Add files via upload

Author: ladunjexa

server/nodemon.json

@@ -0,0 +1,5 @@
+{
+    "watch": ["src"],
+    "ext": ".ts,.js",
+    "exec": "ts-node ./src/index.ts"
+}

server/package.json

@@ -0,0 +1,36 @@
+{
+  "name": "server",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "start": "nodemon",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "devDependencies": {
+    "@types/body-parser": "^1.19.2",
+    "@types/compression": "^1.7.2",
+    "@types/cookie-parser": "^1.4.3",
+    "@types/cors": "^2.8.13",
+    "@types/express": "^4.17.17",
+    "@types/lodash": "^4.14.194",
+    "@types/mongoose": "^5.11.97",
+    "nodemon": "^2.0.22",
+    "ts-node": "^10.9.1",
+    "typescript": "^5.0.4"
+  },
+  "dependencies": {
+    "body-parser": "^1.20.2",
+    "compression": "^1.7.4",
+    "cookie-parser": "^1.4.6",
+    "cors": "^2.8.5",
+    "crypto": "^1.0.1",
+    "dotenv": "^16.0.3",
+    "express": "^4.18.2",
+    "lodash": "^4.17.21",
+    "mongoose": "^7.0.3"
+  }
+}

server/src/controllers/authentication.ts

@@ -0,0 +1,80 @@
+import express from "express";
+import * as dotenv from "dotenv";
+
+import { createUser, getUserByEmail } from "../db/users";
+import { random, authentication } from "../helpers";
+
+dotenv.config();
+
+export const login = async (req: express.Request, res: express.Response) => {
+  try {
+    const { email, password } = req.body;
+
+    if (!email || !password) {
+      return res.sendStatus(400);
+    }
+
+    const user = await getUserByEmail(email).select(
+      "+authentication.password +authentication.salt"
+    );
+
+    if (!user) {
+      return res.sendStatus(400);
+    }
+
+    const expectedHash = authentication(user.authentication.salt, password);
+    if (user.authentication.password !== expectedHash) {
+      return res.sendStatus(403);
+    }
+
+    const salt = random();
+    user.authentication.sessionToken = authentication(
+      salt,
+      user._id.toString()
+    );
+
+    await user.save();
+
+    res.cookie(
+      process.env.SESSION_TOKEN_NAME as string,
+      user.authentication.sessionToken,
+      {
+        domain: "localhost",
+        path: "/",
+      }
+    );
+
+    return res.status(200).json(user).end();
+  } catch (error) {
+    console.log(error);
+    return res.sendStatus(400);
+  }
+};
+
+export const register = async (req: express.Request, res: express.Response) => {
+  try {
+    const { email, password, username } = req.body;
+
+    if (!email || !password || !username) {
+      return res.sendStatus(400);
+    }
+
+    const existingUser = await getUserByEmail(email);
+
+    if (existingUser) {
+      return res.sendStatus(400);
+    }
+
+    const salt = random();
+    const user = await createUser({
+      email,
+      username,
+      authentication: { salt, password: authentication(salt, password) },
+    });
+
+    return res.status(200).json(user).end();
+  } catch (error) {
+    console.log(error);
+    return res.sendStatus(400);
+  }
+};

server/src/controllers/users.ts

@@ -0,0 +1,57 @@
+import express from "express";
+
+import { getUsers, deleteUserById, getUserById } from "../db/users";
+
+export const getAllUsers = async (
+  req: express.Request,
+  res: express.Response
+) => {
+  try {
+    const users = await getUsers();
+
+    return res.status(200).json(users);
+  } catch (error) {
+    console.log(error);
+    return res.sendStatus(400);
+  }
+};
+
+export const deleteUser = async (
+  req: express.Request,
+  res: express.Response
+) => {
+  try {
+    const { id } = req.params;
+
+    const deletedUser = await deleteUserById(id);
+
+    return res.json(deletedUser);
+  } catch (error) {
+    console.log(error);
+    return res.sendStatus(400);
+  }
+};
+
+export const updateUser = async (
+  req: express.Request,
+  res: express.Response
+) => {
+  try {
+    const { id } = req.params;
+    const { username } = req.body;
+
+    if (!username) {
+      return res.sendStatus(400);
+    }
+
+    const user = await getUserById(id);
+
+    user.username = username;
+    await user.save();
+
+    return res.status(200).json(user).end();
+  } catch (error) {
+    console.log(error);
+    return res.sendStatus(400);
+  }
+};

server/src/db/users.ts

@@ -0,0 +1,27 @@
+import mongoose from "mongoose";
+
+const UserSchema = new mongoose.Schema({
+  username: { type: String, required: true },
+  email: { type: String, required: true },
+  authentication: {
+    password: { type: String, required: true, select: false },
+    salt: { type: String, select: false },
+    sessionToken: { type: String, select: false },
+  },
+});
+
+export const UserModel = mongoose.model("User", UserSchema);
+
+export const getUsers = () => UserModel.find();
+export const getUserByEmail = (email: string) => UserModel.findOne({ email });
+export const getUserBySessionToken = (sessionToken: string) =>
+  UserModel.findOne({
+    "authentication.sessionToken": sessionToken,
+  });
+export const getUserById = (id: string) => UserModel.findById(id);
+export const createUser = (values: Record<string, any>) =>
+  new UserModel(values).save().then((user) => user.toObject());
+export const deleteUserById = (id: string) =>
+  UserModel.findByIdAndDelete({ _id: id });
+export const updateUserById = (id: string, values: Record<string, any>) =>
+  UserModel.findByIdAndUpdate(id, values);

server/src/helpers/index.ts

@@ -0,0 +1,12 @@
+import crypto from "crypto";
+import * as dotenv from "dotenv";
+
+dotenv.config();
+
+export const random = () => crypto.randomBytes(128).toString("base64");
+export const authentication = (salt: string, password: string) => {
+  return crypto
+    .createHmac("sha256", [salt, password].join("/"))
+    .update(process.env.SECRET as string)
+    .digest("hex");
+};

server/src/index.ts

@@ -0,0 +1,37 @@
+import express from "express";
+import http from "http";
+import bodyParser from "body-parser";
+import cookieParser from "cookie-parser";
+import compression from "compression";
+import cors from "cors";
+import * as dotenv from "dotenv";
+import mongoose from "mongoose";
+
+import router from "./router";
+
+dotenv.config();
+
+const app = express();
+const PORT = process.env.PORT || 8080;
+
+app.use(
+  cors({
+    credentials: true,
+  })
+);
+
+app.use(compression());
+app.use(cookieParser());
+app.use(bodyParser.json());
+
+const server = http.createServer(app);
+
+server.listen(PORT, () => {
+  console.log(`Server is running on port http://localhost:${PORT}/`);
+});
+
+mongoose.Promise = Promise;
+mongoose.connect(process.env.MONGODB_URL);
+mongoose.connection.on("error", (error: Error) => console.log(error));
+
+app.use("/", router());

server/src/middlewares/index.ts

@@ -0,0 +1,58 @@
+import express from "express";
+import * as dotenv from "dotenv";
+import { get, merge } from "lodash";
+
+import { getUserBySessionToken } from "../db/users";
+
+dotenv.config();
+
+export const isOwner = async (
+  req: express.Request,
+  res: express.Response,
+  next: express.NextFunction
+) => {
+  try {
+    const { id } = req.params;
+    const currentUserId = get(req, "identity._id") as string;
+
+    if (!currentUserId) {
+      return res.sendStatus(403);
+    }
+
+    if (currentUserId.toString() !== id) {
+      return res.sendStatus(403);
+    }
+
+    next();
+  } catch (error) {
+    console.log(error);
+    return res.sendStatus(400);
+  }
+};
+
+export const isAuthenticated = async (
+  req: express.Request,
+  res: express.Response,
+  next: express.NextFunction
+) => {
+  try {
+    const sessionToken = req.cookies[process.env.SESSION_TOKEN_NAME as string];
+
+    if (!sessionToken) {
+      return res.sendStatus(403);
+    }
+
+    const existingUser = await getUserBySessionToken(sessionToken);
+
+    if (!existingUser) {
+      return res.sendStatus(403);
+    }
+
+    merge(req, { identity: existingUser });
+
+    return next();
+  } catch (error) {
+    console.log(error);
+    return res.sendStatus(400);
+  }
+};

server/src/router/authentication.ts

@@ -0,0 +1,8 @@
+import express from "express";
+
+import { register, login } from "../controllers/authentication";
+
+export default (router: express.Router) => {
+  router.post("/auth/register", register);
+  router.post("/auth/login", login);
+};

server/src/router/index.ts

@@ -0,0 +1,13 @@
+import express from "express";
+
+import authentication from "./authentication";
+import users from "./users";
+
+const router = express.Router();
+
+export default (): express.Router => {
+  authentication(router);
+  users(router);
+
+  return router;
+};