-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathserver.js
More file actions
118 lines (100 loc) · 3.18 KB
/
server.js
File metadata and controls
118 lines (100 loc) · 3.18 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
const express = require('express');
const bodyParser= require('body-parser')
const cookieParser = require("cookie-parser");
const jwt = require("jsonwebtoken");
const ejs = require('ejs');
const app = express();
app.use(cookieParser());
app.use(bodyParser.urlencoded({ extended: true }))
app.use(bodyParser.json());
app.set('view engine', ejs);
const MongoClient = require('mongodb').MongoClient
const ObjectId = require("mongodb").ObjectId;
const mongoDbConnectionString = 'mongodb+srv://davideperrotta:davideperrotta@cluster0.cc2yi.mongodb.net/myFirstDatabase?retryWrites=true&w=majority';
MongoClient.connect(mongoDbConnectionString, {
useUnifiedTopology: true
}).then(client => {
console.log('Connected to Database');
const db = client.db('project')
const quotesCollection = db.collection('quotes')
const usersCollection = db.collection('users');
const authorization = (req, res, next) => {
const token = req.cookies.access_token;
if (!token) {
res.redirect('/');
return res.sendStatus(403);
}
try {
const data = jwt.verify(token, "YOUR_SECRET_KEY");
req.userId = data.id;
req.userRole = data.role;
return next();
} catch {
res.redirect('/');
return res.sendStatus(403);
}
};
app.get('/getquotes', (req, res) => {
const results = quotesCollection.find().toArray()
.then(results => {
return res.json(results);
})
})
app.post('/quotes', (req, res) => {
quotesCollection.insertOne(req.body)
.then(result => {
res.redirect('/protected');
})
.catch(error => console.error(error))
})
app.post('/deletePost', authorization, (req, res) => {
quotesCollection.deleteOne({_id: ObjectId(req.body.id)})
.then(result => {
res.send(result);
})
})
app.post("/access", (req, res) => {
usersCollection.findOne({"username": req.body.username, "password": req.body.password})
.then(results => {
if (results) {
const token = jwt.sign({ id: 1, role: "developer", username: req.body.username }, "YOUR_SECRET_KEY");
//return res
res.cookie("access_token", token, {
httpOnly: true,
secure: process.env.NODE_ENV === "production",
})
.status(200)
res.redirect('/protected');
} else {
res.redirect('/login');
}
})
});
app.get("/protected", authorization, (req, res) => {
const token = req.cookies.access_token;
const data = jwt.verify(token, "YOUR_SECRET_KEY");
const username = data.username;
res.render(__dirname + '/views/addQuotes.ejs', {token, username});
//return res.json({ user: { id: req.userId, role: req.userRole } });
});
app.get("/logout", authorization, (req, res) => {
res
.clearCookie("access_token")
.status(200)
res.redirect('/');
});
})
.catch(
error => console.error(error)
);
app.listen(3000, function() {
console.log('listening on 3000!')
})
app.get('/', (req, res) => {
const token = req.cookies.access_token;
res.render(__dirname + '/views/index.ejs', {token});
})
app.get('/login', (req, res) => {
const token = req.cookies.access_token;
res.render(__dirname + '/views/login.ejs', {token});
})