@mmh-software/webview
Version:
206 lines (189 loc) • 5.88 kB
JavaScript
const express = require('express');
const router = express.Router();
const bcrypt = require('bcryptjs');
const uuid = require('uuid');
const jwt = require('jsonwebtoken');
const db = require('../lib/db.js');
const userMiddleware = require('../middleware/users.js');
router.post('/sign-up', userMiddleware.validateRegister, (req, res, next) => {
db.query(
`SELECT * FROM dm_user WHERE LOWER(usr_name) = LOWER(${db.escape(
req.body.username
)});`,
(err, result) => {
if (result.length) {
return res.status(409).send({
msg: 'This username is already in use!'
});
} else {
// username is available
bcrypt.hash(req.body.password, 10, (err, hash) => {
if (err) {
return res.status(500).send({
msg: err
});
} else {
// has hashed pw => add to database
db.query(
`INSERT INTO dm_user (username, password) VALUES (${db.escape(
req.body.username
)}, ${db.escape(hash)}, now())`,
(err, result) => {
if (err) {
throw err;
return res.status(400).send({
msg: err
});
}
return res.status(201).send({
msg: 'Registered!'
});
}
);
}
});
}
}
);
});
router.post('/login', (req, res, next) => {
//onsole.log("in login")
db.query(
`SELECT * FROM dm_user WHERE usr_name = ${db.escape(req.body.username)};`,
(err, result,fields) => {
var DBid = 0;
var DBUser = '';
var DBPwd = '';
// user does not exists
if (err) {
db.query(
`SELECT * FROM dm_user WHERE usr_short = ${db.escape(req.body.username)};`,
(err, result1,fields) => {
// user does not exists
if (err) {
throw err;
return res.status(400).send({
msg: err
});
}
if (!result1.length) {
return res.status(401).send({
msg: 'Username or password is incorrect!'
});
}
DBid = result1[0]["usr_uid"];
DBUser = result1[0]["usr_name"];
DBPwd = result1[0]['usr_onlinepw'];
});
}
else if(!result.length) {
db.query(`SELECT * FROM dm_user WHERE usr_short = ${db.escape(req.body.username)};`,(err, result1,fields) => {
// user does not exists
if (err) {
throw err;
return res.status(400).send({
msg: err
});
}
if (!result1.length) {
return res.status(401).send({
msg: 'Username or password is incorrect!'
});
}
DBid = result1[0]["usr_uid"];
DBUser = result1[0]["usr_name"];
DBPwd = result1[0]['usr_onlinepw'];
if(DBPwd == null){
DBPwd = ''
}
// check password
bcrypt.compare(
req.body.password,
DBPwd,
(bErr, bResult) => {
// wrong password
if (bErr) {
throw bErr;
return res.status(401).send({
msg: 'Username or password is incorrect!'
});
}
if (bResult) {
const token = jwt.sign({
username: DBUser,
userId: DBid
},
'SECRETKEY', {
expiresIn: '1h'
}
);
db.query("CALL CreateAuthorities(?);",[DBid], function (err, result3, fields) {
if (err) throw err;
//console.log("Created Authorities")
});
return res.status(200).send({
msg: 'Logged in!',
token,
user: DBUser
});
}
return res.status(401).send({
msg: 'Username or password is incorrect!'
});
}
);
});
return;
}
if(DBid == 0 && result.length)
{
DBid = result[0]["usr_uid"];
DBUser = result[0]["usr_name"];
DBPwd = result[0]['usr_onlinepw'];
}
if(DBPwd == null){
DBPwd = ''
}
// check password
bcrypt.compare(
req.body.password,
DBPwd,
(bErr, bResult) => {
// wrong password
if (bErr) {
throw bErr;
return res.status(401).send({
msg: 'Username or password is incorrect!'
});
}
if (bResult) {
const token = jwt.sign({
username: DBUser,
userId: DBid
},
'SECRETKEY', {
expiresIn: '7d'
}
);
db.query("CALL CreateAuthorities(?);",[DBid], function (err, result3, fields) {
if (err) throw err;
console.log("Created Authorities")
});
return res.status(200).send({
msg: 'Logged in!',
token,
user: DBUser
});
}
return res.status(401).send({
msg: 'Username or password is incorrect!'
});
}
);
}
);
});
router.get('/secret-route', userMiddleware.isLoggedIn, (req, res, next) => {
res.send('This is the secret content. Only logged in users can see that!');
});
module.exports = router;