app.js

-Original file line number
+Diff line change
@@ Expand Up / @@ -18,6 +18,23 @@ const app = express(); @@
     // ℹ️ This function is getting exported from the config folder. It runs most middlewares
     require('./config')(app);
+    // Import session management packages
+    const session = require('express-session');
+    const MongoStore = require('connect-mongo');
+    // Configure session middleware
+    app.use(
+      session({
+        secret: process.env.SESSION_SECRET || 'defaultSecret', // Replace with an actual secret key
+        resave: false,
+        saveUninitialized: false,
+        cookie: { maxAge: 24 * 60 * 60 * 1000 }, // 1 day in milliseconds
+        store: MongoStore.create({
+          mongoUrl: process.env.MONGODB_URI || 'mongodb://localhost/lab-express-basic-auth', // Replace with your MongoDB URI
+        }),
+      })
+    );
     // default value for title local
     const projectName = 'lab-express-basic-auth';
     const capitalized = string => string[0].toUpperCase() + string.slice(1).toLowerCase();
@@ Expand All @@
     const index = require('./routes/index');
     app.use('/', index);
+    const authRoutes = require('./routes/auth.routes');
+    const protectedRoutes = require('./routes/protected.routes');
+    app.use(authRoutes);
+    app.use(protectedRoutes);
     // ❗ To handle errors. Routes that don't exist or errors that you handle in specific routes
     require('./error-handling')(app);
     module.exports = app;

middleware/auth.middelware.js

-Original file line number
+Diff line change
@@ -0,0 +1,8 @@
+    // middleware/auth.middleware.js
+    module.exports = (req, res, next) => {
+        if (!req.session.user) {
+          return res.redirect('/login');
+        }
+        next();
+      };

models/User.model.js

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -1,14 +1,18 @@
  
    const { Schema, model } = require("mongoose");

    // models/User.model.js

    const mongoose = require('mongoose');

    const { Schema } = mongoose;

    // TODO: Please make sure you edit the user model to whatever makes sense in this case

    const userSchema = new Schema({

      username: {

        type: String,

        unique: true

        unique: true,

        required: true

      },

      password: String

      password: {

        type: String,

        required: true

      }

    });

    const User = model("User", userSchema);

    module.exports = mongoose.model('User', userSchema);

    module.exports = User;

package.json

-Original file line number
+Diff line change
@@ Expand Up / @@ -7,11 +7,15 @@ @@
         "dev": "nodemon server.js"
       },
       "dependencies": {
+        "bcryptjs": "^2.4.3",
+        "body-parser": "^1.20.3",
+        "connect-mongo": "^5.1.0",
         "cookie-parser": "^1.4.5",
         "dotenv": "^8.2.0",
-        "express": "^4.17.1",
+        "express": "^4.21.1",
+        "express-session": "^1.18.1",
         "hbs": "^4.1.1",
-        "mongoose": "^6.1.2",
+        "mongoose": "^6.13.4",
         "morgan": "^1.10.0",
         "serve-favicon": "^2.5.0"
       },
@@ Expand Down @@

routes/auth.routes.js

-Original file line number
+Diff line change
@@ -0,0 +1,63 @@
+    const express = require('express');
+    const bcrypt = require('bcryptjs');
+    const User = require('../models/User.model');
+    const router = express.Router();
+    // GET sign-up form
+    router.get('/signup', (req, res) => {
+      res.render('auth/signup');
+    });
+    // POST sign-up form
+    router.post('/signup', async (req, res) => {
+      const { username, password } = req.body;
+      if (!username || !password) {
+        return res.render('auth/signup', { error: 'All fields are required.' });
+      }
+      try {
+        const salt = await bcrypt.genSalt(10);
+        const hashedPassword = await bcrypt.hash(password, salt);
+        await User.create({ username, password: hashedPassword });
+        res.redirect('/login');
+      } catch (error) {
+        res.render('auth/signup', { error: 'Error during sign-up.' });
+      }
+    });
+    // GET login form
+    router.get('/login', (req, res) => {
+      res.render('auth/login');
+    });
+    // POST login form
+    router.post('/login', async (req, res) => {
+      const { username, password } = req.body;
+      if (!username || !password) {
+        return res.render('auth/login', { error: 'All fields are required.' });
+      }
+      try {
+        const user = await User.findOne({ username });
+        if (!user) {
+          return res.render('auth/login', { error: 'Invalid username or password.' });
+        }
+        const passwordMatch = await bcrypt.compare(password, user.password);
+        if (!passwordMatch) {
+          return res.render('auth/login', { error: 'Invalid username or password.' });
+        }
+        // Save the user in the session
+        req.session.user = user;
+        res.redirect('/main');
+      } catch (error) {
+        res.render('auth/login', { error: 'Error during login.' });
+      }
+    });
+    module.exports = router;

routes/protected.routes.js

-Original file line number
+Diff line change
@@ -0,0 +1,16 @@
+    // routes/protected.routes.js
+    const express = require('express');
+    const router = express.Router();
+    const authMiddleware = require('../middleware/auth.middleware');
+    // GET /main
+    router.get('/main', authMiddleware, (req, res) => {
+      res.render('main', { user: req.session.user });
+    });
+    // GET /private
+    router.get('/private', authMiddleware, (req, res) => {
+      res.render('private', { user: req.session.user });
+    });
+    module.exports = router;

views/auth/login.hbs

-Original file line number
+Diff line change
@@ -0,0 +1,10 @@
+    <!-- views/auth/login.hbs -->
+    <form action="/login" method="POST">
+      <label for="username">Username:</label>
+      <input type="text" name="username" id="username" required />
+      <label for="password">Password:</label>
+      <input type="password" name="password" id="password" required />
+      <button type="submit">Log In</button>
+    </form>

views/auth/signup.hbs

-Original file line number
+Diff line change
@@ -0,0 +1,10 @@
+    <!-- views/auth/signup.hbs -->
+    <form action="/signup" method="POST">
+      <label for="username">Username:</label>
+      <input type="text" name="username" id="username" required />
+      <label for="password">Password:</label>
+      <input type="password" name="password" id="password" required />
+      <button type="submit">Sign Up</button>
+    </form>

views/main.hbs

-Original file line number
+Diff line change
@@ -0,0 +1,9 @@
+    <!-- views/main.hbs -->
+    <h1>Welcome to the Main Page!</h1>
+    <img src="funny-cat.jpg" alt="Funny Cat" />
+    <a href="/">Go Back</a>
+    <!-- views/private.hbs -->
+    <h1>This is a Private Page</h1>
+    <img src="favorite-gif.gif" alt="Favorite GIF" />
+    <a href="/">Go Back</a>

Michael Diaz MAD WD PT 9TH SEP #2138

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

MikeBDiazB wants to merge 1 commit into ironhack-labs:master from MikeBDiazB:master

-Original file line number
+Diff line change
@@ Expand Up / @@ -18,6 +18,23 @@ const app = express(); @@
     // ℹ️ This function is getting exported from the config folder. It runs most middlewares
     require('./config')(app);
+    // Import session management packages
+    const session = require('express-session');
+    const MongoStore = require('connect-mongo');
+    // Configure session middleware
+    app.use(
+      session({
+        secret: process.env.SESSION_SECRET || 'defaultSecret', // Replace with an actual secret key
+        resave: false,
+        saveUninitialized: false,
+        cookie: { maxAge: 24 * 60 * 60 * 1000 }, // 1 day in milliseconds
+        store: MongoStore.create({
+          mongoUrl: process.env.MONGODB_URI || 'mongodb://localhost/lab-express-basic-auth', // Replace with your MongoDB URI
+        }),
+      })
+    );
     // default value for title local
     const projectName = 'lab-express-basic-auth';
     const capitalized = string => string[0].toUpperCase() + string.slice(1).toLowerCase();
@@ Expand All @@
     const index = require('./routes/index');
     app.use('/', index);
+    const authRoutes = require('./routes/auth.routes');
+    const protectedRoutes = require('./routes/protected.routes');
+    app.use(authRoutes);
+    app.use(protectedRoutes);
     // ❗ To handle errors. Routes that don't exist or errors that you handle in specific routes
     require('./error-handling')(app);
     module.exports = app;

-Original file line number
+Diff line change
@@ -0,0 +1,8 @@
+    // middleware/auth.middleware.js
+    module.exports = (req, res, next) => {
+        if (!req.session.user) {
+          return res.redirect('/login');
+        }
+        next();
+      };

-Original file line number
+Diff line change
@@ Expand Up / @@ -7,11 +7,15 @@ @@
         "dev": "nodemon server.js"
       },
       "dependencies": {
+        "bcryptjs": "^2.4.3",
+        "body-parser": "^1.20.3",
+        "connect-mongo": "^5.1.0",
         "cookie-parser": "^1.4.5",
         "dotenv": "^8.2.0",
-        "express": "^4.17.1",
+        "express": "^4.21.1",
+        "express-session": "^1.18.1",
         "hbs": "^4.1.1",
-        "mongoose": "^6.1.2",
+        "mongoose": "^6.13.4",
         "morgan": "^1.10.0",
         "serve-favicon": "^2.5.0"
       },
@@ Expand Down @@

-Original file line number
+Diff line change
@@ -0,0 +1,63 @@
+    const express = require('express');
+    const bcrypt = require('bcryptjs');
+    const User = require('../models/User.model');
+    const router = express.Router();
+    // GET sign-up form
+    router.get('/signup', (req, res) => {
+      res.render('auth/signup');
+    });
+    // POST sign-up form
+    router.post('/signup', async (req, res) => {
+      const { username, password } = req.body;
+      if (!username || !password) {
+        return res.render('auth/signup', { error: 'All fields are required.' });
+      }
+      try {
+        const salt = await bcrypt.genSalt(10);
+        const hashedPassword = await bcrypt.hash(password, salt);
+        await User.create({ username, password: hashedPassword });
+        res.redirect('/login');
+      } catch (error) {
+        res.render('auth/signup', { error: 'Error during sign-up.' });
+      }
+    });
+    // GET login form
+    router.get('/login', (req, res) => {
+      res.render('auth/login');
+    });
+    // POST login form
+    router.post('/login', async (req, res) => {
+      const { username, password } = req.body;
+      if (!username || !password) {
+        return res.render('auth/login', { error: 'All fields are required.' });
+      }
+      try {
+        const user = await User.findOne({ username });
+        if (!user) {
+          return res.render('auth/login', { error: 'Invalid username or password.' });
+        }
+        const passwordMatch = await bcrypt.compare(password, user.password);
+        if (!passwordMatch) {
+          return res.render('auth/login', { error: 'Invalid username or password.' });
+        }
+        // Save the user in the session
+        req.session.user = user;
+        res.redirect('/main');
+      } catch (error) {
+        res.render('auth/login', { error: 'Error during login.' });
+      }
+    });
+    module.exports = router;

-Original file line number
+Diff line change
@@ -0,0 +1,16 @@
+    // routes/protected.routes.js
+    const express = require('express');
+    const router = express.Router();
+    const authMiddleware = require('../middleware/auth.middleware');
+    // GET /main
+    router.get('/main', authMiddleware, (req, res) => {
+      res.render('main', { user: req.session.user });
+    });
+    // GET /private
+    router.get('/private', authMiddleware, (req, res) => {
+      res.render('private', { user: req.session.user });
+    });
+    module.exports = router;

-Original file line number
+Diff line change
@@ -0,0 +1,10 @@
+    <!-- views/auth/login.hbs -->
+    <form action="/login" method="POST">
+      <label for="username">Username:</label>
+      <input type="text" name="username" id="username" required />
+      <label for="password">Password:</label>
+      <input type="password" name="password" id="password" required />
+      <button type="submit">Log In</button>
+    </form>

-Original file line number
+Diff line change
@@ -0,0 +1,10 @@
+    <!-- views/auth/signup.hbs -->
+    <form action="/signup" method="POST">
+      <label for="username">Username:</label>
+      <input type="text" name="username" id="username" required />
+      <label for="password">Password:</label>
+      <input type="password" name="password" id="password" required />
+      <button type="submit">Sign Up</button>
+    </form>

-Original file line number
+Diff line change
@@ -0,0 +1,9 @@
+    <!-- views/main.hbs -->
+    <h1>Welcome to the Main Page!</h1>
+    <img src="funny-cat.jpg" alt="Funny Cat" />
+    <a href="/">Go Back</a>
+    <!-- views/private.hbs -->
+    <h1>This is a Private Page</h1>
+    <img src="favorite-gif.gif" alt="Favorite GIF" />
+    <a href="/">Go Back</a>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Michael Diaz MAD WD PT 9TH SEP #2138

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Michael Diaz MAD WD PT 9TH SEP #2138

Are you sure you want to change the base?

Uh oh!

Michael Diaz MAD WD PT 9TH SEP #2138

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing