forked from Qualyteam/qualyteam-react-course
-
Notifications
You must be signed in to change notification settings - Fork 0
/
server.js
72 lines (64 loc) · 1.96 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
const fs = require("fs");
const path = require('path')
const bodyParser = require("body-parser");
const jsonServer = require("json-server");
const jwt = require("jsonwebtoken");
const server = jsonServer.create();
const router = jsonServer.router(path.join(__dirname,"./db.json") );
const userdb = JSON.parse(fs.readFileSync( path.join(__dirname,"./users.json"), "UTF-8"));
const SECRET_KEY = "123456789";
const expiresIn = "1h";
// Create a token from a payload
function createToken(payload) {
return jwt.sign(payload, SECRET_KEY, { expiresIn });
}
// Verify the token
function verifyToken(token) {
return jwt.verify(token, SECRET_KEY, (err, decode) =>
decode !== undefined ? decode : err
);
}
// Check if the user exists in database
function isAuthenticated({ email, password }) {
return (
userdb.users.findIndex(
user => user.email === email && user.password === password
) !== -1
);
}
server.use(jsonServer.defaults());
server.use(jsonServer.bodyParser);
server.post("/auth/login", (req, res) => {
const { email, password } = req.body;
if (isAuthenticated({ email, password }) === false) {
const status = 401;
const message = "Incorrect email or password";
res.status(status).json({ status, message });
return;
}
const access_token = createToken({ email, password });
res.status(200).json({ access_token });
});
server.use(/^(?!\/auth).*$/, (req, res, next) => {
if (
req.headers.authorization === undefined ||
req.headers.authorization.split(" ")[0] !== "Bearer"
) {
const status = 401;
const message = "Bad authorization header";
res.status(status).json({ status, message });
return;
}
try {
verifyToken(req.headers.authorization.split(" ")[1]);
next();
} catch (err) {
const status = 401;
const message = "Error: access_token is not valid";
res.status(status).json({ status, message });
}
});
server.use(router)
server.listen(4000, () => {
console.log('Run Auth API Server')
})