api-auth v1

.gitignore

@@ -0,0 +1,3 @@
+.DS_Store
+node_modules
+ex

README.md

@@ -1 +1,35 @@
-# api-auth
+# api-auth
+
+API AUTH merupakan aplikasi layanan menggunakan REST yang dilengkapi
+fitur otentikasi dan otorisasi pengguna, sehingga tidak sembarang pengguna
+yang dapat mengakses API yang telah dibuat.
+
+# List Route
+Route | HTTP | Description
+--- | --- | ---
+/api/signup | POST | Sign up with new user info
+/api/signin | POST | Sign in while get an access token based on credentials
+/api/users | GET | Get all the users info **(admin only)**
+/api/users/;id | GET | Get a single user info **(admin and authenticated user)**
+/api/users | POST | Create a user **(admin only)**
+/api/users/:id | DELETE | Delete a user **(admin only)**
+/api/users/:id | PUT | Update a user with new info **(admin and authenticated user)**
+
+# Usage
+1. Install package.json dependency
+
+    npm install
+
+2. Pastikan config database sesuai
+
+    "dialect":"postgres",
+
+    "port":"5432"
+
+3. Migrate database menggunakan sequelize
+
+    sequelize db:migrate
+
+4. Run app
+
+    nodemon app.js

app.js

@@ -0,0 +1,46 @@
+var express = require('express');
+var path = require('path');
+var favicon = require('serve-favicon');
+var logger = require('morgan');
+var cookieParser = require('cookie-parser');
+var bodyParser = require('body-parser');
+
+var index = require('./routes/index');
+var users = require('./routes/users');
+
+var app = express();
+
+// view engine setup
+app.set('views', path.join(__dirname, 'views'));
+app.set('view engine', 'jade');
+
+// uncomment after placing your favicon in /public
+//app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')));
+app.use(logger('dev'));
+app.use(bodyParser.json());
+app.use(bodyParser.urlencoded({ extended: false }));
+app.use(cookieParser());
+app.use(express.static(path.join(__dirname, 'public')));
+
+// app.use('/', index);
+app.use('/api', users);
+
+// catch 404 and forward to error handler
+app.use(function(req, res, next) {
+  var err = new Error('Not Found');
+  err.status = 404;
+  next(err);
+});
+
+// error handler
+app.use(function(err, req, res, next) {
+  // set locals, only providing error in development
+  res.locals.message = err.message;
+  res.locals.error = req.app.get('env') === 'development' ? err : {};
+
+  // render the error page
+  res.status(err.status || 500);
+  res.render('error');
+});
+
+module.exports = app;

bin/www

@@ -0,0 +1,90 @@
+#!/usr/bin/env node
+
+/**
+ * Module dependencies.
+ */
+
+var app = require('../app');
+var debug = require('debug')('api-basic:server');
+var http = require('http');
+
+/**
+ * Get port from environment and store in Express.
+ */
+
+var port = normalizePort(process.env.PORT || '3000');
+app.set('port', port);
+
+/**
+ * Create HTTP server.
+ */
+
+var server = http.createServer(app);
+
+/**
+ * Listen on provided port, on all network interfaces.
+ */
+
+server.listen(port);
+server.on('error', onError);
+server.on('listening', onListening);
+
+/**
+ * Normalize a port into a number, string, or false.
+ */
+
+function normalizePort(val) {
+  var port = parseInt(val, 10);
+
+  if (isNaN(port)) {
+    // named pipe
+    return val;
+  }
+
+  if (port >= 0) {
+    // port number
+    return port;
+  }
+
+  return false;
+}
+
+/**
+ * Event listener for HTTP server "error" event.
+ */
+
+function onError(error) {
+  if (error.syscall !== 'listen') {
+    throw error;
+  }
+
+  var bind = typeof port === 'string'
+    ? 'Pipe ' + port
+    : 'Port ' + port;
+
+  // handle specific listen errors with friendly messages
+  switch (error.code) {
+    case 'EACCES':
+      console.error(bind + ' requires elevated privileges');
+      process.exit(1);
+      break;
+    case 'EADDRINUSE':
+      console.error(bind + ' is already in use');
+      process.exit(1);
+      break;
+    default:
+      throw error;
+  }
+}
+
+/**
+ * Event listener for HTTP server "listening" event.
+ */
+
+function onListening() {
+  var addr = server.address();
+  var bind = typeof addr === 'string'
+    ? 'pipe ' + addr
+    : 'port ' + addr.port;
+  debug('Listening on ' + bind);
+}

config/config.json

@@ -0,0 +1,10 @@
+{
+  "development": {
+    "username": "quasar",
+    "password": "kagayakuyami",
+    "database": "user2",
+    "host": "127.0.0.1",
+    "dialect": "postgres",
+    "port": "5432"
+  }
+}

controllers/userController.js

@@ -0,0 +1,149 @@
+const db = require('../models');
+const passwordHash = require('password-hash');
+const jwt = require('jsonwebtoken');
+const auth = require('../helpers/verify.js').auth;
+const methods = {};
+
+methods.signup = (req,res,next) => {
+    var name = req.body.name;
+    var phone = req.body.phone;
+    var role = req.body.role;
+    var username = req.body.username;
+    var password = passwordHash.generate(req.body.password);
+
+    db.User.create({
+        name: name,
+        phone: phone,
+        role: role,
+        username: username,
+        password: password
+    })
+    .then(user => {
+        res.json(user)
+    })
+    .catch(err => {
+        res.json(err)
+    })
+
+}
+
+methods.signin = (req,res,next) => {
+    // console.log('a');
+    db.User.findOne({
+        where: {
+            username:req.body.username
+        }
+    })
+    .then(user => {
+        if(passwordHash.verify(req.body.password, user.password)){
+            let data = user.toJSON();
+            delete data.id;
+            delete data.phone;
+            delete data.password;
+            delete data.createdAt;
+            delete data.updatedAt;
+            // res.json(data);
+            // let dataToken = jwt.sign(data, 'secret', {expiresIn: '1h'})
+            res.json({
+                message: 'Login sukses',
+                token: auth(data)
+            })
+        } else {
+            res.json({message: 'Password Tidak sesuai'});
+        }
+    })
+    .catch(err => {
+        res.json({message: 'Username Tidak sesuai'});
+    })
+}
+
+methods.getUsers = (req,res,next) => {
+
+    let token = req.headers.token;
+
+    db.User.findAll()
+    .then(users => {
+        res.json(users)
+    })
+    .catch(err => {
+        res.json(err)
+    })
+}
+
+methods.getUser = (req,res,next) => {
+    var UserId = req.params.id;
+    db.User.findById(UserId)
+    .then(user => {
+        res.json(user)
+    })
+    .catch(err => {
+        res.json(err)
+    })
+}
+
+methods.insertUser = (req,res,next) => {
+    var name = req.body.name;
+    var phone = req.body.phone;
+    var role = req.body.role;
+    var username = req.body.username;
+    var password = passwordHash.generate(req.body.password);
+
+    db.User.create({
+        name: name,
+        phone: phone,
+        role: role,
+        username: username,
+        password: password
+    })
+    .then(user => {
+        res.json(user)
+    })
+    .catch(err => {
+        res.json(err)
+    })
+}
+
+methods.deleteUser = (req,res,next) => {
+    var userId = req.params.id;
+
+    db.User.destroy({
+        where: {
+            id: userId
+        }
+    })
+    .then(user => {
+        res.json(user)
+    })
+    .catch(err => {
+        res.json(err)
+    })
+}
+
+methods.updateUser = (req,res,next) => {
+    var userId = req.params.id;
+    var name = req.body.name;
+    var phone = req.body.phone;
+    var role = req.body.role;
+    var username = req.body.username;
+    var password = passwordHash.generate(req.body.password);
+
+    db.User.update({
+        name:name,
+        phone:phone,
+        role: role,
+        username: username,
+        password: password
+    },{
+        where:{
+            id:userId
+        }
+    })
+    .then(user => {
+        res.json(user)
+    })
+    .catch(err => {
+        res.json(err)
+    })
+}
+
+module.exports = methods

helpers/verify.js

@@ -0,0 +1,22 @@
+const jwt = require('jsonwebtoken');
+
+module.exports= {
+    isAdmin: function(req,res,next){
+
+        jwt.verify(req.headers.token, 'secret', function(error, decoded){
+            if(decoded) {
+                if(decoded.role === 'Admin'){
+                    next();
+                } else {
+                    res.json({message : 'Anda tidak dapat menggunakan fitur ini'})
+                }
+            } else {
+                res.json({message: error})
+            }
+        })
+    },
+    auth: function(data){
+        let token = jwt.sign(data, 'secret', { expiresIn: '1h' })
+        return token;
+    }
+}