const mysql = require('mysql'); const jwt = require('jsonwebtoken'); const bcrypt = require('bcryptjs'); const { promisify } = require('util'); const db = mysql.createConnection({ host: process.env.DATABASE_HOST, user: process.env.DATABASE_USER, password: process.env.DATABASE_PASSWORD, database: process.env.DATABASE }); exports.login = async (req, res) => { try { const { email, password } = req.body; if (!email || !password) { return res.status(400).render('contains/connexion', { message: 'Veuillez entrer un email et un mot de passe' }) } db.query('SELECT * FROM users WHERE email = ?', [email], async (error, result) => { console.log(result) if (!result || result.length == 0 || !(await bcrypt.compare(password, result[0].password))) { res.status(401).render('contains/connexion', { message: 'Email ou Mot de passe incorrect' }) } else { const id = result[0].id; // creating a token const token = jwt.sign({ id: id }, process.env.JWT_SECRET, { expiresIn: process.env.JWT_EXPIRES_IN }); console.log("The token is : " + token); // when does our token expires const cookieOptions = { expires: new Date( Date.now() + process.env.JWT_COOKIE_EXPIRES_IN * 24 * 60 * 60 * 1000 ), // just to prevent if someone is not messing with our cookies httpOnly: true } // we can use any name here in res.cookie(name , token , cookieoptions ) ; // after a user is loged in we put cookie in browser res.cookie('jwt', token, cookieOptions); res.status(200).redirect('/'); } }) } catch (error) { console.log(error); } } exports.register = (req, res) => { console.log(req.body); // de-structuring in javaScript.... const { name, email, password } = req.body; db.query('SELECT email FROM users WHERE email = ?', [email], async (error, result) => { if (error) { console.log(error); } if (result.length > 0) { return res.render('contains/inscription', { message: 'Cet email est déjà utilisé' }) } let hashedPassword = await bcrypt.hash(password, 8); console.log(hashedPassword); db.query('INSERT INTO users SET ?', { name: name, email: email, password: hashedPassword }, (error, result) => { if (error) { console.log(error); } else { console.log(result); db.query('SELECT * FROM users WHERE email = ?', [email], async (error, result) => { console.log(result) const id = result[0].id; // creating a token const token = jwt.sign({ id: id }, process.env.JWT_SECRET, { expiresIn: process.env.JWT_EXPIRES_IN }); console.log("The token is : " + token); // when does our token expires const cookieOptions = { expires: new Date( Date.now() + process.env.JWT_COOKIE_EXPIRES_IN * 24 * 60 * 60 * 1000 ), // just to prevent if someone is not messing with our cookies httpOnly: true } // we can use any name here in res.cookie(name , token , cookieoptions ) ; // after a user is loged in we put cookie in browser res.cookie('jwt', token, cookieOptions); res.status(200).redirect('/'); }) } }); }) } exports.isLoggedIn = async (req, res, next) => { console.log(req.cookies); if (req.cookies.jwt) { try { // step 1 : Verify the token const decoded = await promisify(jwt.verify)( req.cookies.jwt, process.env.JWT_SECRET ) //console.log(decoded); const userId = decoded.id; req.userId = userId; // step 2: check if the user still exists db.query('SELECT * FROM users WHERE id = ?', [decoded.id], (error, result) => { console.log(result); if (!result) { return next(); } req.user = result[0]; return next(); }); } catch (error) { console.log(error); return next(); } } else { next(); } } exports.logout = async (req, res) => { res.cookie('jwt', 'déconnecté', { expires: new Date(Date.now() + 2 * 1000), httpOnly: true }); res.status(200).redirect('/'); }