Created
January 4, 2022 14:37
-
-
Save sele-nap/3ebd154c5ed7ec7106bb34d3cd462577 to your computer and use it in GitHub Desktop.
WCS quest // Express 10 - Register users in a secure way
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const { verifyPassword, findByEmail } = require("../models/user"); | |
const authRouter = require("express").Router(); | |
authRouter.post("/checkCredentials", async (req, res) => { | |
const { email, password } = req.body; | |
const isEmail = await findByEmail(email); | |
if (!isEmail) | |
return res.status(401).json("Incorrect email or wrong password"); | |
const check = await verifyPassword(password, isEmail.hashedPassword); | |
if (check) res.status(200).json("ok"); | |
else res.status(401).json("Wrong password"); | |
}); | |
module.exports = authRouter; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const moviesRouter = require('./movies'); | |
const usersRouter = require('./users'); | |
const setupRoutes = (app) => { | |
// Movie routes | |
app.use('/api/movies', moviesRouter); | |
// User routes | |
// TODO | |
app.use('/api/users', usersRouter); | |
}; | |
module.exports = { | |
setupRoutes, | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const connection = require("../db-config"); | |
const Joi = require("joi"); | |
const argon2 = require("argon2"); | |
const db = connection.promise(); | |
const validate = (data, forCreation = true) => { | |
const presence = forCreation ? "required" : "optional"; | |
return Joi.object({ | |
email: Joi.string().email().max(255).presence(presence), | |
firstname: Joi.string().max(255).presence(presence), | |
lastname: Joi.string().max(255).presence(presence), | |
city: Joi.string().allow(null, "").max(255), | |
language: Joi.string().allow(null, "").max(255), | |
}).validate(data, { abortEarly: false }).error; | |
}; | |
const findMany = ({ filters: { language } }) => { | |
let sql = "SELECT * FROM users"; | |
const sqlValues = []; | |
if (language) { | |
sql += " WHERE language = ?"; | |
sqlValues.push(language); | |
} | |
return db.query(sql, sqlValues).then(([results]) => results); | |
}; | |
const findOne = (id) => { | |
return db | |
.query("SELECT * FROM users WHERE id = ?", [id]) | |
.then(([results]) => results[0]); | |
}; | |
const findByEmail = (email) => { | |
return db | |
.query("SELECT * FROM users WHERE email = ?", [email]) | |
.then(([results]) => results[0]); | |
}; | |
const findByEmailWithDifferentId = (email, id) => { | |
return db | |
.query("SELECT * FROM users WHERE email = ? AND id <> ?", [email, id]) | |
.then(([results]) => results[0]); | |
}; | |
const create = (data) => { | |
return db.query("INSERT INTO users SET ?", data).then(([result]) => { | |
const id = result.insertId; | |
return { ...data, id }; | |
}); | |
}; | |
const update = (id, newAttributes) => { | |
return db.query("UPDATE users SET ? WHERE id = ?", [newAttributes, id]); | |
}; | |
const destroy = (id) => { | |
return db | |
.query("DELETE FROM users WHERE id = ?", [id]) | |
.then(([result]) => result.affectedRows !== 0); | |
}; | |
const hashingOptions = { | |
type: argon2.argon2id, | |
memoryCost: 2 ** 16, | |
timeCost: 5, | |
parallelism: 1, | |
}; | |
const hashPassword = (plainPassword) => { | |
return argon2.hash(plainPassword, hashingOptions); | |
}; | |
const verifyPassword = (plainPassword, hashedPassword) => { | |
return argon2.verify(hashedPassword, plainPassword, hashingOptions); | |
}; | |
module.exports = { | |
findMany, | |
findOne, | |
validate, | |
create, | |
update, | |
destroy, | |
findByEmail, | |
findByEmailWithDifferentId, | |
hashPassword, | |
verifyPassword, | |
}; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment