C4M/api-isakafo
5
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

app ready for testing

Browse Source
This commit is contained in:
fabriceBJHost 2025-07-01 16:01:05 +02:00
parent 3efa2503ea
commit 0218745bd3
6 changed files with 128 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.env.example
View File

@ -4,5 +4,5 @@ JWT_SECRET=yourSuperSecretKey # Replace with your actual secret key
# Database configuration
DB_HOST=localhost
DB_USER=root
DB_PASSWORD=yourpassword
DB_NAME=jwt_auth
DB_PASSWORD=
DB_NAME=api_isakafo

56
config/databases.js
View File

@ -2,10 +2,56 @@ const mysql = require('mysql2/promise');
require('dotenv').config();
const pool = mysql.createPool({
host: process.env.DB_HOST,
user: process.env.DB_USER,
password: process.env.DB_PASSWORD,
database: process.env.DB_NAME,
host: process.env.DB_HOST,
user: process.env.DB_USER,
password: process.env.DB_PASSWORD,
database: process.env.DB_NAME,
});
module.exports = pool;
/**
* Initialize the database and create necessary tables
*
*/
async function initDB() {
try {
const connection = await pool.getConnection();
// Create users table if it doesn't exist
await connection.query(`
CREATE TABLE IF NOT EXISTS users (
id INT AUTO_INCREMENT PRIMARY KEY NOT NULL,
username VARCHAR(50) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL,
role VARCHAR(20) DEFAULT 'user',
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
`);
// ajoute une autre table si necessaire
// add a default admin user if none exists
const [rows] = await connection.query(`SELECT COUNT(*) as count FROM users`);
if (rows[0].count === 0) {
const bcrypt = require('bcryptjs');
const hashedPassword = await bcrypt.hash('admin123', 10);
await connection.query(
'INSERT INTO users (username, password, role) VALUES (?, ?, ?)',
['admin', hashedPassword, 'admin']
);
console.log('✅ Default admin user created: admin / admin123');
}
connection.release();
console.log('✅ Database initialized');
} catch (err) {
console.error('❌ Failed to initialize database:', err.message);
}
}
module.exports = {
pool,
initDB,
};

10
index.js
View File

@ -2,6 +2,7 @@ const express = require('express');
const authRoutes = require('./routes/authRoute');
const protectedRoutes = require('./routes/protectedRoute');
require('dotenv').config();
const { initDB } = require('./config/databases');
const app = express();
@ -10,6 +11,11 @@ app.use(express.json());
app.use('/api/auth', authRoutes);
app.use('/api/protected', protectedRoutes);
app.listen(process.env.PORT, () => {
console.log(`Server running on port ${process.env.PORT}`);
initDB().then(() => {
app.listen(process.env.PORT, () => {
console.log(`Server running on port ${process.env.PORT}`);
});
}).catch(err => {
console.error('❌ Failed to initialize database:', err.message);
});

52
middleware/authMiddleware.js
View File

@ -4,39 +4,39 @@ require('dotenv').config();
const activeSessions = {}; // store last activity timestamp for tokens
module.exports = (requiredRole = null) => {
return (req, res, next) => {
const authHeader = req.headers.authorization;
return (req, res, next) => {
const authHeader = req.headers.authorization;
if (!authHeader) {
return res.status(401).json({ message: 'No token provided' });
}
if (!authHeader) {
return res.status(401).json({ message: 'No token provided' });
}
const token = authHeader.split(' ')[1];
const token = authHeader.split(' ')[1];
jwt.verify(token, process.env.JWT_SECRET, (err, decoded) => {
if (err) {
return res.status(401).json({ message: 'Invalid token' });
}
jwt.verify(token, process.env.JWT_SECRET, (err, decoded) => {
if (err) {
return res.status(401).json({ message: 'Invalid token' });
}
// Check token last activity
const lastActivity = activeSessions[token];
const now = Date.now();
// Check token last activity
const lastActivity = activeSessions[token];
const now = Date.now();
if (lastActivity && now - lastActivity > 30 * 60 * 1000) {
delete activeSessions[token];
return res.status(401).json({ message: 'Token expired due to inactivity' });
}
if (lastActivity && now - lastActivity > 30 * 60 * 1000) {
delete activeSessions[token];
return res.status(401).json({ message: 'Token expired due to inactivity' });
}
// Update last activity
activeSessions[token] = now;
// Update last activity
activeSessions[token] = now;
req.user = decoded;
req.user = decoded;
if (requiredRole && decoded.role !== requiredRole) {
return res.status(403).json({ message: 'Forbidden. Insufficient role' });
}
if (requiredRole && decoded.role !== requiredRole) {
return res.status(403).json({ message: 'Forbidden. Insufficient role' });
}
next();
});
};
next();
});
};
};

66
routes/authRoute.js
View File

@ -1,47 +1,47 @@
const express = require('express');
const bcrypt = require('bcryptjs');
const jwt = require('jsonwebtoken');
const pool = require('../config/databases');
const { pool } = require('../config/databases');
require('dotenv').config();
const router = express.Router();
router.post('/login', async (req, res) => {
const { username, password } = req.body;
const { username, password } = req.body;
try {
const [rows] = await pool.query(
'SELECT * FROM users WHERE username = ?',
[username]
);
try {
const [rows] = await pool.query(
'SELECT * FROM users WHERE username = ?',
[username]
);
if (rows.length === 0) {
return res.status(401).json({ message: 'Invalid credentials' });
if (rows.length === 0) {
return res.status(401).json({ message: 'Invalid credentials' });
}
const user = rows[0];
const isMatch = await bcrypt.compare(password, user.password);
if (!isMatch) {
return res.status(401).json({ message: 'Invalid credentials' });
}
const payload = {
id: user.id,
username: user.username,
role: user.role,
};
const token = jwt.sign(payload, process.env.JWT_SECRET, {
expiresIn: '2h', // max lifespan
});
res.json({ token });
} catch (err) {
console.error(err);
res.status(500).json({ message: 'Server error' });
}
const user = rows[0];
const isMatch = await bcrypt.compare(password, user.password);
if (!isMatch) {
return res.status(401).json({ message: 'Invalid credentials' });
}
const payload = {
id: user.id,
username: user.username,
role: user.role,
};
const token = jwt.sign(payload, process.env.JWT_SECRET, {
expiresIn: '2h', // max lifespan
});
res.json({ token });
} catch (err) {
console.error(err);
res.status(500).json({ message: 'Server error' });
}
});
module.exports = router;

16
routes/protectedRoute.js
View File

@ -5,18 +5,18 @@ const router = express.Router();
// Open only to logged users
router.get('/profile', authMiddleware(), (req, res) => {
res.json({
message: 'Welcome to your profile!',
user: req.user,
});
res.json({
message: 'Welcome to your profile!',
user: req.user,
});
});
// Open only to admins
router.get('/admin', authMiddleware('admin'), (req, res) => {
res.json({
message: 'Welcome, admin!',
user: req.user,
});
res.json({
message: 'Welcome, admin!',
user: req.user,
});
});
module.exports = router;