[BER-WDPT-2024] Yujiro Akihiro

app.js

@@ -18,6 +18,20 @@ const app = express();
 // ℹ️ This function is getting exported from the config folder. It runs most middlewares
 require('./config')(app);
 
+// セッションの設定を追加
+const session = require('express-session');
+const MongoStore = require('connect-mongo');
+const mongoose = require('mongoose');
+
+app.use(session({
+  secret: process.env.SESSION_SECRET || 'defaultSecret', // 環境変数からセッションシークレットを取得
+  resave: false,
+  saveUninitialized: true,
+  store: MongoStore.create({
+    mongoUrl: 'mongodb://localhost/lab-express-basic-auth' // データベースのURLを指定
+  })
+}));
+
 // default value for title local
 const projectName = 'lab-express-basic-auth';
 const capitalized = string => string[0].toUpperCase() + string.slice(1).toLowerCase();
@@ -32,4 +46,3 @@ app.use('/', index);
 require('./error-handling')(app);
 
 module.exports = app;
-

middleware/auth.js

@@ -0,0 +1,6 @@
+module.exports = (req, res, next) => {
+    if (!req.session.currentUser) {
+        return res.redirect('/login');
+    }
+    next();
+};

package.json

@@ -7,11 +7,14 @@
     "dev": "nodemon server.js"
   },
   "dependencies": {
+    "bcryptjs": "^2.4.3",
+    "connect-mongo": "^5.1.0",
     "cookie-parser": "^1.4.5",
     "dotenv": "^8.2.0",
     "express": "^4.17.1",
+    "express-session": "^1.18.0",
     "hbs": "^4.1.1",
-    "mongoose": "^6.1.2",
+    "mongoose": "^6.13.0",
     "morgan": "^1.10.0",
     "serve-favicon": "^2.5.0"
   },

routes/auth.js

@@ -0,0 +1,27 @@
+router.get('/login', (req, res) => {
+    res.render('login');
+});
+
+router.post('/login', async (req, res) => {
+    const { username, password } = req.body;
+    if (!username || !password) {
+        return res.render('login', { errorMessage: 'All fields are mandatory.' });
+    }
+
+    try {
+        const user = await User.findOne({ username });
+        if (!user) {
+            return res.render('login', { errorMessage: 'Invalid credentials.' });
+        }
+
+        const passwordCorrect = bcrypt.compareSync(password, user.password);
+        if (!passwordCorrect) {
+            return res.render('login', { errorMessage: 'Invalid credentials.' });
+        }
+
+        req.session.currentUser = user;
+        res.redirect('/main');
+    } catch (error) {
+        res.render('login', { errorMessage: 'Something went wrong. Please try again.' });
+    }
+});

routes/index.js

@@ -1,8 +1,77 @@
 const router = require("express").Router();
+const bcrypt = require('bcryptjs');
+const User = require('../models/User');
+const authMiddleware = require('../middleware/auth');
 
-/* GET home page */
+// GET home page
 router.get("/", (req, res, next) => {
   res.render("index");
 });
 
+// GET signup page
+router.get("/signup", (req, res) => {
+  res.render("signup");
+});
+
+// POST signup
+router.post("/signup", async (req, res) => {
+  const { username, password } = req.body;
+  if (!username || !password) {
+    return res.render("signup", { errorMessage: "All fields are mandatory." });
+  }
+
+  const existingUser = await User.findOne({ username });
+  if (existingUser) {
+    return res.render("signup", { errorMessage: "Username already exists." });
+  }
+
+  const salt = bcrypt.genSaltSync(10);
+  const hashedPassword = bcrypt.hashSync(password, salt);
+
+  try {
+    await User.create({
+      username,
+      password: hashedPassword
+    });
+    res.redirect("/login");
+  } catch (error) {
+    res.render("signup", { errorMessage: "Something went wrong. Please try again." });
+  }
+});
+
+// GET login page
+router.get("/login", (req, res) => {
+  res.render("login");
+});
+
+// POST login
+router.post("/login", async (req, res) => {
+  const { username, password } = req.body;
+  if (!username || !password) {
+    return res.render("login", { errorMessage: "All fields are mandatory." });
+  }
+
+  try {
+    const user = await User.findOne({ username });
+    if (!user) {
+      return res.render("login", { errorMessage: "Invalid credentials." });
+    }
+
+    const passwordCorrect = bcrypt.compareSync(password, user.password);
+    if (!passwordCorrect) {
+      return res.render("login", { errorMessage: "Invalid credentials." });
+    }
+
+    req.session.currentUser = user;
+    res.redirect("/main");
+  } catch (error) {
+    res.render("login", { errorMessage: "Something went wrong. Please try again." });
+  }
+});
+
+// GET main page - protected route
+router.get("/main", authMiddleware, (req, res) => {
+  res.render("main");
+});
+
 module.exports = router;

views/index.hbs

@@ -1,2 +1,4 @@
 <h1>{{title}}</h1>
 <p>Welcome to {{title}}</p>
+<a href="/signup">Sign Up</a>
+<a href="/login">Login</a>

views/login.hbs

@@ -0,0 +1,10 @@
+<form action="/login" method="POST">
+  <label for="username">Username:</label>
+  <input type="text" id="username" name="username" required>
+  <label for="password">Password:</label>
+  <input type="password" id="password" name="password" required>
+  <button type="submit">Login</button>
+  {{#if errorMessage}}
+    <p>{{errorMessage}}</p>
+  {{/if}}
+</form>

views/main.hbs

@@ -0,0 +1,3 @@
+<h1>Welcome to the main page</h1>
+<img src="path_to_funny_cat_image.jpg" alt="Funny cat">
+<a href="/">Home</a>

views/private.hbs

@@ -0,0 +1,3 @@
+<h1>Private Page</h1>
+<img src="path_to_favorite_gif.gif" alt="Favorite gif">
+<a href="/">Home</a>

views/signup.hbs

@@ -0,0 +1,10 @@
+<form action="/signup" method="POST">
+  <label for="username">Username:</label>
+  <input type="text" id="username" name="username" required>
+  <label for="password">Password:</label>
+  <input type="password" id="password" name="password" required>
+  <button type="submit">Sign Up</button>
+  {{#if errorMessage}}
+    <p>{{errorMessage}}</p>
+  {{/if}}
+</form>