From dd4eecdb988e23ed5af80d40ab072878ac7f2ccb Mon Sep 17 00:00:00 2001 From: GureyAYGARAD Date: Wed, 20 Aug 2025 22:48:33 +0200 Subject: [PATCH] WK20 --- middleware/auth.js | 46 ++++++++++++++++ routes/auth.js | 131 ++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 176 insertions(+), 1 deletion(-) diff --git a/middleware/auth.js b/middleware/auth.js index 7deb650..65e6642 100644 --- a/middleware/auth.js +++ b/middleware/auth.js @@ -6,11 +6,57 @@ const JWT_SECRET = process.env.JWT_SECRET || "your-secret-key"; export const authenticateToken = async (req, res, next) => { try { // TODO: Implement the authentication middleware + + // 1. Get the token from the request header + + const authHeader = req.headers["authorization"]; + + const token = authHeader && authHeader.split("")[1] + // 2. Verify the token + + if(!token){ + return res.status(401).json({ + success: false, + message: "access token required" + }) + } + + const decoded = jwt.verify( + token, + process.env.JWT_SECRET || "mysecret" + + ) + + // 3. Get the user from the database + + const user = await prisma.user.findUnique({ + where: {id: decoded.user.id}, + select: { + id: true, + name: true, + email: true + } + }) + + // 4. If the user doesn't exist, throw an error + if(!user) { + return res.status(400).json({ + success: false, + message: "user not found" + }) + } + + + // 5. Attach the user to the request object + req.user = user + + + // 6. Call the next middleware diff --git a/routes/auth.js b/routes/auth.js index 7a78cfc..d68e4a1 100644 --- a/routes/auth.js +++ b/routes/auth.js @@ -11,13 +11,80 @@ const JWT_SECRET = process.env.JWT_SECRET || "your-secret-key"; router.post("/register", async (req, res) => { try { // TODO: Implement the registration logic + const { name, email, password } = req.body + + // 1. Validate the input + + if (!name || !email || !password) { + return res.status(400).json({ + success: false, + message: "Name, email and password are required", + }); + + } + // 2. Check if the user already exists + const existingUser = await prisma.user.findUnique({ + where: { email } + }) + + if (existingUser) { + return res.status(400).json({ + success: false, + message: "User with this email already exists", + + }); + + + } + + // 3. Hash the password - // 4. Create the user + + const saltRounds = 10 + const hashedPassword = await bcrypt.hash(password, saltRounds) + + + // 4. Create the user + + const newUser = await prisma.user.create({ + data: { + name, + email, + password: hashedPassword + + }, + select: { + id: true, + name: true, + email: true + + } + }) + + // 5. Generate a JWT token + const token = jwt.sign( + {userId: newUser.id}, + process.env.JWT_SECRET || "Mysecret", + {expiresIn: "24h"} + ) + + // 6. Return the user data and token + res.status(201).json({ + success: true, + message: "user registered successfully", + data: { + user: newUser, + token + } + }) + + + } catch (error) { @@ -34,11 +101,73 @@ router.post("/register", async (req, res) => { router.post("/login", async (req, res) => { try { // TODO: Implement the login logic + const { email, password } = req.body + + // 1. Validate the input + + if (!email || !password) { + return res.status(400).json({ + success: false, + message: "Email and password are required", + }); + + } + + // 2. Check if the user exists + + const user = await prisma.user.findUnique({ + where: { email } + }) + + if (!user) { + return res.status(400).json({ + success: false, + message: "Invalid mail and password", + + }); + } + + // 3. Compare the password + + const isUserPasswordValid = await bcrypt.compare(password, user.password) + + if(!isUserPasswordValid) { + return res.status(401).json({ + success: false, + message: "your password is wrong" + }) + } + + + + // 4. Generate a JWT token + const token = jwt.sign( + {userId: user.id, email: email}, + process.env.JWT_SECRET || "mysecret" + ) + + // 5. Return the user data and token + + const { password: _, ...userData} = user + + // 6: return user data and token + res.status(200).json({ + success: true, + message: "Login successfully", + data: { + user: userData, + token: token + } + }) + + + + } catch (error) {