From 43de9c98eff8a780c9b7628f947cc21bc6e3265d Mon Sep 17 00:00:00 2001
From: Flavien G <44913995+fgaujard@users.noreply.github.com>
Date: Tue, 23 Jan 2024 23:56:20 +0100
Subject: [PATCH] Keep Session logged and block access if denied
---
backend/src/controllers/authControllers.js | 29 +++++++++++++++++-
backend/src/middleware/authMiddleware.js | 12 ++++----
backend/src/router.js | 14 ++++++---
frontend/src/main.jsx | 35 ++++++++++++++++++----
frontend/src/pages/Connexion.jsx | 2 ++
frontend/src/pages/Recipe.jsx | 22 +++++++++-----
frontend/src/pages/RecipeList.jsx | 13 ++++----
frontend/src/pages/style/RecipeList.scss | 22 +++++++++-----
8 files changed, 111 insertions(+), 38 deletions(-)
diff --git a/backend/src/controllers/authControllers.js b/backend/src/controllers/authControllers.js
index 3261d57..3049a90 100644
--- a/backend/src/controllers/authControllers.js
+++ b/backend/src/controllers/authControllers.js
@@ -42,6 +42,7 @@ const login = async (req, res, next) => {
try {
// Verify if the username exist in the database
const user = await tables.user.readByUsername(req.body.username);
+ console.info(user);
if (user) {
// Verify if the password match with the hashed in the database
@@ -50,7 +51,7 @@ const login = async (req, res, next) => {
if (verified) {
// Create a token for open & keep the user session as logged
const token = jwt.sign(
- { username: user.username, is_admin: user.is_admin },
+ { id: user.id, username: user.username, is_admin: user.is_admin },
process.env.APP_SECRET,
{ expiresIn: "1h" }
);
@@ -72,11 +73,37 @@ const login = async (req, res, next) => {
}
};
+const verifyToken = async (req, res, next) => {
+ try {
+ const { token } = req.cookies;
+
+ if (!token) {
+ res.status(401).json({ error: "No token founded" });
+ } else {
+ const decoded = jwt.verify(token, process.env.APP_SECRET);
+ const user = await tables.user.read(decoded.id);
+ if (user)
+ res.status(200).json({
+ success: "User is valid",
+ is_loggin: true,
+ is_admin: decoded.is_admin,
+ });
+ else
+ res
+ .status(401)
+ .json({ error: "The token is invalid", is_loggin: false });
+ }
+ } catch (err) {
+ next(err);
+ }
+};
+
module.exports = {
// browse,
readByUsername,
readByEmail,
login,
+ verifyToken,
// edit,
// add,
// destroy,
diff --git a/backend/src/middleware/authMiddleware.js b/backend/src/middleware/authMiddleware.js
index cd05213..6bae066 100644
--- a/backend/src/middleware/authMiddleware.js
+++ b/backend/src/middleware/authMiddleware.js
@@ -24,20 +24,18 @@ const verifyToken = async (req, res, next) => {
try {
const { token } = req.cookies;
- console.info(req.cookies);
-
- console.info(token);
-
if (!token) {
res.status(401).json({ error: "No token founded" });
} else {
const decoded = jwt.verify(token, process.env.APP_SECRET);
+ console.info(decoded);
const user = await tables.user.read(decoded.id);
- console.info({ user });
- next();
+ console.info(user);
+ if (user) next();
+ else res.status(401).json({ error: "The token is invalid" });
}
} catch (err) {
- res.status(401).json({ error: "The token is invalid" });
+ res.status(401).json({ error: "Internal error" });
}
};
diff --git a/backend/src/router.js b/backend/src/router.js
index 1136bb1..206f1a6 100644
--- a/backend/src/router.js
+++ b/backend/src/router.js
@@ -24,15 +24,22 @@ const AuthControllers = require("./controllers/authControllers");
// Import the middleware for hash password in DB when a new user register
const AuthMiddleware = require("./middleware/authMiddleware");
+router.post("/login", AuthControllers.login);
+router.post("/users", AuthMiddleware.hashPwd, UserControllers.add);
+router.get("/verify-token", AuthControllers.verifyToken);
+
+router.use(AuthMiddleware.verifyToken);
+
router.get("/users", UserControllers.browse); // Route to get a list of items
router.get("/users/:id", UserControllers.read); // Route to get a specific item by ID
-router.post("/users", AuthMiddleware.hashPwd, UserControllers.add);
router.put(
"/users/:id",
uploadUsersAvatars.single("avatar"),
UserControllers.edit
-); // Route to update user
+);
+
+// Route to update user
router.post(
"/users",
AuthMiddleware.hashPwd,
@@ -43,7 +50,6 @@ router.post(
// Route to get specific items and block the register if they exists
router.get("/username/:username", AuthControllers.readByUsername);
router.get("/email/:email", AuthControllers.readByEmail);
-router.post("/login", AuthControllers.login);
/* ************************************************************************* */
// RECIPE
@@ -52,7 +58,7 @@ router.post("/login", AuthControllers.login);
// Import recipeControllers module for handling item-related operations
const RecipeControllers = require("./controllers/recipeControllers");
-router.get("/recipes", AuthMiddleware.verifyToken, RecipeControllers.browse); // Route to get a list of items
+router.get("/recipes", RecipeControllers.browse); // Route to get a list of items
router.get("/recipes/:id", RecipeControllers.read); // Route to get a specific item by ID
router.get("/recipebyuser/:id", RecipeControllers.readByUser);
router.post(
diff --git a/frontend/src/main.jsx b/frontend/src/main.jsx
index 727576d..ed4c576 100644
--- a/frontend/src/main.jsx
+++ b/frontend/src/main.jsx
@@ -20,17 +20,40 @@ const router = createBrowserRouter([
{
path: "/recipes",
element:
{title}
-{difficulty}
-{tag1}
-{tag2}
-{tag3}
-En savoir plus
- +{difficulty}
+{tag1}
+{tag2}
+{tag3}
+En savoir plus
+ +