diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e8c9f45
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+node_modules
+.env
diff --git a/README.md b/README.md
index b2e3b8b..0482fab 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,33 @@
-# api-auth
\ No newline at end of file
+# api-auth
+
+### User Model
+| Role | Description |
+|------|-------------|
+| 0 | Admin |
+| 1 | Normal User |
+
+###List of user routes:
+| Route | HTTP | Description |
+|-----------------|----------|------------------------------|
+| /api/signup | POST | Sign up with new user info |
+| /api/signin | POST | Sign in while get an access token based on credentials |
+| /api/users | GET | Get all the users info (admin only) |
+| /api/users/:id | GET | Get a single user (admin and authenticated user) |
+| /api/users | POST | Create a user (admin only) |
+| /api/users/:id | DELETE | Delete a user (admin only) |
+| /api/users/:id | PUT | Update a user with new info (admin and authenticated user) |
+
+#### Example
+```
+localhost:3000/api/users // will return all users in JSON format
+```
+
+
+### Usage
+```
+npm install
+npm start
+```
+
+### Heroku
+()[]
diff --git a/app.js b/app.js
new file mode 100644
index 0000000..7d5149e
--- /dev/null
+++ b/app.js
@@ -0,0 +1,46 @@
+var express = require('express');
+var path = require('path');
+var favicon = require('serve-favicon');
+var logger = require('morgan');
+var cookieParser = require('cookie-parser');
+var bodyParser = require('body-parser');
+
+var index = require('./routes/index');
+var users = require('./routes/users');
+
+var app = express();
+
+// view engine setup
+app.set('views', path.join(__dirname, 'views'));
+app.set('view engine', 'ejs');
+
+// uncomment after placing your favicon in /public
+//app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')));
+app.use(logger('dev'));
+app.use(bodyParser.json());
+app.use(bodyParser.urlencoded({ extended: false }));
+app.use(cookieParser());
+app.use(express.static(path.join(__dirname, 'public')));
+
+app.use('/', index);
+app.use('/api', users);
+
+// catch 404 and forward to error handler
+app.use(function(req, res, next) {
+ var err = new Error('Not Found');
+ err.status = 404;
+ next(err);
+});
+
+// error handler
+app.use(function(err, req, res, next) {
+ // set locals, only providing error in development
+ res.locals.message = err.message;
+ res.locals.error = req.app.get('env') === 'development' ? err : {};
+
+ // render the error page
+ res.status(err.status || 500);
+ res.render('error');
+});
+
+module.exports = app;
diff --git a/bin/www b/bin/www
new file mode 100644
index 0000000..fea87fd
--- /dev/null
+++ b/bin/www
@@ -0,0 +1,90 @@
+#!/usr/bin/env node
+
+/**
+ * Module dependencies.
+ */
+
+var app = require('../app');
+var debug = require('debug')('api-auth:server');
+var http = require('http');
+
+/**
+ * Get port from environment and store in Express.
+ */
+
+var port = normalizePort(process.env.PORT || '3000');
+app.set('port', port);
+
+/**
+ * Create HTTP server.
+ */
+
+var server = http.createServer(app);
+
+/**
+ * Listen on provided port, on all network interfaces.
+ */
+
+server.listen(port);
+server.on('error', onError);
+server.on('listening', onListening);
+
+/**
+ * Normalize a port into a number, string, or false.
+ */
+
+function normalizePort(val) {
+ var port = parseInt(val, 10);
+
+ if (isNaN(port)) {
+ // named pipe
+ return val;
+ }
+
+ if (port >= 0) {
+ // port number
+ return port;
+ }
+
+ return false;
+}
+
+/**
+ * Event listener for HTTP server "error" event.
+ */
+
+function onError(error) {
+ if (error.syscall !== 'listen') {
+ throw error;
+ }
+
+ var bind = typeof port === 'string'
+ ? 'Pipe ' + port
+ : 'Port ' + port;
+
+ // handle specific listen errors with friendly messages
+ switch (error.code) {
+ case 'EACCES':
+ console.error(bind + ' requires elevated privileges');
+ process.exit(1);
+ break;
+ case 'EADDRINUSE':
+ console.error(bind + ' is already in use');
+ process.exit(1);
+ break;
+ default:
+ throw error;
+ }
+}
+
+/**
+ * Event listener for HTTP server "listening" event.
+ */
+
+function onListening() {
+ var addr = server.address();
+ var bind = typeof addr === 'string'
+ ? 'pipe ' + addr
+ : 'port ' + addr.port;
+ debug('Listening on ' + bind);
+}
diff --git a/config/config.json b/config/config.json
new file mode 100644
index 0000000..791eedc
--- /dev/null
+++ b/config/config.json
@@ -0,0 +1,24 @@
+{
+ "development": {
+ "username": "nextacademy",
+ "password": "nextacademy",
+ "database": "h8_w05d01_04_api_auth",
+ "host": "127.0.0.1",
+ "port": "5432",
+ "dialect": "postgres"
+ },
+ "test": {
+ "username": "root",
+ "password": null,
+ "database": "database_test",
+ "host": "127.0.0.1",
+ "dialect": "mysql"
+ },
+ "production": {
+ "username": "root",
+ "password": null,
+ "database": "database_production",
+ "host": "127.0.0.1",
+ "dialect": "mysql"
+ }
+}
diff --git a/controllers/userController.js b/controllers/userController.js
new file mode 100644
index 0000000..051a00c
--- /dev/null
+++ b/controllers/userController.js
@@ -0,0 +1,149 @@
+const db = require("../models")
+require('dotenv').config();
+
+var passwordHash = require('password-hash');
+var jwt = require('jsonwebtoken');
+
+
+
+exports.index = (req, res, next) => {
+ db.User.findAll()
+ .then ( users => {
+ // res.render('index', {title: "Get Users",users: JSON.stringify(users)});
+ res.send(users);
+ })
+
+}
+
+exports.user_detail = (req, res, next) => {
+ db.User.findById(req.params.id)
+ .then ( user => {
+ res.send(user);
+ })
+}
+
+exports.user_create_get = (req, res, next) => {
+ res.render('./users/new', {title: "Create New User"});
+}
+
+exports.user_create_post = (req, res, next) => {
+ let name = req.body.name;
+ let username = req.body.username;
+ let phone = req.body.phone;
+ let email = req.body.email;
+ let password = req.body.password;
+
+ db.User.create({name: name, username: username, phone: phone, email: email, password: password})
+ .then ( user => {
+ // res.send(`Created user ${user.username}`);
+ res.send(user);
+ })
+}
+
+exports.user_delete = (req, res, next) => {
+ let user_id = req.params.id
+
+ db.User.destroy({where: {id: user_id}})
+ .then ( row => {
+ console.log(row);
+ if(row > 0)
+ res.send(`Deleted user with user id: ${user_id}.`);
+ else
+ res.send(`Delete not successful, make sure user id is correct.`);
+ })
+}
+
+exports.user_update_get = (req, res, next) => {
+ let user_id = req.params.id
+ db.User.findById(user_id)
+ .then ( user => {
+ res.render('./users/edit', {title: "Edit User", user: user})
+ })
+
+}
+
+exports.user_update_post = (req, res, next) => {
+ let user_id = req.params.id
+ let name = req.body.name;
+ let username = req.body.username;
+ let phone = req.body.phone;
+ let email = req.body.email;
+ let password = req.body.password;
+
+ console.log(req.body);
+
+ db.User.update({name: name, username: username, phone: phone, email: email, password: password}, {fields: ['name', 'username', 'phone', 'email', 'password'], where: {id: user_id}})
+ .then ( row => {
+ if (row > 0)
+ res.send(`User id=${user_id} has been updated.`);
+ else
+ res.send('Update is unsuccessful')
+
+ })
+
+}
+
+exports.user_signup = (req, res, next) => {
+ // the same as user_create_post, but here we encode the password.
+
+ let name = req.body.name;
+ let username = req.body.username;
+ let phone = req.body.phone;
+ let email = req.body.email;
+ let password = passwordHash.generate(req.body.password);
+ let role = req.body.role;
+
+ console.log("passwordHash test")
+ console.log(passwordHash.verify('haha', password));
+
+ db.User.create({name: name, username: username, phone: phone, email: email, password: password, role: role})
+ .then ( user => {
+ // res.send(`Created user ${user.username}`);
+ res.send(user);
+ })
+ .catch ( err => {
+ res.send(err.message);
+ })
+
+}
+
+exports.user_signin = (req, res, next) => {
+
+ // get user based on username, then check his password
+ db.User.findOne({ where: {username: req.body.username}})
+ .then (user => {
+ if(user) {
+ // verify password
+ if( passwordHash.verify(req.body.password, user.password) ) {
+ // generate token
+ var token = jwt.sign(
+ { username: user.username, email: user.email, role: user.role },
+ process.env.SECRET,
+ { expiresIn: '1h' }
+ );
+ console.log(`process.env.SECRET='${process.env.SECRET}'`)
+ res.send(token);
+
+ }
+ else {
+ res.send({message: `User input the wrong username and password.`});
+ }
+ }
+ else {
+ res.send({message: `User input the wrong username and password.`});
+ }
+
+ })
+ .catch (err => {
+ res.send(err.message);
+ })
+
+
+ // generate token
+
+
+
+}
+
+
+//
diff --git a/helpers/jwt.js b/helpers/jwt.js
new file mode 100644
index 0000000..ecb3a18
--- /dev/null
+++ b/helpers/jwt.js
@@ -0,0 +1,31 @@
+var jwt = require('jsonwebtoken');
+require('dotenv').config();
+
+module.exports = {
+ verify_admin: (req, res, next) => {
+ jwt.verify(req.headers.token, process.env.SECRET, (err, decoded) => {
+ if(decoded) {
+ console.log(`decoded data is: `, decoded);
+ if(decoded.role === 0) {
+ next();
+ }
+ else {
+ res.send({message: `User doesn't have access.`})
+ }
+
+ } else {
+ res.send(err);
+ }
+ }) // end of jwt.verify
+ }, // end of verify_admin
+ verify_normal: (req, res, next) => {
+ jwt.verify(req.headers.token, process.env.SECRET, (err, decoded) => {
+ if(decoded) {
+ console.log(`decoded data is: `, decoded);
+ next();
+ } else {
+ res.send(err);
+ }
+ }) // end of jwt.verify
+ }// end of verify normal
+}
diff --git a/migrations/20170425060218-create-user.js b/migrations/20170425060218-create-user.js
new file mode 100644
index 0000000..1afa95b
--- /dev/null
+++ b/migrations/20170425060218-create-user.js
@@ -0,0 +1,36 @@
+'use strict';
+module.exports = {
+ up: function(queryInterface, Sequelize) {
+ return queryInterface.createTable('Users', {
+ id: {
+ allowNull: false,
+ autoIncrement: true,
+ primaryKey: true,
+ type: Sequelize.INTEGER
+ },
+ name: {
+ type: Sequelize.STRING
+ },
+ username: {
+ type: Sequelize.STRING
+ },
+ email: {
+ type: Sequelize.STRING
+ },
+ password: {
+ type: Sequelize.STRING
+ },
+ createdAt: {
+ allowNull: false,
+ type: Sequelize.DATE
+ },
+ updatedAt: {
+ allowNull: false,
+ type: Sequelize.DATE
+ }
+ });
+ },
+ down: function(queryInterface, Sequelize) {
+ return queryInterface.dropTable('Users');
+ }
+};
\ No newline at end of file
diff --git a/migrations/20170425065529-add-column-role-to-users.js b/migrations/20170425065529-add-column-role-to-users.js
new file mode 100644
index 0000000..46b4fb7
--- /dev/null
+++ b/migrations/20170425065529-add-column-role-to-users.js
@@ -0,0 +1,29 @@
+'use strict';
+
+module.exports = {
+ up: function (queryInterface, Sequelize) {
+ /*
+ Add altering commands here.
+ Return a promise to correctly handle asynchronicity.
+
+ Example:
+ return queryInterface.createTable('users', { id: Sequelize.INTEGER });
+ */
+ return queryInterface.addColumn('Users','role',
+ {
+ type: Sequelize.INTEGER
+ });
+
+ },
+
+ down: function (queryInterface, Sequelize) {
+ /*
+ Add reverting commands here.
+ Return a promise to correctly handle asynchronicity.
+
+ Example:
+ return queryInterface.dropTable('users');
+ */
+ return queryInterface.removeColumn('Users', 'role');
+ }
+};
diff --git a/models/index.js b/models/index.js
new file mode 100644
index 0000000..7540dba
--- /dev/null
+++ b/models/index.js
@@ -0,0 +1,36 @@
+'use strict';
+
+var fs = require('fs');
+var path = require('path');
+var Sequelize = require('sequelize');
+var basename = path.basename(module.filename);
+var env = process.env.NODE_ENV || 'development';
+var config = require(__dirname + '/../config/config.json')[env];
+var db = {};
+
+if (config.use_env_variable) {
+ var sequelize = new Sequelize(process.env[config.use_env_variable]);
+} else {
+ var sequelize = new Sequelize(config.database, config.username, config.password, config);
+}
+
+fs
+ .readdirSync(__dirname)
+ .filter(function(file) {
+ return (file.indexOf('.') !== 0) && (file !== basename) && (file.slice(-3) === '.js');
+ })
+ .forEach(function(file) {
+ var model = sequelize['import'](path.join(__dirname, file));
+ db[model.name] = model;
+ });
+
+Object.keys(db).forEach(function(modelName) {
+ if (db[modelName].associate) {
+ db[modelName].associate(db);
+ }
+});
+
+db.sequelize = sequelize;
+db.Sequelize = Sequelize;
+
+module.exports = db;
diff --git a/models/user.js b/models/user.js
new file mode 100644
index 0000000..1de1d48
--- /dev/null
+++ b/models/user.js
@@ -0,0 +1,17 @@
+'use strict';
+module.exports = function(sequelize, DataTypes) {
+ var User = sequelize.define('User', {
+ name: DataTypes.STRING,
+ username: DataTypes.STRING,
+ email: DataTypes.STRING,
+ password: DataTypes.STRING,
+ role: DataTypes.INTEGER
+ }, {
+ classMethods: {
+ associate: function(models) {
+ // associations can be defined here
+ }
+ }
+ });
+ return User;
+};
diff --git a/package.json b/package.json
new file mode 100644
index 0000000..6146a4e
--- /dev/null
+++ b/package.json
@@ -0,0 +1,24 @@
+{
+ "name": "api-auth",
+ "version": "0.0.0",
+ "private": true,
+ "scripts": {
+ "start": "nodemon ./bin/www"
+ },
+ "dependencies": {
+ "body-parser": "~1.17.1",
+ "cookie-parser": "~1.4.3",
+ "debug": "~2.6.3",
+ "dotenv": "^4.0.0",
+ "ejs": "~2.5.6",
+ "express": "~4.15.2",
+ "jsonwebtoken": "^7.4.0",
+ "morgan": "~1.8.1",
+ "nodemon": "^1.11.0",
+ "password-hash": "^1.2.2",
+ "pg": "^6.1.5",
+ "sequelize": "^3.30.4",
+ "sequelize-cli": "^2.7.0",
+ "serve-favicon": "~2.4.2"
+ }
+}
diff --git a/public/stylesheets/style.css b/public/stylesheets/style.css
new file mode 100644
index 0000000..9453385
--- /dev/null
+++ b/public/stylesheets/style.css
@@ -0,0 +1,8 @@
+body {
+ padding: 50px;
+ font: 14px "Lucida Grande", Helvetica, Arial, sans-serif;
+}
+
+a {
+ color: #00B7FF;
+}
diff --git a/routes/index.js b/routes/index.js
new file mode 100644
index 0000000..ecca96a
--- /dev/null
+++ b/routes/index.js
@@ -0,0 +1,9 @@
+var express = require('express');
+var router = express.Router();
+
+/* GET home page. */
+router.get('/', function(req, res, next) {
+ res.render('index', { title: 'Express' });
+});
+
+module.exports = router;
diff --git a/routes/users.js b/routes/users.js
new file mode 100644
index 0000000..2359e0b
--- /dev/null
+++ b/routes/users.js
@@ -0,0 +1,30 @@
+var express = require('express');
+var router = express.Router();
+var user_controller = require('../controllers/userController');
+var jwt_helper = require('../helpers/jwt');
+
+
+
+// Get all the users
+router.get('/users', jwt_helper.verify_admin, user_controller.index);
+
+// Get a single user_controller
+router.get('/users/:id', jwt_helper.verify_normal, user_controller.user_detail);
+
+// Create a user
+router.post('/users', jwt_helper.verify_admin, user_controller.user_signup);
+
+// Delete a user
+router.delete('/users/:id', jwt_helper.verify_admin, user_controller.user_delete)
+
+// Update user
+router.put('/users/:id', jwt_helper.verify_normal, user_controller.user_update_post)
+
+
+
+router.post('/signup', user_controller.user_signup );
+router.post('/signin', user_controller.user_signin );
+
+
+
+module.exports = router;
diff --git a/views/error.ejs b/views/error.ejs
new file mode 100644
index 0000000..7cf94ed
--- /dev/null
+++ b/views/error.ejs
@@ -0,0 +1,3 @@
+<%= message %>
+<%= error.status %>
+<%= error.stack %>
diff --git a/views/index.ejs b/views/index.ejs
new file mode 100644
index 0000000..7b7a1d6
--- /dev/null
+++ b/views/index.ejs
@@ -0,0 +1,11 @@
+
+
+
+ <%= title %>
+
+
+
+ <%= title %>
+ Welcome to <%= title %>
+
+