diff --git a/backend/src/app.js b/backend/src/app.js
index a236d25..550856d 100644
--- a/backend/src/app.js
+++ b/backend/src/app.js
@@ -28,13 +28,14 @@ const app = express();
const cors = require("cors");
-app.use(cors());
-/*
+// app.use(cors());
+
app.use(
cors({
origin: [
process.env.FRONTEND_URL, // keep this one, after checking the value in `backend/.env`
],
+ credentials: true,
})
);
@@ -54,9 +55,9 @@ app.use(
// Uncomment one or more of these options depending on the format of the data sent by your client:
app.use(express.json());
-app.use(express.urlencoded());
-app.use(express.text());
-app.use(express.raw());
+// app.use(express.urlencoded());
+// app.use(express.text());
+// app.use(express.raw());
/* ************************************************************************* */
diff --git a/backend/src/controllers/authControllers.js b/backend/src/controllers/authControllers.js
index 42f5c67..3261d57 100644
--- a/backend/src/controllers/authControllers.js
+++ b/backend/src/controllers/authControllers.js
@@ -51,10 +51,15 @@ const login = async (req, res, next) => {
// Create a token for open & keep the user session as logged
const token = jwt.sign(
{ username: user.username, is_admin: user.is_admin },
- process.env.APP_SECRET
+ process.env.APP_SECRET,
+ { expiresIn: "1h" }
);
// Respond with the Token of the user, in JSON format
- res.cookie("token_eating_nam_nam_usr", token).json(token);
+ res.cookie("token", token, {
+ httpOnly: true,
+ maxAge: 3600000, // 1h in ms
+ });
+ res.status(200).send(token);
} else {
res.sendStatus(422);
}
diff --git a/backend/src/controllers/userControllers.js b/backend/src/controllers/userControllers.js
index e5f874a..1607326 100644
--- a/backend/src/controllers/userControllers.js
+++ b/backend/src/controllers/userControllers.js
@@ -65,7 +65,6 @@ const edit = async (req, res, next) => {
const add = async (req, res, next) => {
// Extract the user data from the request body
const item = req.body;
- console.info(item);
const existingUsername = await tables.user.readByUsername(item.username);
const existingEmail = await tables.user.readByEmail(item.email);
diff --git a/backend/src/middleware/authMiddleware.js b/backend/src/middleware/authMiddleware.js
index 64ccb2b..cd05213 100644
--- a/backend/src/middleware/authMiddleware.js
+++ b/backend/src/middleware/authMiddleware.js
@@ -21,20 +21,23 @@ const hashPwd = async (req, res, next) => {
};
const verifyToken = async (req, res, next) => {
- const token = req.body.cookies;
+ try {
+ const { token } = req.cookies;
+
+ console.info(req.cookies);
+
+ console.info(token);
- console.info(token);
- if (!token) {
- res.status(401).json({ error: "No token founded" });
- } else {
- try {
+ if (!token) {
+ res.status(401).json({ error: "No token founded" });
+ } else {
const decoded = jwt.verify(token, process.env.APP_SECRET);
const user = await tables.user.read(decoded.id);
console.info({ user });
next();
- } catch (err) {
- res.status(401).json({ error: "The token is invalid" });
}
+ } catch (err) {
+ res.status(401).json({ error: "The token is invalid" });
}
};
diff --git a/backend/src/router.js b/backend/src/router.js
index 3cba355..1136bb1 100644
--- a/backend/src/router.js
+++ b/backend/src/router.js
@@ -40,8 +40,6 @@ router.post(
UserControllers.add
);
-// lala ceci est un test
-
// Route to get specific items and block the register if they exists
router.get("/username/:username", AuthControllers.readByUsername);
router.get("/email/:email", AuthControllers.readByEmail);
diff --git a/frontend/src/main.jsx b/frontend/src/main.jsx
index 8c487d7..727576d 100644
--- a/frontend/src/main.jsx
+++ b/frontend/src/main.jsx
@@ -3,6 +3,8 @@ import ReactDOM from "react-dom/client";
import { createBrowserRouter, RouterProvider } from "react-router-dom";
+import axios from "axios";
+
import App from "./App";
import Accueil from "./pages/Accueil";
import Connexion from "./pages/Connexion";
@@ -23,7 +25,12 @@ const router = createBrowserRouter([
path: "/recipes/:id",
element:
retour