From 46d5913fa96188932277366bd53006107e366e95 Mon Sep 17 00:00:00 2001
From: Yujiro Akihiro <yujiro.akihiro@gmail.com>
Date: Thu, 4 Jul 2024 02:58:24 +0200
Subject: [PATCH] #done*

---
 app.js                            | 15 ++++++-
 middleware/auth.js                |  6 +++
 models/{User.model.js => User.js} |  0
 package.json                      |  5 ++-
 routes/auth.js                    | 27 ++++++++++++
 routes/index.js                   | 71 ++++++++++++++++++++++++++++++-
 views/index.hbs                   |  2 +
 views/login.hbs                   | 10 +++++
 views/main.hbs                    |  3 ++
 views/private.hbs                 |  3 ++
 views/signup.hbs                  | 10 +++++
 11 files changed, 149 insertions(+), 3 deletions(-)
 create mode 100644 middleware/auth.js
 rename models/{User.model.js => User.js} (100%)
 create mode 100644 routes/auth.js
 create mode 100644 views/login.hbs
 create mode 100644 views/main.hbs
 create mode 100644 views/private.hbs
 create mode 100644 views/signup.hbs

diff --git a/app.js b/app.js
index 2ecc9f2220..e34780df48 100644
--- a/app.js
+++ b/app.js
@@ -18,6 +18,20 @@ const app = express();
 // ℹ️ This function is getting exported from the config folder. It runs most middlewares
 require('./config')(app);
 
+// セッションの設定を追加
+const session = require('express-session');
+const MongoStore = require('connect-mongo');
+const mongoose = require('mongoose');
+
+app.use(session({
+  secret: process.env.SESSION_SECRET || 'defaultSecret', // 環境変数からセッションシークレットを取得
+  resave: false,
+  saveUninitialized: true,
+  store: MongoStore.create({
+    mongoUrl: 'mongodb://localhost/lab-express-basic-auth' // データベースのURLを指定
+  })
+}));
+
 // default value for title local
 const projectName = 'lab-express-basic-auth';
 const capitalized = string => string[0].toUpperCase() + string.slice(1).toLowerCase();
@@ -32,4 +46,3 @@ app.use('/', index);
 require('./error-handling')(app);
 
 module.exports = app;
-
diff --git a/middleware/auth.js b/middleware/auth.js
new file mode 100644
index 0000000000..1cea5bd110
--- /dev/null
+++ b/middleware/auth.js
@@ -0,0 +1,6 @@
+module.exports = (req, res, next) => {
+    if (!req.session.currentUser) {
+        return res.redirect('/login');
+    }
+    next();
+};
diff --git a/models/User.model.js b/models/User.js
similarity index 100%
rename from models/User.model.js
rename to models/User.js
diff --git a/package.json b/package.json
index 19489d9695..f9f47caee4 100644
--- a/package.json
+++ b/package.json
@@ -7,11 +7,14 @@
     "dev": "nodemon server.js"
   },
   "dependencies": {
+    "bcryptjs": "^2.4.3",
+    "connect-mongo": "^5.1.0",
     "cookie-parser": "^1.4.5",
     "dotenv": "^8.2.0",
     "express": "^4.17.1",
+    "express-session": "^1.18.0",
     "hbs": "^4.1.1",
-    "mongoose": "^6.1.2",
+    "mongoose": "^6.13.0",
     "morgan": "^1.10.0",
     "serve-favicon": "^2.5.0"
   },
diff --git a/routes/auth.js b/routes/auth.js
new file mode 100644
index 0000000000..2f72995942
--- /dev/null
+++ b/routes/auth.js
@@ -0,0 +1,27 @@
+router.get('/login', (req, res) => {
+    res.render('login');
+});
+
+router.post('/login', async (req, res) => {
+    const { username, password } = req.body;
+    if (!username || !password) {
+        return res.render('login', { errorMessage: 'All fields are mandatory.' });
+    }
+
+    try {
+        const user = await User.findOne({ username });
+        if (!user) {
+            return res.render('login', { errorMessage: 'Invalid credentials.' });
+        }
+
+        const passwordCorrect = bcrypt.compareSync(password, user.password);
+        if (!passwordCorrect) {
+            return res.render('login', { errorMessage: 'Invalid credentials.' });
+        }
+
+        req.session.currentUser = user;
+        res.redirect('/main');
+    } catch (error) {
+        res.render('login', { errorMessage: 'Something went wrong. Please try again.' });
+    }
+});
diff --git a/routes/index.js b/routes/index.js
index 81c2396ceb..d303805eae 100644
--- a/routes/index.js
+++ b/routes/index.js
@@ -1,8 +1,77 @@
 const router = require("express").Router();
+const bcrypt = require('bcryptjs');
+const User = require('../models/User');
+const authMiddleware = require('../middleware/auth');
 
-/* GET home page */
+// GET home page
 router.get("/", (req, res, next) => {
   res.render("index");
 });
 
+// GET signup page
+router.get("/signup", (req, res) => {
+  res.render("signup");
+});
+
+// POST signup
+router.post("/signup", async (req, res) => {
+  const { username, password } = req.body;
+  if (!username || !password) {
+    return res.render("signup", { errorMessage: "All fields are mandatory." });
+  }
+
+  const existingUser = await User.findOne({ username });
+  if (existingUser) {
+    return res.render("signup", { errorMessage: "Username already exists." });
+  }
+
+  const salt = bcrypt.genSaltSync(10);
+  const hashedPassword = bcrypt.hashSync(password, salt);
+
+  try {
+    await User.create({
+      username,
+      password: hashedPassword
+    });
+    res.redirect("/login");
+  } catch (error) {
+    res.render("signup", { errorMessage: "Something went wrong. Please try again." });
+  }
+});
+
+// GET login page
+router.get("/login", (req, res) => {
+  res.render("login");
+});
+
+// POST login
+router.post("/login", async (req, res) => {
+  const { username, password } = req.body;
+  if (!username || !password) {
+    return res.render("login", { errorMessage: "All fields are mandatory." });
+  }
+
+  try {
+    const user = await User.findOne({ username });
+    if (!user) {
+      return res.render("login", { errorMessage: "Invalid credentials." });
+    }
+
+    const passwordCorrect = bcrypt.compareSync(password, user.password);
+    if (!passwordCorrect) {
+      return res.render("login", { errorMessage: "Invalid credentials." });
+    }
+
+    req.session.currentUser = user;
+    res.redirect("/main");
+  } catch (error) {
+    res.render("login", { errorMessage: "Something went wrong. Please try again." });
+  }
+});
+
+// GET main page - protected route
+router.get("/main", authMiddleware, (req, res) => {
+  res.render("main");
+});
+
 module.exports = router;
diff --git a/views/index.hbs b/views/index.hbs
index 1f308fdb35..258595ed39 100644
--- a/views/index.hbs
+++ b/views/index.hbs
@@ -1,2 +1,4 @@
 <h1>{{title}}</h1>
 <p>Welcome to {{title}}</p>
+<a href="/signup">Sign Up</a>
+<a href="/login">Login</a>
diff --git a/views/login.hbs b/views/login.hbs
new file mode 100644
index 0000000000..2f212528c0
--- /dev/null
+++ b/views/login.hbs
@@ -0,0 +1,10 @@
+<form action="/login" method="POST">
+  <label for="username">Username:</label>
+  <input type="text" id="username" name="username" required>
+  <label for="password">Password:</label>
+  <input type="password" id="password" name="password" required>
+  <button type="submit">Login</button>
+  {{#if errorMessage}}
+    <p>{{errorMessage}}</p>
+  {{/if}}
+</form>
diff --git a/views/main.hbs b/views/main.hbs
new file mode 100644
index 0000000000..82fac6ee4c
--- /dev/null
+++ b/views/main.hbs
@@ -0,0 +1,3 @@
+<h1>Welcome to the main page</h1>
+<img src="path_to_funny_cat_image.jpg" alt="Funny cat">
+<a href="/">Home</a>
diff --git a/views/private.hbs b/views/private.hbs
new file mode 100644
index 0000000000..e8500bbbc2
--- /dev/null
+++ b/views/private.hbs
@@ -0,0 +1,3 @@
+<h1>Private Page</h1>
+<img src="path_to_favorite_gif.gif" alt="Favorite gif">
+<a href="/">Home</a>
diff --git a/views/signup.hbs b/views/signup.hbs
new file mode 100644
index 0000000000..76d0188d88
--- /dev/null
+++ b/views/signup.hbs
@@ -0,0 +1,10 @@
+<form action="/signup" method="POST">
+  <label for="username">Username:</label>
+  <input type="text" id="username" name="username" required>
+  <label for="password">Password:</label>
+  <input type="password" id="password" name="password" required>
+  <button type="submit">Sign Up</button>
+  {{#if errorMessage}}
+    <p>{{errorMessage}}</p>
+  {{/if}}
+</form>