From 541b0a9c2bb90a599f47244eb70d0e6e3e020e2b Mon Sep 17 00:00:00 2001 From: Rudy Wahjudi Date: Tue, 25 Apr 2017 12:04:41 +0700 Subject: [PATCH 1/7] npm init, sequelize init, express view ejs, edit config.json --- .gitignore | 1 + app.js | 46 ++++++++++++++++++ bin/www | 90 ++++++++++++++++++++++++++++++++++++ config/config.json | 24 ++++++++++ models/index.js | 36 +++++++++++++++ package.json | 21 +++++++++ public/stylesheets/style.css | 8 ++++ routes/index.js | 9 ++++ routes/users.js | 9 ++++ views/error.ejs | 3 ++ views/index.ejs | 11 +++++ 11 files changed, 258 insertions(+) create mode 100644 .gitignore create mode 100644 app.js create mode 100644 bin/www create mode 100644 config/config.json create mode 100644 models/index.js create mode 100644 package.json create mode 100644 public/stylesheets/style.css create mode 100644 routes/index.js create mode 100644 routes/users.js create mode 100644 views/error.ejs create mode 100644 views/index.ejs diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..08b2553 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +node_modules diff --git a/app.js b/app.js new file mode 100644 index 0000000..b2a5037 --- /dev/null +++ b/app.js @@ -0,0 +1,46 @@ +var express = require('express'); +var path = require('path'); +var favicon = require('serve-favicon'); +var logger = require('morgan'); +var cookieParser = require('cookie-parser'); +var bodyParser = require('body-parser'); + +var index = require('./routes/index'); +var users = require('./routes/users'); + +var app = express(); + +// view engine setup +app.set('views', path.join(__dirname, 'views')); +app.set('view engine', 'ejs'); + +// uncomment after placing your favicon in /public +//app.use(favicon(path.join(__dirname, 'public', 'favicon.ico'))); +app.use(logger('dev')); +app.use(bodyParser.json()); +app.use(bodyParser.urlencoded({ extended: false })); +app.use(cookieParser()); +app.use(express.static(path.join(__dirname, 'public'))); + +app.use('/', index); +app.use('/users', users); + +// catch 404 and forward to error handler +app.use(function(req, res, next) { + var err = new Error('Not Found'); + err.status = 404; + next(err); +}); + +// error handler +app.use(function(err, req, res, next) { + // set locals, only providing error in development + res.locals.message = err.message; + res.locals.error = req.app.get('env') === 'development' ? err : {}; + + // render the error page + res.status(err.status || 500); + res.render('error'); +}); + +module.exports = app; diff --git a/bin/www b/bin/www new file mode 100644 index 0000000..fea87fd --- /dev/null +++ b/bin/www @@ -0,0 +1,90 @@ +#!/usr/bin/env node + +/** + * Module dependencies. + */ + +var app = require('../app'); +var debug = require('debug')('api-auth:server'); +var http = require('http'); + +/** + * Get port from environment and store in Express. + */ + +var port = normalizePort(process.env.PORT || '3000'); +app.set('port', port); + +/** + * Create HTTP server. + */ + +var server = http.createServer(app); + +/** + * Listen on provided port, on all network interfaces. + */ + +server.listen(port); +server.on('error', onError); +server.on('listening', onListening); + +/** + * Normalize a port into a number, string, or false. + */ + +function normalizePort(val) { + var port = parseInt(val, 10); + + if (isNaN(port)) { + // named pipe + return val; + } + + if (port >= 0) { + // port number + return port; + } + + return false; +} + +/** + * Event listener for HTTP server "error" event. + */ + +function onError(error) { + if (error.syscall !== 'listen') { + throw error; + } + + var bind = typeof port === 'string' + ? 'Pipe ' + port + : 'Port ' + port; + + // handle specific listen errors with friendly messages + switch (error.code) { + case 'EACCES': + console.error(bind + ' requires elevated privileges'); + process.exit(1); + break; + case 'EADDRINUSE': + console.error(bind + ' is already in use'); + process.exit(1); + break; + default: + throw error; + } +} + +/** + * Event listener for HTTP server "listening" event. + */ + +function onListening() { + var addr = server.address(); + var bind = typeof addr === 'string' + ? 'pipe ' + addr + : 'port ' + addr.port; + debug('Listening on ' + bind); +} diff --git a/config/config.json b/config/config.json new file mode 100644 index 0000000..791eedc --- /dev/null +++ b/config/config.json @@ -0,0 +1,24 @@ +{ + "development": { + "username": "nextacademy", + "password": "nextacademy", + "database": "h8_w05d01_04_api_auth", + "host": "127.0.0.1", + "port": "5432", + "dialect": "postgres" + }, + "test": { + "username": "root", + "password": null, + "database": "database_test", + "host": "127.0.0.1", + "dialect": "mysql" + }, + "production": { + "username": "root", + "password": null, + "database": "database_production", + "host": "127.0.0.1", + "dialect": "mysql" + } +} diff --git a/models/index.js b/models/index.js new file mode 100644 index 0000000..7540dba --- /dev/null +++ b/models/index.js @@ -0,0 +1,36 @@ +'use strict'; + +var fs = require('fs'); +var path = require('path'); +var Sequelize = require('sequelize'); +var basename = path.basename(module.filename); +var env = process.env.NODE_ENV || 'development'; +var config = require(__dirname + '/../config/config.json')[env]; +var db = {}; + +if (config.use_env_variable) { + var sequelize = new Sequelize(process.env[config.use_env_variable]); +} else { + var sequelize = new Sequelize(config.database, config.username, config.password, config); +} + +fs + .readdirSync(__dirname) + .filter(function(file) { + return (file.indexOf('.') !== 0) && (file !== basename) && (file.slice(-3) === '.js'); + }) + .forEach(function(file) { + var model = sequelize['import'](path.join(__dirname, file)); + db[model.name] = model; + }); + +Object.keys(db).forEach(function(modelName) { + if (db[modelName].associate) { + db[modelName].associate(db); + } +}); + +db.sequelize = sequelize; +db.Sequelize = Sequelize; + +module.exports = db; diff --git a/package.json b/package.json new file mode 100644 index 0000000..13ae951 --- /dev/null +++ b/package.json @@ -0,0 +1,21 @@ +{ + "name": "api-auth", + "version": "0.0.0", + "private": true, + "scripts": { + "start": "nodemon ./bin/www" + }, + "dependencies": { + "body-parser": "~1.17.1", + "cookie-parser": "~1.4.3", + "debug": "~2.6.3", + "ejs": "~2.5.6", + "express": "~4.15.2", + "morgan": "~1.8.1", + "nodemon": "^1.11.0", + "pg": "^6.1.5", + "sequelize": "^3.30.4", + "sequelize-cli": "^2.7.0", + "serve-favicon": "~2.4.2" + } +} diff --git a/public/stylesheets/style.css b/public/stylesheets/style.css new file mode 100644 index 0000000..9453385 --- /dev/null +++ b/public/stylesheets/style.css @@ -0,0 +1,8 @@ +body { + padding: 50px; + font: 14px "Lucida Grande", Helvetica, Arial, sans-serif; +} + +a { + color: #00B7FF; +} diff --git a/routes/index.js b/routes/index.js new file mode 100644 index 0000000..ecca96a --- /dev/null +++ b/routes/index.js @@ -0,0 +1,9 @@ +var express = require('express'); +var router = express.Router(); + +/* GET home page. */ +router.get('/', function(req, res, next) { + res.render('index', { title: 'Express' }); +}); + +module.exports = router; diff --git a/routes/users.js b/routes/users.js new file mode 100644 index 0000000..623e430 --- /dev/null +++ b/routes/users.js @@ -0,0 +1,9 @@ +var express = require('express'); +var router = express.Router(); + +/* GET users listing. */ +router.get('/', function(req, res, next) { + res.send('respond with a resource'); +}); + +module.exports = router; diff --git a/views/error.ejs b/views/error.ejs new file mode 100644 index 0000000..7cf94ed --- /dev/null +++ b/views/error.ejs @@ -0,0 +1,3 @@ +

<%= message %>

+

<%= error.status %>

+
<%= error.stack %>
diff --git a/views/index.ejs b/views/index.ejs new file mode 100644 index 0000000..7b7a1d6 --- /dev/null +++ b/views/index.ejs @@ -0,0 +1,11 @@ + + + + <%= title %> + + + +

<%= title %>

+

Welcome to <%= title %>

+ + From 7517e4bee33f1ddbd2c639fff3b9b76322173499 Mon Sep 17 00:00:00 2001 From: Rudy Wahjudi Date: Tue, 25 Apr 2017 12:08:13 +0700 Subject: [PATCH 2/7] readme edit --- README.md | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b2e3b8b..0eb049b 100644 --- a/README.md +++ b/README.md @@ -1 +1,27 @@ -# api-auth \ No newline at end of file +# api-auth + +###List of user routes: +| Route | HTTP | Description | +|-----------------|----------|------------------------------| +| /api/signup | GET | Sign up with new user info | +| /api/signin | GET | Sign in while get an access token based on credentials | +| /api/users | GET | Get all the users info (admin only) | +| /api/users/:id | GET | Get a single user (admin and authenticated user) | +| /api/users | POST | Create a user (admin only) | +| /api/users/:id | DELETE | Delete a user (admin only) | +| /api/users/:id | PUT | Update a user with new info (admin and authenticated user) | + +#### Example +``` +localhost:3000/api/users // will return all users in JSON format +``` + + +### Usage +``` +npm install +npm start +``` + +### Heroku +()[] From 1ebcde3d5bd563c6118593fe8b3383b7d744b0c2 Mon Sep 17 00:00:00 2001 From: Rudy Wahjudi Date: Tue, 25 Apr 2017 14:00:11 +0700 Subject: [PATCH 3/7] npm install password-hash, jsonwebtoken, added column role to users --- controllers/userController.js | 1 + migrations/20170425060218-create-user.js | 36 +++++++++++++++++++ ...20170425065529-add-column-role-to-users.js | 29 +++++++++++++++ models/user.js | 17 +++++++++ package.json | 2 ++ 5 files changed, 85 insertions(+) create mode 100644 controllers/userController.js create mode 100644 migrations/20170425060218-create-user.js create mode 100644 migrations/20170425065529-add-column-role-to-users.js create mode 100644 models/user.js diff --git a/controllers/userController.js b/controllers/userController.js new file mode 100644 index 0000000..29cf29f --- /dev/null +++ b/controllers/userController.js @@ -0,0 +1 @@ +const db = require("../models") diff --git a/migrations/20170425060218-create-user.js b/migrations/20170425060218-create-user.js new file mode 100644 index 0000000..1afa95b --- /dev/null +++ b/migrations/20170425060218-create-user.js @@ -0,0 +1,36 @@ +'use strict'; +module.exports = { + up: function(queryInterface, Sequelize) { + return queryInterface.createTable('Users', { + id: { + allowNull: false, + autoIncrement: true, + primaryKey: true, + type: Sequelize.INTEGER + }, + name: { + type: Sequelize.STRING + }, + username: { + type: Sequelize.STRING + }, + email: { + type: Sequelize.STRING + }, + password: { + type: Sequelize.STRING + }, + createdAt: { + allowNull: false, + type: Sequelize.DATE + }, + updatedAt: { + allowNull: false, + type: Sequelize.DATE + } + }); + }, + down: function(queryInterface, Sequelize) { + return queryInterface.dropTable('Users'); + } +}; \ No newline at end of file diff --git a/migrations/20170425065529-add-column-role-to-users.js b/migrations/20170425065529-add-column-role-to-users.js new file mode 100644 index 0000000..46b4fb7 --- /dev/null +++ b/migrations/20170425065529-add-column-role-to-users.js @@ -0,0 +1,29 @@ +'use strict'; + +module.exports = { + up: function (queryInterface, Sequelize) { + /* + Add altering commands here. + Return a promise to correctly handle asynchronicity. + + Example: + return queryInterface.createTable('users', { id: Sequelize.INTEGER }); + */ + return queryInterface.addColumn('Users','role', + { + type: Sequelize.INTEGER + }); + + }, + + down: function (queryInterface, Sequelize) { + /* + Add reverting commands here. + Return a promise to correctly handle asynchronicity. + + Example: + return queryInterface.dropTable('users'); + */ + return queryInterface.removeColumn('Users', 'role'); + } +}; diff --git a/models/user.js b/models/user.js new file mode 100644 index 0000000..1de1d48 --- /dev/null +++ b/models/user.js @@ -0,0 +1,17 @@ +'use strict'; +module.exports = function(sequelize, DataTypes) { + var User = sequelize.define('User', { + name: DataTypes.STRING, + username: DataTypes.STRING, + email: DataTypes.STRING, + password: DataTypes.STRING, + role: DataTypes.INTEGER + }, { + classMethods: { + associate: function(models) { + // associations can be defined here + } + } + }); + return User; +}; diff --git a/package.json b/package.json index 13ae951..13bb88c 100644 --- a/package.json +++ b/package.json @@ -11,8 +11,10 @@ "debug": "~2.6.3", "ejs": "~2.5.6", "express": "~4.15.2", + "jsonwebtoken": "^7.4.0", "morgan": "~1.8.1", "nodemon": "^1.11.0", + "password-hash": "^1.2.2", "pg": "^6.1.5", "sequelize": "^3.30.4", "sequelize-cli": "^2.7.0", From 9b45e9b1d12f4c1efa5236fb14619adc89f655c4 Mon Sep 17 00:00:00 2001 From: Rudy Wahjudi Date: Tue, 25 Apr 2017 14:41:24 +0700 Subject: [PATCH 4/7] user can sign up and sign in, added role info in readme.md --- .gitignore | 1 + README.md | 10 ++- app.js | 2 +- controllers/userController.js | 141 ++++++++++++++++++++++++++++++++++ package.json | 1 + routes/users.js | 29 ++++++- 6 files changed, 177 insertions(+), 7 deletions(-) diff --git a/.gitignore b/.gitignore index 08b2553..e8c9f45 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ node_modules +.env diff --git a/README.md b/README.md index 0eb049b..0482fab 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,16 @@ # api-auth +### User Model +| Role | Description | +|------|-------------| +| 0 | Admin | +| 1 | Normal User | + ###List of user routes: | Route | HTTP | Description | |-----------------|----------|------------------------------| -| /api/signup | GET | Sign up with new user info | -| /api/signin | GET | Sign in while get an access token based on credentials | +| /api/signup | POST | Sign up with new user info | +| /api/signin | POST | Sign in while get an access token based on credentials | | /api/users | GET | Get all the users info (admin only) | | /api/users/:id | GET | Get a single user (admin and authenticated user) | | /api/users | POST | Create a user (admin only) | diff --git a/app.js b/app.js index b2a5037..c4eadbe 100644 --- a/app.js +++ b/app.js @@ -23,7 +23,7 @@ app.use(cookieParser()); app.use(express.static(path.join(__dirname, 'public'))); app.use('/', index); -app.use('/users', users); +app.use('/api/users', users); // catch 404 and forward to error handler app.use(function(req, res, next) { diff --git a/controllers/userController.js b/controllers/userController.js index 29cf29f..9efdfd9 100644 --- a/controllers/userController.js +++ b/controllers/userController.js @@ -1 +1,142 @@ const db = require("../models") +require('dotenv').config(); + +var passwordHash = require('password-hash'); +var jwt = require('jsonwebtoken'); + + + +exports.index = (req, res, next) => { + db.User.findAll() + .then ( users => { + // res.render('index', {title: "Get Users",users: JSON.stringify(users)}); + res.send(users); + }) + +} + +exports.user_detail = (req, res, next) => { + db.User.findById(req.params.id) + .then ( user => { + res.send(user); + }) +} + +exports.user_create_get = (req, res, next) => { + res.render('./users/new', {title: "Create New User"}); +} + +exports.user_create_post = (req, res, next) => { + let name = req.body.name; + let username = req.body.username; + let phone = req.body.phone; + let email = req.body.email; + let password = req.body.password; + + db.User.create({name: name, username: username, phone: phone, email: email, password: password}) + .then ( user => { + // res.send(`Created user ${user.username}`); + res.send(user); + }) +} + +exports.user_delete = (req, res, next) => { + let user_id = req.params.id + + db.User.destroy({where: {id: user_id}}) + .then ( row => { + console.log(row); + if(row > 0) + res.send(`Deleted user with user id: ${user_id}.`); + else + res.send(`Delete not successful, make sure user id is correct.`); + }) +} + +exports.user_update_get = (req, res, next) => { + let user_id = req.params.id + db.User.findById(user_id) + .then ( user => { + res.render('./users/edit', {title: "Edit User", user: user}) + }) + +} + +exports.user_update_post = (req, res, next) => { + let user_id = req.params.id + let name = req.body.name; + let username = req.body.username; + let phone = req.body.phone; + let email = req.body.email; + let password = req.body.password; + + console.log(req.body); + + db.User.update({name: name, username: username, phone: phone, email: email, password: password}, {fields: ['name', 'username', 'phone', 'email', 'password'], where: {id: user_id}}) + .then ( row => { + if (row > 0) + res.send(`User id=${user_id} has been updated.`); + else + res.send('Update is unsuccessful') + + }) + +} + +exports.user_signup = (req, res, next) => { + // the same as user_create_post, but here we encode the password. + + let name = req.body.name; + let username = req.body.username; + let phone = req.body.phone; + let email = req.body.email; + let password = passwordHash.generate(req.body.password); + let role = req.body.role; + + console.log("passwordHash test") + console.log(passwordHash.verify('haha', password)); + + db.User.create({name: name, username: username, phone: phone, email: email, password: password, role: role}) + .then ( user => { + // res.send(`Created user ${user.username}`); + res.send(user); + }) + .catch ( err => { + res.send(err.message); + }) + +} + +exports.user_signin = (req, res, next) => { + + // get user based on username, then check his password + db.User.findOne({ where: {username: req.body.username}}) + .then (user => { + + // verify password + if( passwordHash.verify(req.body.password, user.password) ) { + // generate token + var token = jwt.sign( + { username: user.username, email: user.email, role: user.role }, + process.env.SECRET, + { expiresIn: '1h' } + ); + console.log(`process.env.SECRET='${process.env.SECRET}'`) + res.send(token); + + } + else { + res.send({message: `User input the wrong username and password.`}); + } + + }) + + + // generate token + + + +} + + +// diff --git a/package.json b/package.json index 13bb88c..6146a4e 100644 --- a/package.json +++ b/package.json @@ -9,6 +9,7 @@ "body-parser": "~1.17.1", "cookie-parser": "~1.4.3", "debug": "~2.6.3", + "dotenv": "^4.0.0", "ejs": "~2.5.6", "express": "~4.15.2", "jsonwebtoken": "^7.4.0", diff --git a/routes/users.js b/routes/users.js index 623e430..e8638b4 100644 --- a/routes/users.js +++ b/routes/users.js @@ -1,9 +1,30 @@ var express = require('express'); var router = express.Router(); +var user_controller = require('../controllers/userController'); + + + + +// Get all the users +router.get('/', user_controller.index); + +// Get a single user_controller +router.get('/:id', user_controller.user_detail); + +// Create a user +router.post('/', user_controller.user_create_post); + +// Delete a user +router.delete('/:id', user_controller.user_delete) + +// Update user +router.put('/:id', user_controller.user_update_post) + + + +router.post('/signup', user_controller.user_signup ); +router.post('/signin', user_controller.user_signin ); + -/* GET users listing. */ -router.get('/', function(req, res, next) { - res.send('respond with a resource'); -}); module.exports = router; From d252b5c6b816f4cfc3b33e76bb86c1ec6c04ec9f Mon Sep 17 00:00:00 2001 From: Rudy Wahjudi Date: Tue, 25 Apr 2017 15:04:30 +0700 Subject: [PATCH 5/7] created helper to verify admin and user that has been signed in --- helpers/jwt.js | 36 ++++++++++++++++++++++++++++++++++++ routes/users.js | 12 ++++++------ 2 files changed, 42 insertions(+), 6 deletions(-) create mode 100644 helpers/jwt.js diff --git a/helpers/jwt.js b/helpers/jwt.js new file mode 100644 index 0000000..73d3a04 --- /dev/null +++ b/helpers/jwt.js @@ -0,0 +1,36 @@ +var jwt = require('jsonwebtoken'); +require('dotenv').config(); + +module.exports = { + verify_admin: (req, res, next) => { + jwt.verify(req.headers.token, process.env.SECRET, (err, decoded) => { + if(decoded) { + console.log(`decoded data is: `, decoded); + if(decoded.role === 0) { + next(); + } + else { + res.send({message: `User doesn't have access.`}) + } + + } else { + res.send(err); + } + }) // end of jwt.verify + }, // end of verify_admin + verify_normal: (req, res, next) => { + jwt.verify(req.headers.token, process.env.SECRET, (err, decoded) => { + if(decoded) { + console.log(`decoded data is: `, decoded); + next(); + } + else { + res.send({message: `User need to sign in first.`}) + } + + } else { + res.send(err); + } + }) // end of jwt.verify + }// end of verify normal +} diff --git a/routes/users.js b/routes/users.js index e8638b4..eac536e 100644 --- a/routes/users.js +++ b/routes/users.js @@ -1,24 +1,24 @@ var express = require('express'); var router = express.Router(); var user_controller = require('../controllers/userController'); - +var jwt_helper = require('../helpers/jwt'); // Get all the users -router.get('/', user_controller.index); +router.get('/', jwt_helper.verify_admin, user_controller.index); // Get a single user_controller -router.get('/:id', user_controller.user_detail); +router.get('/:id', jwt_helper.verify_normal, user_controller.user_detail); // Create a user -router.post('/', user_controller.user_create_post); +router.post('/', jwt_helper.verify_admin, user_controller.user_create_post); // Delete a user -router.delete('/:id', user_controller.user_delete) +router.delete('/:id', jwt_helper.verify_admin, user_controller.user_delete) // Update user -router.put('/:id', user_controller.user_update_post) +router.put('/:id', jwt_helper.verify_normal, user_controller.user_update_post) From 3c48c78b63a4c05cfa6408964c0113109d1514f1 Mon Sep 17 00:00:00 2001 From: Rudy Wahjudi Date: Tue, 25 Apr 2017 15:29:46 +0700 Subject: [PATCH 6/7] fix route path --- app.js | 2 +- controllers/userController.js | 3 +++ helpers/jwt.js | 7 +------ routes/users.js | 10 +++++----- 4 files changed, 10 insertions(+), 12 deletions(-) diff --git a/app.js b/app.js index c4eadbe..7d5149e 100644 --- a/app.js +++ b/app.js @@ -23,7 +23,7 @@ app.use(cookieParser()); app.use(express.static(path.join(__dirname, 'public'))); app.use('/', index); -app.use('/api/users', users); +app.use('/api', users); // catch 404 and forward to error handler app.use(function(req, res, next) { diff --git a/controllers/userController.js b/controllers/userController.js index 9efdfd9..f2a6ac5 100644 --- a/controllers/userController.js +++ b/controllers/userController.js @@ -130,6 +130,9 @@ exports.user_signin = (req, res, next) => { } }) + .catch (err => { + res.send(err.message); + }) // generate token diff --git a/helpers/jwt.js b/helpers/jwt.js index 73d3a04..ecb3a18 100644 --- a/helpers/jwt.js +++ b/helpers/jwt.js @@ -22,12 +22,7 @@ module.exports = { jwt.verify(req.headers.token, process.env.SECRET, (err, decoded) => { if(decoded) { console.log(`decoded data is: `, decoded); - next(); - } - else { - res.send({message: `User need to sign in first.`}) - } - + next(); } else { res.send(err); } diff --git a/routes/users.js b/routes/users.js index eac536e..2359e0b 100644 --- a/routes/users.js +++ b/routes/users.js @@ -6,19 +6,19 @@ var jwt_helper = require('../helpers/jwt'); // Get all the users -router.get('/', jwt_helper.verify_admin, user_controller.index); +router.get('/users', jwt_helper.verify_admin, user_controller.index); // Get a single user_controller -router.get('/:id', jwt_helper.verify_normal, user_controller.user_detail); +router.get('/users/:id', jwt_helper.verify_normal, user_controller.user_detail); // Create a user -router.post('/', jwt_helper.verify_admin, user_controller.user_create_post); +router.post('/users', jwt_helper.verify_admin, user_controller.user_signup); // Delete a user -router.delete('/:id', jwt_helper.verify_admin, user_controller.user_delete) +router.delete('/users/:id', jwt_helper.verify_admin, user_controller.user_delete) // Update user -router.put('/:id', jwt_helper.verify_normal, user_controller.user_update_post) +router.put('/users/:id', jwt_helper.verify_normal, user_controller.user_update_post) From e25afa94b8a530473062fdbb63a427df075a25f0 Mon Sep 17 00:00:00 2001 From: Rudy Wahjudi Date: Tue, 25 Apr 2017 15:37:31 +0700 Subject: [PATCH 7/7] fix if user tries to signin with username that is not found in the db --- controllers/userController.js | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/controllers/userController.js b/controllers/userController.js index f2a6ac5..051a00c 100644 --- a/controllers/userController.js +++ b/controllers/userController.js @@ -112,18 +112,22 @@ exports.user_signin = (req, res, next) => { // get user based on username, then check his password db.User.findOne({ where: {username: req.body.username}}) .then (user => { - - // verify password - if( passwordHash.verify(req.body.password, user.password) ) { - // generate token - var token = jwt.sign( - { username: user.username, email: user.email, role: user.role }, - process.env.SECRET, - { expiresIn: '1h' } - ); - console.log(`process.env.SECRET='${process.env.SECRET}'`) - res.send(token); - + if(user) { + // verify password + if( passwordHash.verify(req.body.password, user.password) ) { + // generate token + var token = jwt.sign( + { username: user.username, email: user.email, role: user.role }, + process.env.SECRET, + { expiresIn: '1h' } + ); + console.log(`process.env.SECRET='${process.env.SECRET}'`) + res.send(token); + + } + else { + res.send({message: `User input the wrong username and password.`}); + } } else { res.send({message: `User input the wrong username and password.`});