth.routes.js +++ b/routes/auth.routes.js @@ -1,63 +1,62 @@ -const express = require('express') -const router = express.Router() - -const bcrypt = require('bcryptjs') -const User = require('./../models/User.model') -const saltRounds = 10 - -const { isLoggedOut } = require('../middleware/route-guard') +const express = require('express'); +const router = express.Router(); +const bcrypt = require('bcryptjs'); +const User = require('./../models/User.model'); +const saltRounds = 10; +const { isLoggedOut } = require('../middleware/route-guard'); router.get('/register', isLoggedOut, (req, res) => { - res.render('auth/signup') -}) - -router.post('/register', isLoggedOut, (req, res, next) =>{ + res.render('auth/signup'); +}); - const{ username, plainPassword} = req.body - +router.post('/register', isLoggedOut, (req, res, next) => { + const { username, plainPassword } = req.body; - bcrypt - .genSalt(saltRounds) + bcrypt.genSalt(saltRounds) .then(salt => bcrypt.hash(plainPassword, salt)) - .then(passwordHash => User.create({username, passwordHash})) + .then(passwordHash => User.create({ username, password: passwordHash })) .then(() => res.redirect('/login')) - .catch(err => next(err)) -}) + .catch(err => next(err)); +}); -router.get('/login', isLoggedOut, (req, res) =>{ - res.render('auth/login') -}) +router.get('/login', isLoggedOut, (req, res, next) => { + res.render('auth/login'); +}); router.post('/login', isLoggedOut, (req, res, next) => { - const { username, password } = req.body + const { username, password } = req.body; - if(username.length === 0 || password.length === 0){ - res.render('auth/login', { errorMessage: 'Required'}) - return + if (!username || !password) { + res.render('auth/login', { errorMessage: 'Username and password are required' }); + return; } User - .findOne({username}) + .findOne({ username }) .then(foundUser => { - if(!foundUser){ - res.render('auth/login', {errorMessage:'Username not registered'}) - return - } - if (bcrypt.compareSync(password, foundUser.password) === false) { - res.render('auth/login', { errorMessage: 'Try again' }) - return + if (!foundUser) { + res.render('auth/login', { errorMessage: 'Username not registered' }); + return; } - req.session.currentUser = foundUser - console.log('Welcome to hell', req.session) - res.redirect('/') + bcrypt.compare(password, foundUser.password) + .then(isPasswordValid => { + if (!isPasswordValid) { + res.render('auth/login', { errorMessage: 'Invalid password' }); + return; + } + + req.session.currentUser = foundUser; + res.redirect('/'); + }); }) - .catch(err => next(err)) -}) + .catch(err => next(err)); +}); router.get('/logout', (req, res) => { - req.session.destroy(() => res.redirect('/')) -}) + req.session.destroy(() => { + res.redirect('/'); + }); +}); module.exports = router; - diff --git a/views/auth/signup.hbs b/views/auth/signup.hbs index c3e1eb9b62..e8613b00cb 100644 --- a/views/auth/signup.hbs +++ b/views/auth/signup.hbs @@ -11,7 +11,7 @@
- +
Mínimo 4 caracteres.