fire-fox-2017 · zanisis · Apr 25, 2017
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+node_modules
diff --git a/README.md b/README.md
@@ -1 +1,33 @@
-# api-auth
+# api-auth
+
+##Summary
+Kita akan membuat layanan menggunakan REST pada aplikasi kita yang dilengkapi fitur otentikasi dan otorisasi pengguna, sehingga tidak sembarang orang yang dapat mengakses API yang telah kita buat. Aplikasi ini sebaiknya sudah menggunakan database.
+
+```
+Pertama yang kita butuh kan adalah :
+$ express --veiw=ejs . \\jika ingin menggunakan engine ejs
+$ npm install \
+$ npm install --save password-hash[secret password] jsonwebtoken[untuk get token API] pg[optional]
+```
+Buatlah sebuah source data atau database: \
+\* Bisa menggunakan file JSON atau SQLITE/POSTGRES DLL.
+
+####Route API
+Kamu bisa menggunakan pola perintah seperti dibawah ini :
+```
+| Route           | HTTP    | Description                                               |
+|-----------------|---------|-----------------------------------------------------------|
+| /api/signup     | POST    | Sign up with new user info                                |
+| /api/signin     | POST    | Sign in while get an access token based on credentials    |
+| /api/users      | GET     | Get all the users info (admin only)                       |
+| /api/users/:id  | GET     | Get a single user info (admin and authenticated user)     |
+| /api/users      | POST    | Create a user (admin only)                                |
+| /api/users/:id  | DELETE  | Delete a user (admin only)                                |
+| /api/users/:id  | PUT     | Update a user with new info (admin and authenticated user)|
+```
+
+####Example Usage
+
+```
+localhost:3000/api/users    //will return all users in JSON format in Postman
+```
diff --git a/app.js b/app.js
@@ -0,0 +1,50 @@
+var express = require('express');
+var path = require('path');
+var favicon = require('serve-favicon');
+var logger = require('morgan');
+var cookieParser = require('cookie-parser');
+var bodyParser = require('body-parser');
+
+var index = require('./routes/index');
+var users = require('./routes/users');
+var signup = require('./routes/signup');
+var signin = require('./routes/signin');
+
+var app = express();
+
+// view engine setup
+app.set('views', path.join(__dirname, 'views'));
+app.set('view engine', 'ejs');
+
+// uncomment after placing your favicon in /public
+//app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')));
+app.use(logger('dev'));
+app.use(bodyParser.json());
+app.use(bodyParser.urlencoded({ extended: true }));
+app.use(cookieParser());
+app.use(express.static(path.join(__dirname, 'public')));
+
+app.use('/', index);
+app.use('/api/users', users);
+app.use('/api/signup', signup);
+app.use('/api/signin', signin);
+
+// catch 404 and forward to error handler
+app.use(function(req, res, next) {
+  var err = new Error('Not Found');
+  err.status = 404;
+  next(err);
+});
+
+// error handler
+app.use(function(err, req, res, next) {
+  // set locals, only providing error in development
+  res.locals.message = err.message;
+  res.locals.error = req.app.get('env') === 'development' ? err : {};
+
+  // render the error page
+  res.status(err.status || 500);
+  res.render('error');
+});
+
+module.exports = app;
diff --git a/bin/www b/bin/www
@@ -0,0 +1,90 @@
+#!/usr/bin/env node
+
+/**
+ * Module dependencies.
+ */
+
+var app = require('../app');
+var debug = require('debug')('api-auth:server');
+var http = require('http');
+
+/**
+ * Get port from environment and store in Express.
+ */
+
+var port = normalizePort(process.env.PORT || '3000');
+app.set('port', port);
+
+/**
+ * Create HTTP server.
+ */
+
+var server = http.createServer(app);
+
+/**
+ * Listen on provided port, on all network interfaces.
+ */
+
+server.listen(port);
+server.on('error', onError);
+server.on('listening', onListening);
+
+/**
+ * Normalize a port into a number, string, or false.
+ */
+
+function normalizePort(val) {
+  var port = parseInt(val, 10);
+
+  if (isNaN(port)) {
+    // named pipe
+    return val;
+  }
+
+  if (port >= 0) {
+    // port number
+    return port;
+  }
+
+  return false;
+}
+
+/**
+ * Event listener for HTTP server "error" event.
+ */
+
+function onError(error) {
+  if (error.syscall !== 'listen') {
+    throw error;
+  }
+
+  var bind = typeof port === 'string'
+    ? 'Pipe ' + port
+    : 'Port ' + port;
+
+  // handle specific listen errors with friendly messages
+  switch (error.code) {
+    case 'EACCES':
+      console.error(bind + ' requires elevated privileges');
+      process.exit(1);
+      break;
+    case 'EADDRINUSE':
+      console.error(bind + ' is already in use');
+      process.exit(1);
+      break;
+    default:
+      throw error;
+  }
+}
+
+/**
+ * Event listener for HTTP server "listening" event.
+ */
+
+function onListening() {
+  var addr = server.address();
+  var bind = typeof addr === 'string'
+    ? 'pipe ' + addr
+    : 'port ' + addr.port;
+  debug('Listening on ' + bind);
+}
diff --git a/config/config.json b/config/config.json
@@ -0,0 +1,23 @@
+{
+  "development": {
+    "username": "postgres",
+    "password": 12345,
+    "database": "apiOuth",
+    "host": "127.0.0.1",
+    "dialect": "postgres"
+  },
+  "test": {
+    "username": "root",
+    "password": null,
+    "database": "database_test",
+    "host": "127.0.0.1",
+    "dialect": "mysql"
+  },
+  "production": {
+    "username": "root",
+    "password": null,
+    "database": "database_production",
+    "host": "127.0.0.1",
+    "dialect": "mysql"
+  }
+}
diff --git a/controllers/users.js b/controllers/users.js
@@ -0,0 +1,152 @@
+const passwordHash = require('password-hash');
+const jwt = require('jsonwebtoken');
+const pass = require('../node_modules/password-hash/lib/password-hash');
+const db = require('../models');
+
+
+let controller = {}
+
+controller.signup = function (req, res, next) {
+  let hash = passwordHash.generate(req.body.password);
+  db.User.create({
+    name : req.body.name,
+    password : hash,
+    role : req.body.role
+  })
+  .then((user)=>{
+    res.send(user)
+  })
+  .catch((err)=>{
+    res.send(err.message)
+  })
+}
+
+controller.signin = function (req, res, next) {
+  db.User.findOne({
+    where : {name : req.body.name}
+  })
+  .then((user)=>{
+    let hashed = passwordHash.verify(req.body.password, user.password)
+    // res.send(hashed)
+    if(hashed){
+      let token = jwt.sign({
+        username: user.name,
+        role: user.role },'secret', { expiresIn: '1h' })
+      res.send(token)
+    } else {
+      res.send('Password Salah')
+    }
+  })
+  .catch((err)=>{
+    res.send('Username Salah')
+  })
+}
+
+controller.findall = function(req, res, next) {
+  let decode = jwt.decode(req.headers.token)
+  jwt.verify(req.headers.token, 'secret', function(err,decode){
+    if(err){
+      res.send(err.name)
+    } else {
+      if(decode.role == 'admin'){
+        db.User.findAll()
+          .then((users)=>{
+            res.send(users)
+          })
+          .catch((err)=>{
+            res.send(err)
+          })
+      } else {
+        res.send('You do not have permission')
+      }
+    }
+  })
+
+}
+
+controller.find = function(req, res, next) {
+  let decode = jwt.decode(req.headers.token)
+  jwt.verify(req.headers.token, 'secret', (err, decode)=>{
+    if(err){
+      res.send(err.name)
+    } else {
+      db.User.findById(req.params.id)
+        .then((user)=>{
+          res.send(user)
+        })
+        .catch((err)=>{
+          res.send(err)
+        })
+    }
+  })
+}
+
+controller.create = function(req, res, next) {
+  let decode = jwt.decode(req.headers.token)
+  jwt.verify(req.headers.token, 'secret', (err, decode)=>{
+    if(err){
+      res.send(err.name)
+    } else if(decode.role == 'admin'){
+      let hash = passwordHash.generate(req.body.password);
+      db.User.create({
+        name : req.body.name,
+        password : hash,
+        role : req.body.role
+      })
+        .then((users)=>{
+          res.send(users)
+        })
+        .catch(err =>{
+          res.send(err)
+        })
+    } else {
+      res.send(`You don't have permission`)
+    }
+  })
+
+}
+
+controller.delete = function(req, res, next) {
+  let decode = jwt.decode(req.headers.token)
+  jwt.verify(req.headers.token, 'secret', (err, decode)=>{
+    if(err){
+      res.send(err.name)
+    } else if(decode.role == 'admin'){
+      db.User.destroy({
+        where : {id : req.params.id}
+      })
+        .then((users)=>{
+          res.send('done')
+        })
+        .catch((err)=>{
+          res.send(err)
+        })
+    } else {
+      res.send(`You don't have permission`)
+    }
+  })
+
+}
+
+controller.update = function(req, res, next) {
+  let decode = jwt.decode(req.headers.token)
+  jwt.verify(req.headers.token, 'secret', (err, decode)=>{
+    if(err){
+      res.send(err.name)
+    } else {
+      db.User.update({
+        name : req.body.name,
+        email : req.body.email
+      },{where : {id : req.params.id}})
+        .then((users)=>{
+          res.send(users)
+        })
+        .catch((err)=>{
+          res.send(err)
+        })
+    }
+  })
+}
+
+
+module.exports = controller;
diff --git a/migrations/20170425040220-create-user.js b/migrations/20170425040220-create-user.js
@@ -0,0 +1,35 @@
+'use strict';
+module.exports = {
+  up: function(queryInterface, Sequelize) {
+    return queryInterface.createTable('Users', {
+      id: {
+        allowNull: false,
+        autoIncrement: true,
+        primaryKey: true,
+        type: Sequelize.INTEGER
+      },
+      name: {
+        type: Sequelize.STRING
+      },
+      password: {
+        type: Sequelize.STRING
+      },
+      role: {
+        type: Sequelize.STRING
+      },
+      createdAt: {
+        allowNull: false,
+        defaultValue: new Date(),
+        type: Sequelize.DATE
+      },
+      updatedAt: {
+        allowNull: false,
+        defaultValue: new Date(),
+        type: Sequelize.DATE
+      }
+    });
+  },
+  down: function(queryInterface, Sequelize) {
+    return queryInterface.dropTable('Users');
+  }
+};