Utschub/feature/ta-2 (#19)

* added jsonwebtokens for login/registration for authentication

* added login feature

server/config/constants.json

@@ -0,0 +1,3 @@
+{
+    "jsonwebtokenSecret" : "secretKey"
+}

server/routes/auth.js

@@ -1,5 +1,10 @@
 const express = require('express');
 const router = express.Router();
+const { check, validationResult } = require('express-validator');
+const User = require("../models/User");
+const jsonwebtoken = require('jsonwebtoken');
+const constants = require('../config/constants.json');
+const bcrypt = require('bcryptjs');
 
 //http://localhost:8000/api/auth
 
@@ -17,8 +22,34 @@ router.get('/', (request, response) => { // note: it is just a slash since we de
     DESC: Authenticate and get token (so that we can access private routes)
     ACCESS: Public 
 */
-router.post('/', (request, response) => { // note: it is just a slash since we defined the route already in server.js
-    response.send('User is logged in');
+router.post('/', [
+    check('email', 'Please enter a valid email').isEmail(),
+    check('email', 'Please use a UofT email').custom(value => {
+        return value.includes("@mail.utoronto.ca");
+    }),
+    check('password', 'Please enter a password with 5 or more characters').isLength({min: 5})
+], async (request, response) => { 
+    const errorMessages = validationResult(request);
+    if(!errorMessages.isEmpty()) return response.status(400).json({errors: errorMessages.array()});
+    const { email, password } = request.body;
+    try{
+        let user = await User.findOne({email});
+        const errMsg = {message: 'User credentials is invalid'};
+        if(!user) return response.status(400).json(errMsg);
+        const passwordMatches = await bcrypt.compare(password, user.password); //compares password to encrypted password
+        if(!passwordMatches) return response.sendStatus(400).json(errMsg);
+        jsonwebtoken.sign(
+            {user: { id: user.id}}, //user id is auto generated by mongoose
+            constants.jsonwebtokenSecret, {
+            expiresIn: 7200 //2 hours
+        }, (error, token) => {
+            if(error) throw error;
+            response.json({token});
+        });
+    }catch(err){
+        console.log(err.message);
+        response.status(500); //server error
+    }
 }); 
 
 module.exports = router;

server/routes/users.js

@@ -2,6 +2,8 @@ const express = require('express');
 const router = express.Router();
 const { check, validationResult } = require('express-validator');
 const User = require("../models/User");
+const jsonwebtoken = require('jsonwebtoken');
+const constants = require('../config/constants.json');
 const bcrypt = require('bcryptjs');
 
 
@@ -20,8 +22,8 @@ router.post('/', [
     }),
     check('password', 'Please enter a password with 5 or more characters').isLength({min: 5})
 ], async (request, response) => { 
-    const errors = validationResult(request);
-    if(!errors.isEmpty()) return response.status(400).json({errors: errors.array()});
+    const errorMessages = validationResult(request);
+    if(!errorMessages.isEmpty()) return response.status(400).json({errors: errorMessages.array()});
     const {name, email, password} = request.body;
     try{
         let user = await User.findOne({email: email});
@@ -34,10 +36,17 @@ router.post('/', [
         const salt = await bcrypt.genSalt() //encrypt the password
         user.password = await bcrypt.hash(password, salt);
         await user.save();
-        response.send("User is registered");
+        jsonwebtoken.sign(
+            {user: { id: user.id}}, //user id is auto generated by mongoose
+            constants.jsonwebtokenSecret, {
+            expiresIn: 7200 //2 hours
+        }, (error, token) => {
+            if(error) throw error;
+            response.json({token});
+        });
     }catch(error){
         console.log(error.message);
-        response.send(500); //server error
+        response.sendStatus(500); //server error
     }
 });