R1 model crud

.gitignore

@@ -0,0 +1,2 @@
+node_modules
+.env

README.md

@@ -1 +1,33 @@
-# api-auth
+# api-auth
+
+### User Model
+| Role | Description |
+|------|-------------|
+| 0    | Admin       |
+| 1    | Normal User |
+
+###List of user routes:
+| Route           | HTTP     | Description                  |
+|-----------------|----------|------------------------------|
+| /api/signup      | POST      | Sign up with new user info            |
+| /api/signin      | POST      | Sign in while get an access token based on credentials            |
+| /api/users      | GET      | Get all the users info (admin only)            |
+| /api/users/:id  | GET      | Get a single user (admin and authenticated user)          |
+| /api/users      | POST     | Create a user (admin only)               |
+| /api/users/:id  | DELETE   | Delete a user (admin only)               |
+| /api/users/:id  | PUT      | Update a user with new info (admin and authenticated user) |
+
+#### Example
+```
+localhost:3000/api/users   // will return all users in JSON format
+```
+
+
+### Usage
+```
+npm install
+npm start
+```
+
+### Heroku
+()[]

app.js

@@ -0,0 +1,46 @@
+var express = require('express');
+var path = require('path');
+var favicon = require('serve-favicon');
+var logger = require('morgan');
+var cookieParser = require('cookie-parser');
+var bodyParser = require('body-parser');
+
+var index = require('./routes/index');
+var users = require('./routes/users');
+
+var app = express();
+
+// view engine setup
+app.set('views', path.join(__dirname, 'views'));
+app.set('view engine', 'ejs');
+
+// uncomment after placing your favicon in /public
+//app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')));
+app.use(logger('dev'));
+app.use(bodyParser.json());
+app.use(bodyParser.urlencoded({ extended: false }));
+app.use(cookieParser());
+app.use(express.static(path.join(__dirname, 'public')));
+
+app.use('/', index);
+app.use('/api', users);
+
+// catch 404 and forward to error handler
+app.use(function(req, res, next) {
+  var err = new Error('Not Found');
+  err.status = 404;
+  next(err);
+});
+
+// error handler
+app.use(function(err, req, res, next) {
+  // set locals, only providing error in development
+  res.locals.message = err.message;
+  res.locals.error = req.app.get('env') === 'development' ? err : {};
+
+  // render the error page
+  res.status(err.status || 500);
+  res.render('error');
+});
+
+module.exports = app;

bin/www

@@ -0,0 +1,90 @@
+#!/usr/bin/env node
+
+/**
+ * Module dependencies.
+ */
+
+var app = require('../app');
+var debug = require('debug')('api-auth:server');
+var http = require('http');
+
+/**
+ * Get port from environment and store in Express.
+ */
+
+var port = normalizePort(process.env.PORT || '3000');
+app.set('port', port);
+
+/**
+ * Create HTTP server.
+ */
+
+var server = http.createServer(app);
+
+/**
+ * Listen on provided port, on all network interfaces.
+ */
+
+server.listen(port);
+server.on('error', onError);
+server.on('listening', onListening);
+
+/**
+ * Normalize a port into a number, string, or false.
+ */
+
+function normalizePort(val) {
+  var port = parseInt(val, 10);
+
+  if (isNaN(port)) {
+    // named pipe
+    return val;
+  }
+
+  if (port >= 0) {
+    // port number
+    return port;
+  }
+
+  return false;
+}
+
+/**
+ * Event listener for HTTP server "error" event.
+ */
+
+function onError(error) {
+  if (error.syscall !== 'listen') {
+    throw error;
+  }
+
+  var bind = typeof port === 'string'
+    ? 'Pipe ' + port
+    : 'Port ' + port;
+
+  // handle specific listen errors with friendly messages
+  switch (error.code) {
+    case 'EACCES':
+      console.error(bind + ' requires elevated privileges');
+      process.exit(1);
+      break;
+    case 'EADDRINUSE':
+      console.error(bind + ' is already in use');
+      process.exit(1);
+      break;
+    default:
+      throw error;
+  }
+}
+
+/**
+ * Event listener for HTTP server "listening" event.
+ */
+
+function onListening() {
+  var addr = server.address();
+  var bind = typeof addr === 'string'
+    ? 'pipe ' + addr
+    : 'port ' + addr.port;
+  debug('Listening on ' + bind);
+}

config/config.json

@@ -0,0 +1,24 @@
+{
+  "development": {
+    "username": "nextacademy",
+    "password": "nextacademy",
+    "database": "h8_w05d01_04_api_auth",
+    "host": "127.0.0.1",
+    "port": "5432",
+    "dialect": "postgres"
+  },
+  "test": {
+    "username": "root",
+    "password": null,
+    "database": "database_test",
+    "host": "127.0.0.1",
+    "dialect": "mysql"
+  },
+  "production": {
+    "username": "root",
+    "password": null,
+    "database": "database_production",
+    "host": "127.0.0.1",
+    "dialect": "mysql"
+  }
+}

controllers/userController.js

@@ -0,0 +1,149 @@
+const db = require("../models")
+require('dotenv').config();
+
+var passwordHash = require('password-hash');
+var jwt = require('jsonwebtoken');
+
+
+
+exports.index = (req, res, next) => {
+  db.User.findAll()
+  .then ( users => {
+    // res.render('index', {title: "Get Users",users: JSON.stringify(users)});
+    res.send(users);
+  })
+
+}
+
+exports.user_detail = (req, res, next) => {
+  db.User.findById(req.params.id)
+  .then ( user => {
+    res.send(user);
+  })
+}
+
+exports.user_create_get = (req, res, next) => {
+  res.render('./users/new', {title: "Create New User"});
+}
+
+exports.user_create_post = (req, res, next) => {
+  let name = req.body.name;
+  let username = req.body.username;
+  let phone = req.body.phone;
+  let email = req.body.email;
+  let password = req.body.password;
+
+  db.User.create({name: name, username: username, phone: phone, email: email, password: password})
+  .then ( user => {
+    // res.send(`Created user ${user.username}`);
+    res.send(user);
+  })
+}
+
+exports.user_delete = (req, res, next) => {
+  let user_id = req.params.id
+
+  db.User.destroy({where: {id: user_id}})
+  .then ( row => {
+    console.log(row);
+    if(row > 0)
+      res.send(`Deleted user with user id: ${user_id}.`);
+    else
+      res.send(`Delete not successful, make sure user id is correct.`);
+  })
+}
+
+exports.user_update_get = (req, res, next) => {
+  let user_id = req.params.id
+  db.User.findById(user_id)
+  .then ( user => {
+    res.render('./users/edit', {title: "Edit User", user: user})
+  })
+
+}
+
+exports.user_update_post = (req, res, next) => {
+  let user_id = req.params.id
+  let name = req.body.name;
+  let username = req.body.username;
+  let phone = req.body.phone;
+  let email = req.body.email;
+  let password = req.body.password;
+
+  console.log(req.body);
+
+  db.User.update({name: name, username: username, phone: phone, email: email, password: password}, {fields: ['name', 'username', 'phone', 'email', 'password'], where: {id: user_id}})
+  .then ( row => {
+    if (row > 0)
+      res.send(`User id=${user_id} has been updated.`);
+    else
+      res.send('Update is unsuccessful')
+
+  })
+
+}
+
+exports.user_signup = (req, res, next) => {
+  // the same as user_create_post, but here we encode the password.
+
+  let name = req.body.name;
+  let username = req.body.username;
+  let phone = req.body.phone;
+  let email = req.body.email;
+  let password = passwordHash.generate(req.body.password);
+  let role = req.body.role;
+
+  console.log("passwordHash test")
+  console.log(passwordHash.verify('haha', password));
+
+  db.User.create({name: name, username: username, phone: phone, email: email, password: password, role: role})
+  .then ( user => {
+    // res.send(`Created user ${user.username}`);
+    res.send(user);
+  })
+  .catch ( err => {
+    res.send(err.message);
+  })
+
+}
+
+exports.user_signin = (req, res, next) => {
+
+  // get user based on username, then check his password
+  db.User.findOne({ where: {username: req.body.username}})
+  .then (user => {
+    if(user) {
+      // verify password
+      if( passwordHash.verify(req.body.password, user.password) ) {
+        // generate token
+        var token = jwt.sign(
+          { username: user.username, email: user.email, role: user.role },
+          process.env.SECRET,
+          { expiresIn: '1h' }
+        );
+        console.log(`process.env.SECRET='${process.env.SECRET}'`)
+        res.send(token);
+
+      }
+      else {
+        res.send({message: `User input the wrong username and password.`});
+      }
+    }
+    else {
+      res.send({message: `User input the wrong username and password.`});
+    }
+
+  })
+  .catch (err => {
+    res.send(err.message);
+  })
+
+
+  // generate token
+
+
+
+}
+
+
+//

helpers/jwt.js

@@ -0,0 +1,31 @@
+var jwt = require('jsonwebtoken');
+require('dotenv').config();
+
+module.exports = {
+  verify_admin: (req, res, next) => {
+    jwt.verify(req.headers.token, process.env.SECRET, (err, decoded) => {
+      if(decoded) {
+        console.log(`decoded data is: `, decoded);
+        if(decoded.role === 0) {
+          next();
+        }
+        else {
+          res.send({message: `User doesn't have access.`})
+        }
+
+      } else {
+        res.send(err);
+      }
+    }) // end of jwt.verify
+  }, // end of verify_admin
+  verify_normal: (req, res, next) => {
+    jwt.verify(req.headers.token, process.env.SECRET, (err, decoded) => {
+      if(decoded) {
+        console.log(`decoded data is: `, decoded);
+        next();
+      } else {
+        res.send(err);
+      }
+    }) // end of jwt.verify
+  }// end of verify normal
+}