C4M
/
api-isakafo
5
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

app ready for testing

master
fabriceBJHost 5 months ago
parent
3efa2503ea
commit
0218745bd3
6 changed files with 125 additions and 73 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      .env.example
  2. 56
      config/databases.js
  3. 10
      index.js
  4. 52
      middleware/authMiddleware.js
  5. 60
      routes/authRoute.js
  6. 16
      routes/protectedRoute.js

4
.env.example
View File

@ -4,5 +4,5 @@ JWT_SECRET=yourSuperSecretKey # Replace with your actual secret key
# Database configuration
DB_HOST=localhost
DB_USER=root
DB_PASSWORD=yourpassword
DB_NAME=jwt_auth
DB_PASSWORD=
DB_NAME=api_isakafo

56
config/databases.js
View File

@ -2,10 +2,56 @@ const mysql = require('mysql2/promise');
require('dotenv').config();
const pool = mysql.createPool({
host: process.env.DB_HOST,
user: process.env.DB_USER,
password: process.env.DB_PASSWORD,
database: process.env.DB_NAME,
host: process.env.DB_HOST,
user: process.env.DB_USER,
password: process.env.DB_PASSWORD,
database: process.env.DB_NAME,
});
module.exports = pool;
/**
* Initialize the database and create necessary tables
*
*/
async function initDB() {
try {
const connection = await pool.getConnection();
// Create users table if it doesn't exist
await connection.query(`
CREATE TABLE IF NOT EXISTS users (
id INT AUTO_INCREMENT PRIMARY KEY NOT NULL,
username VARCHAR(50) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL,
role VARCHAR(20) DEFAULT 'user',
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
`);
// ajoute une autre table si necessaire
// add a default admin user if none exists
const [rows] = await connection.query(`SELECT COUNT(*) as count FROM users`);
if (rows[0].count === 0) {
const bcrypt = require('bcryptjs');
const hashedPassword = await bcrypt.hash('admin123', 10);
await connection.query(
'INSERT INTO users (username, password, role) VALUES (?, ?, ?)',
['admin', hashedPassword, 'admin']
);
console.log('✅ Default admin user created: admin / admin123');
}
connection.release();
console.log('✅ Database initialized');
} catch (err) {
console.error('❌ Failed to initialize database:', err.message);
}
}
module.exports = {
pool,
initDB,
};

10
index.js
View File

@ -2,6 +2,7 @@ const express = require('express');
const authRoutes = require('./routes/authRoute');
const protectedRoutes = require('./routes/protectedRoute');
require('dotenv').config();
const { initDB } = require('./config/databases');
const app = express();
@ -10,6 +11,11 @@ app.use(express.json());
app.use('/api/auth', authRoutes);
app.use('/api/protected', protectedRoutes);
app.listen(process.env.PORT, () => {
console.log(`Server running on port ${process.env.PORT}`);
initDB().then(() => {
app.listen(process.env.PORT, () => {
console.log(`Server running on port ${process.env.PORT}`);
});
}).catch(err => {
console.error('❌ Failed to initialize database:', err.message);
});

52
middleware/authMiddleware.js
View File

@ -4,39 +4,39 @@ require('dotenv').config();
const activeSessions = {}; // store last activity timestamp for tokens
module.exports = (requiredRole = null) => {
return (req, res, next) => {
const authHeader = req.headers.authorization;
return (req, res, next) => {
const authHeader = req.headers.authorization;
if (!authHeader) {
return res.status(401).json({ message: 'No token provided' });
}
if (!authHeader) {
return res.status(401).json({ message: 'No token provided' });
}
const token = authHeader.split(' ')[1];
const token = authHeader.split(' ')[1];
jwt.verify(token, process.env.JWT_SECRET, (err, decoded) => {
if (err) {
return res.status(401).json({ message: 'Invalid token' });
}
jwt.verify(token, process.env.JWT_SECRET, (err, decoded) => {
if (err) {
return res.status(401).json({ message: 'Invalid token' });
}
// Check token last activity
const lastActivity = activeSessions[token];
const now = Date.now();
// Check token last activity
const lastActivity = activeSessions[token];
const now = Date.now();
if (lastActivity && now - lastActivity > 30 * 60 * 1000) {
delete activeSessions[token];
return res.status(401).json({ message: 'Token expired due to inactivity' });
}
if (lastActivity && now - lastActivity > 30 * 60 * 1000) {
delete activeSessions[token];
return res.status(401).json({ message: 'Token expired due to inactivity' });
}
// Update last activity
activeSessions[token] = now;
// Update last activity
activeSessions[token] = now;
req.user = decoded;
req.user = decoded;
if (requiredRole && decoded.role !== requiredRole) {
return res.status(403).json({ message: 'Forbidden. Insufficient role' });
}
if (requiredRole && decoded.role !== requiredRole) {
return res.status(403).json({ message: 'Forbidden. Insufficient role' });
}
next();
});
};
next();
});
};
};

60
routes/authRoute.js
View File

@ -1,47 +1,47 @@
const express = require('express');
const bcrypt = require('bcryptjs');
const jwt = require('jsonwebtoken');
const pool = require('../config/databases');
const { pool } = require('../config/databases');
require('dotenv').config();
const router = express.Router();
router.post('/login', async (req, res) => {
const { username, password } = req.body;
const { username, password } = req.body;
try {
const [rows] = await pool.query(
'SELECT * FROM users WHERE username = ?',
[username]
);
try {
const [rows] = await pool.query(
'SELECT * FROM users WHERE username = ?',
[username]
);
if (rows.length === 0) {
return res.status(401).json({ message: 'Invalid credentials' });
}
if (rows.length === 0) {
return res.status(401).json({ message: 'Invalid credentials' });
}
const user = rows[0];
const user = rows[0];
const isMatch = await bcrypt.compare(password, user.password);
const isMatch = await bcrypt.compare(password, user.password);
if (!isMatch) {
return res.status(401).json({ message: 'Invalid credentials' });
}
if (!isMatch) {
return res.status(401).json({ message: 'Invalid credentials' });
}
const payload = {
id: user.id,
username: user.username,
role: user.role,
};
const payload = {
id: user.id,
username: user.username,
role: user.role,
};
const token = jwt.sign(payload, process.env.JWT_SECRET, {
expiresIn: '2h', // max lifespan
});
res.json({ token });
} catch (err) {
console.error(err);
res.status(500).json({ message: 'Server error' });
}
const token = jwt.sign(payload, process.env.JWT_SECRET, {
expiresIn: '2h', // max lifespan
});
res.json({ token });
} catch (err) {
console.error(err);
res.status(500).json({ message: 'Server error' });
}
});
module.exports = router;

16
routes/protectedRoute.js
View File

@ -5,18 +5,18 @@ const router = express.Router();
// Open only to logged users
router.get('/profile', authMiddleware(), (req, res) => {
res.json({
message: 'Welcome to your profile!',
user: req.user,
});
res.json({
message: 'Welcome to your profile!',
user: req.user,
});
});
// Open only to admins
router.get('/admin', authMiddleware('admin'), (req, res) => {
res.json({
message: 'Welcome, admin!',
user: req.user,
});
res.json({
message: 'Welcome, admin!',
user: req.user,
});
});
module.exports = router;

Write Preview
Loading…
Cancel
Save