C4M/api-isakafo
5
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

app ready for testing

Browse Source
This commit is contained in:
fabriceBJHost 2025-07-01 16:01:05 +02:00
parent 3efa2503ea
commit 0218745bd3
6 changed files with 128 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.env.example
View File

@ -4,5 +4,5 @@ JWT_SECRET=yourSuperSecretKey # Replace with your actual secret key
# Database configuration # Database configuration
DB_HOST=localhost DB_HOST=localhost
DB_USER=root DB_USER=root
DB_PASSWORD=yourpassword DB_PASSWORD=
DB_NAME=jwt_auth DB_NAME=api_isakafo

56
config/databases.js
View File

@ -2,10 +2,56 @@ const mysql = require('mysql2/promise');
require('dotenv').config(); require('dotenv').config();
const pool = mysql.createPool({ const pool = mysql.createPool({
host: process.env.DB_HOST, host: process.env.DB_HOST,
user: process.env.DB_USER, user: process.env.DB_USER,
password: process.env.DB_PASSWORD, password: process.env.DB_PASSWORD,
database: process.env.DB_NAME, database: process.env.DB_NAME,
}); });
module.exports = pool; /**
* Initialize the database and create necessary tables
*
*/
async function initDB() {
try {
const connection = await pool.getConnection();
// Create users table if it doesn't exist
await connection.query(`
CREATE TABLE IF NOT EXISTS users (
id INT AUTO_INCREMENT PRIMARY KEY NOT NULL,
username VARCHAR(50) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL,
role VARCHAR(20) DEFAULT 'user',
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
`);
// ajoute une autre table si necessaire
// add a default admin user if none exists
const [rows] = await connection.query(`SELECT COUNT(*) as count FROM users`);
if (rows[0].count === 0) {
const bcrypt = require('bcryptjs');
const hashedPassword = await bcrypt.hash('admin123', 10);
await connection.query(
'INSERT INTO users (username, password, role) VALUES (?, ?, ?)',
['admin', hashedPassword, 'admin']
);
console.log('✅ Default admin user created: admin / admin123');
}
connection.release();
console.log('✅ Database initialized');
} catch (err) {
console.error('❌ Failed to initialize database:', err.message);
}
}
module.exports = {
pool,
initDB,
};

10
index.js
View File

@ -2,6 +2,7 @@ const express = require('express');
const authRoutes = require('./routes/authRoute'); const authRoutes = require('./routes/authRoute');
const protectedRoutes = require('./routes/protectedRoute'); const protectedRoutes = require('./routes/protectedRoute');
require('dotenv').config(); require('dotenv').config();
const { initDB } = require('./config/databases');
const app = express(); const app = express();
@ -10,6 +11,11 @@ app.use(express.json());
app.use('/api/auth', authRoutes); app.use('/api/auth', authRoutes);
app.use('/api/protected', protectedRoutes); app.use('/api/protected', protectedRoutes);
app.listen(process.env.PORT, () => { initDB().then(() => {
console.log(`Server running on port ${process.env.PORT}`); app.listen(process.env.PORT, () => {
console.log(`Server running on port ${process.env.PORT}`);
});
}).catch(err => {
console.error('❌ Failed to initialize database:', err.message);
}); });

52
middleware/authMiddleware.js
View File

@ -4,39 +4,39 @@ require('dotenv').config();
const activeSessions = {}; // store last activity timestamp for tokens const activeSessions = {}; // store last activity timestamp for tokens
module.exports = (requiredRole = null) => { module.exports = (requiredRole = null) => {
return (req, res, next) => { return (req, res, next) => {
const authHeader = req.headers.authorization; const authHeader = req.headers.authorization;
if (!authHeader) { if (!authHeader) {
return res.status(401).json({ message: 'No token provided' }); return res.status(401).json({ message: 'No token provided' });
} }
const token = authHeader.split(' ')[1]; const token = authHeader.split(' ')[1];
jwt.verify(token, process.env.JWT_SECRET, (err, decoded) => { jwt.verify(token, process.env.JWT_SECRET, (err, decoded) => {
if (err) { if (err) {
return res.status(401).json({ message: 'Invalid token' }); return res.status(401).json({ message: 'Invalid token' });
} }
// Check token last activity // Check token last activity
const lastActivity = activeSessions[token]; const lastActivity = activeSessions[token];
const now = Date.now(); const now = Date.now();
if (lastActivity && now - lastActivity > 30 * 60 * 1000) { if (lastActivity && now - lastActivity > 30 * 60 * 1000) {
delete activeSessions[token]; delete activeSessions[token];
return res.status(401).json({ message: 'Token expired due to inactivity' }); return res.status(401).json({ message: 'Token expired due to inactivity' });
} }
// Update last activity // Update last activity
activeSessions[token] = now; activeSessions[token] = now;
req.user = decoded; req.user = decoded;
if (requiredRole && decoded.role !== requiredRole) { if (requiredRole && decoded.role !== requiredRole) {
return res.status(403).json({ message: 'Forbidden. Insufficient role' }); return res.status(403).json({ message: 'Forbidden. Insufficient role' });
} }
next(); next();
}); });
}; };
}; };

66
routes/authRoute.js
View File

@ -1,47 +1,47 @@
const express = require('express'); const express = require('express');
const bcrypt = require('bcryptjs'); const bcrypt = require('bcryptjs');
const jwt = require('jsonwebtoken'); const jwt = require('jsonwebtoken');
const pool = require('../config/databases'); const { pool } = require('../config/databases');
require('dotenv').config(); require('dotenv').config();
const router = express.Router(); const router = express.Router();
router.post('/login', async (req, res) => { router.post('/login', async (req, res) => {
const { username, password } = req.body; const { username, password } = req.body;
try { try {
const [rows] = await pool.query( const [rows] = await pool.query(
'SELECT * FROM users WHERE username = ?', 'SELECT * FROM users WHERE username = ?',
[username] [username]
); );
if (rows.length === 0) { if (rows.length === 0) {
return res.status(401).json({ message: 'Invalid credentials' }); return res.status(401).json({ message: 'Invalid credentials' });
}
const user = rows[0];
const isMatch = await bcrypt.compare(password, user.password);
if (!isMatch) {
return res.status(401).json({ message: 'Invalid credentials' });
}
const payload = {
id: user.id,
username: user.username,
role: user.role,
};
const token = jwt.sign(payload, process.env.JWT_SECRET, {
expiresIn: '2h', // max lifespan
});
res.json({ token });
} catch (err) {
console.error(err);
res.status(500).json({ message: 'Server error' });
} }
const user = rows[0];
const isMatch = await bcrypt.compare(password, user.password);
if (!isMatch) {
return res.status(401).json({ message: 'Invalid credentials' });
}
const payload = {
id: user.id,
username: user.username,
role: user.role,
};
const token = jwt.sign(payload, process.env.JWT_SECRET, {
expiresIn: '2h', // max lifespan
});
res.json({ token });
} catch (err) {
console.error(err);
res.status(500).json({ message: 'Server error' });
}
}); });
module.exports = router; module.exports = router;

16
routes/protectedRoute.js
View File

@ -5,18 +5,18 @@ const router = express.Router();
// Open only to logged users // Open only to logged users
router.get('/profile', authMiddleware(), (req, res) => { router.get('/profile', authMiddleware(), (req, res) => {
res.json({ res.json({
message: 'Welcome to your profile!', message: 'Welcome to your profile!',
user: req.user, user: req.user,
}); });
}); });
// Open only to admins // Open only to admins
router.get('/admin', authMiddleware('admin'), (req, res) => { router.get('/admin', authMiddleware('admin'), (req, res) => {
res.json({ res.json({
message: 'Welcome, admin!', message: 'Welcome, admin!',
user: req.user, user: req.user,
}); });
}); });
module.exports = router; module.exports = router;