-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.js
183 lines (138 loc) · 4.49 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
const cookieParser = require('cookie-parser');
const bcrypt = require('bcrypt');
const express = require('express');
const app = express();
const DB = require('./database.js');
const { PeerProxy } = require('./peerProxy.js');
// use .env variables
require('dotenv').config()
const authCookieName = 'token';
// can take argument for a port. If unspecified use the env variable port
const port = process.argv.length > 2 ? process.argv[2] : process.env.STARTUP_PORT;
// JSON body parsing using middle-ware
app.use(express.json());
// cookie parser for auth tokens
app.use(cookieParser());
// serve up the app static content
app.use(express.static('public'));
// roouter for service endpoints
var apiRouter = express.Router();
app.use(`/api`, apiRouter);
// CreateAuth token for a new user
apiRouter.post('/auth/create', async (req, res) => {
if (await DB.getUser(req.body.email)) {
res.status(409).send({ msg: 'Existing user' });
} else {
const user = await DB.createUser(req.body.email, req.body.password);
// Set the cookie
setAuthCookie(res, user.token);
res.send({
id: user._id,
});
}
});
// GetAuth token for the provided credentials
apiRouter.post('/auth/login', async (req, res) => {
const user = await DB.getUser(req.body.email);
if (user) {
if (await bcrypt.compare(req.body.password, user.password)) {
setAuthCookie(res, user.token);
res.send({ id: user._id });
return;
}
}
res.status(401).send({ msg: 'Unauthorized' });
});
// DeleteAuth token if stored in cookie
apiRouter.delete('/auth/logout', (_req, res) => {
res.clearCookie(authCookieName);
res.status(204).end();
});
// GetUser returns information about a user
apiRouter.get('/user/:email', async (req, res) => {
const user = await DB.getUser(req.params.email);
if (user) {
const token = req?.cookies.token;
res.send({ email: user.email, authenticated: token === user.token });
return;
}
res.status(404).send({ msg: 'Unknown' });
});
// secureApiRouter verifies credentials for endpoints
var secureApiRouter = express.Router();
apiRouter.use(secureApiRouter);
secureApiRouter.use(async (req, res, next) => {
authToken = req.cookies[authCookieName];
const user = await DB.getUserByToken(authToken);
if (user) {
next();
} else {
res.status(401).send({ msg: 'Unauthorized' });
}
});
// Get Tasks
apiRouter.get('/tasks', async (req, res) => {
let tasks = await DB.getTasks(req.headers.username, req.headers.listid);
res.send(tasks);
});
// Add Task
apiRouter.post('/task', async (req, res) => {
await DB.addTask(req.body);
let tasks = await DB.getTasks(req.body.username, req.body.listid);
res.send(tasks);
});
// Update Task
apiRouter.put('/task', async (req, res) => {
await DB.updateTask(req.body);
let tasks = await DB.getTasks(req.headers.username, req.headers.listid);
res.send(tasks);
});
// Delete Task
apiRouter.delete('/task', async (req, res) => {
await DB.deleteTask(req.body);
let tasks = await DB.getTasks(req.headers.username, req.headers.listid);
res.send(tasks);
});
// Get Lists
apiRouter.get('/tasklists', async (req, res) => {
let taskLists = await DB.getLists(req.headers.username);
res.send(taskLists);
});
// Add List
apiRouter.post('/tasklist', async (req, res) => {
let list = await DB.getListByName(req.body)
if (list) {
res.status(409).send({ msg: 'List under that name already exists.' });
} else {
await DB.addList(req.body);
let taskLists = await DB.getLists(req.headers.username);
res.send(taskLists);
}
});
// Delete List
apiRouter.delete('/tasklist', async (req, res) => {
await DB.deleteList(req.body);
let taskLists = await DB.getLists(req.headers.username);
res.send(taskLists);
});
// Default error handler
app.use(function (err, req, res, next) {
res.status(500).send({ type: err.name, message: err.message });
});
// Return the application's default page if the path is unknown
app.use((_req, res) => {
res.sendFile('index.html', { root: 'public' });
});
// setAuthCookie in the HTTP response
function setAuthCookie(res, authToken) {
res.cookie(authCookieName, authToken, {
secure: true,
httpOnly: true,
sameSite: 'strict',
});
}
// Web Socket Peer Proxy
const httpService = app.listen(port, () => {
console.log(`Listening on port ${port}`);
});
new PeerProxy(httpService);