kajvans/forum-backend
1
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases Wiki Activity

to much to say

Browse Source
This commit is contained in:
kaj van schalkwijk
2024-01-23 22:28:46 +01:00
parent b728e1508a
commit 9a192622b1
16 changed files with 3884 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files
auth.js
-31
View File
@@ -1,31 +0,0 @@
const {JWTManager} = require("auth-guardian");
const dotenv = require("dotenv");
dotenv.config();
const jwtAuth = new JWTManager.jwtAuth(process.env.JWT_SECRET);
function generateAccesToken(user){
return jwtAuth.generateJWT({user: user}, {expiresIn: "1h"});
}
function generateRefreshToken(user){
return jwtAuth.generateJWT({user: user}, {expiresIn: "7d"});
}
function generatePermtoken(user){
return jwtAuth.generateJWT({user: user}, {expiresIn: "60d"});
}
function verifyToken(token){
return jwtAuth.verifyJWT(token);
}
function verifyRefreshToken(token){
return jwtAuth.verifyJWT(token);
}
function verifyPermtoken(token){
return jwtAuth.verifyJWT(token);
}
auth/auth.js
+34
View File
@@ -0,0 +1,34 @@
const {JWTAuth} = require("auth-guardian");
const dotenv = require("dotenv");
dotenv.config();
const jwtAuth = new JWTAuth(process.env.JWT_SECRET);
function generateAccesToken(user, expiresIn = "1h"){
return jwtAuth.generateJWT({user: user}, {expiresIn: expiresIn});
}
function generateRefreshToken(user, expiresIn = "5d"){
return jwtAuth.generateJWT({user: user}, {expiresIn: expiresIn});
}
function generatePermtoken(user, expiresIn = "60d"){
return jwtAuth.generateJWT({user: user}, {expiresIn: expiresIn});
}
function verifyToken(token){
try{
return jwtAuth.verifyJWT(token);
}
catch(err){
return false;
}
}
module.exports = {
generateAccesToken,
generateRefreshToken,
generatePermtoken,
verifyToken
}
auth/auth.test.js
+81
View File
@@ -0,0 +1,81 @@
const dotenv = require("dotenv");
const { generateAccesToken, generateRefreshToken, generatePermtoken, verifyToken} = require("./auth");
dotenv.config();
describe('Auth.js Tests', () => {
const user = { id: 1, name: 'Test User' };
test('generateAccesToken should return a valid JWT', () => {
const token = generateAccesToken(user);
const decoded = verifyToken(token);
expect(decoded.user).toEqual(user);
});
test('generateRefreshToken should return a valid JWT', () => {
const token = generateRefreshToken(user);
const decoded = verifyToken(token);
expect(decoded.user).toEqual(user);
});
test('generatePermtoken should return a valid JWT', () => {
const token = generatePermtoken(user);
const decoded = verifyToken(token);
expect(decoded.user).toEqual(user);
});
test('verifyToken should return user for a valid token', () => {
const token = generateAccesToken(user);
const result = verifyToken(token);
expect(result.user).toEqual(user);
});
test('verifyRefreshToken should return true for a valid token', () => {
const token = generateRefreshToken(user);
const result = verifyToken(token);
expect(result.user).toEqual(user);
});
test('verifyPermtoken should return true for a valid token', () => {
const token = generatePermtoken(user);
const result = verifyToken(token);
expect(result.user).toEqual(user);
});
test('verifyToken should return false for an expired token', () => {
const token = generateAccesToken(user, "1ms");
const result = verifyToken(token);
expect(result.user).toEqual(undefined);
});
test('verifyRefreshToken should return false for an expired token', () => {
const token = generateAccesToken(user, "1ms");
const result = verifyToken(token);
expect(result.user).toEqual(undefined);
});
test('verifyPermtoken should return false for an expired token', () => {
const token = generateAccesToken(user, "1ms");
const result = verifyToken(token);
expect(result.user).toEqual(undefined);
});
test('verifyToken should return false for a token with an invalid signature', () => {
const token = generateAccesToken(user);
const result = verifyToken(token + 'a');
expect(result).toBe(false);
});
test('verifyRefreshToken should return false for a token with an invalid signature', () => {
const token = generateRefreshToken(user);
const result = verifyToken(token + 'a');
expect(result).toBe(false);
});
test('verifyPermtoken should return false for a token with an invalid signature', () => {
const token = generatePermtoken(user);
const result = verifyToken(token + 'a');
expect(result).toBe(false);
});
});
auth/middleware.js
+50
View File
@@ -0,0 +1,50 @@
const {verifyToken, generateAccesToken, generateRefreshToken} = require("./auth");
const auth = (req, res, next) => {
const refreshToken = req.cookies.refreshToken;
const accessToken = req.cookies.accessToken;
const permtoken = req.cookies.permtoken;
if(!refreshToken && !accessToken && !permtoken) return res.status(401).json({error: "Unauthorized"});
if(accessToken){
const result = verifyToken(accessToken);
if(result.user){
req.user = result.user;
return next();
}
}
else if(refreshToken && !accessToken){
const result = verifyToken(refreshToken);
if(result != false){
//create new access token
const newAccessToken = generateAccesToken(result.user);
res.cookie("accessToken", newAccessToken, {httpOnly: true});
}
if(result.user){
req.user = result.user;
return next();
}
}
else if(permtoken){
const result = verifyToken(permtoken);
if(result != false){
//create new access token
const newAccessToken = generateAccesToken(result.user);
res.cookie("accessToken", newAccessToken, {httpOnly: true});
//create new refresh token
const newRefreshToken = generateRefreshToken(result.user);
res.cookie("refreshToken", newRefreshToken, {httpOnly: true});
}
if(result.user){
req.user = result.user;
return next();
}
}
return res.status(401).json({error: "Unauthorized"});
}
module.exports = auth;
auth/middleware.test.js
+98
View File
@@ -0,0 +1,98 @@
const dotenv = require("dotenv");
const { generateAccesToken, generateRefreshToken, generatePermtoken, verifyToken} = require("./auth");
const middleware = require("./middleware");
dotenv.config();
describe('Middleware.js Tests', () => {
let req, res, next;
const user = { id: 1, name: 'Test User' };
beforeEach(() => {
req = { cookies: {} };
res = {
cookie: jest.fn(),
status: jest.fn(function() {
return this;
}),
json: jest.fn()
};
next = jest.fn();
});
test('should call next() if access token is valid', () => {
const token = generateAccesToken(user);
req.cookies.accessToken = token;
middleware(req, res, next);
expect(next).toHaveBeenCalled();
});
test('should call next() if refresh token is valid', () => {
const token = generateRefreshToken(user);
req.cookies.refreshToken = token;
middleware(req, res, next);
expect(next).toHaveBeenCalled();
});
test('should call next() if permtoken is valid', () => {
const token = generatePermtoken(user);
req.cookies.permtoken = token;
middleware(req, res, next);
expect(next).toHaveBeenCalled();
});
test('should return 401 if no tokens are present', () => {
middleware(req, res, next);
expect(res.status).toHaveBeenCalledWith(401);
});
test('should return 401 if access token is invalid', () => {
const token = generateAccesToken(user);
req.cookies.accessToken = token + 'a';
middleware(req, res, next);
expect(res.status).toHaveBeenCalledWith(401);
});
test('should return 401 if refresh token is invalid', () => {
const token = generateRefreshToken(user);
req.cookies.refreshToken = token + 'a';
middleware(req, res, next);
expect(res.status).toHaveBeenCalledWith(401);
});
test('should return 401 if permtoken is invalid', () => {
const token = generatePermtoken(user);
req.cookies.permtoken = token + 'a';
middleware(req, res, next);
expect(res.status).toHaveBeenCalledWith(401);
});
test('should return access token if refresh token is valid', () => {
const token = generateRefreshToken(user);
req.cookies.refreshToken = token;
middleware(req, res, next);
expect(res.cookie).toHaveBeenCalledWith('accessToken', expect.any(String), { httpOnly: true });
});
test('should return access token and refresh if permtoken is valid', () => {
const token = generatePermtoken(user);
req.cookies.permtoken = token;
middleware(req, res, next);
expect(res.cookie).toHaveBeenCalledWith('accessToken', expect.any(String), { httpOnly: true });
expect(res.cookie).toHaveBeenCalledWith('refreshToken', expect.any(String), { httpOnly: true });
});
test('should not return refresh token if access token is valid', () => {
const token = generateAccesToken(user);
req.cookies.accessToken = token;
middleware(req, res, next);
expect(res.cookie).not.toHaveBeenCalledWith('refreshToken', expect.any(String), { httpOnly: true });
});
test('should not return permtoken token if refresh is valid', () => {
const token = generatePermtoken(user);
req.cookies.permtoken = token;
middleware(req, res, next);
expect(res.cookie).not.toHaveBeenCalledWith('permtoken', expect.any(String), { httpOnly: true });
});
});
auth/password.js
+38
View File
@@ -0,0 +1,38 @@
const {PassCheck, PasswordGenerator } = require("auth-guardian")
const passwordPolicyOptions = {
minLength: process.env.PASSMINLENGTH,
maxLength: process.env.PASSMAXLENGTH,
minLower: process.env.PASSMINLOWERCASE,
minUpper: process.env.PASSMINUPPERCASE,
minNum: process.env.PASSMINNUMBERS,
minSpecial: process.env.PASSMINSYMBOLS,
specialChars: process.env.PASSSYMBOLS
}
const passwordPolicyOptionsGenerate = {
minLength: 12,
maxLength: 18,
minLower: process.env.PASSMINLOWERCASE,
minUpper: process.env.PASSMINUPPERCASE,
minNum: process.env.PASSMINNUMBERS,
minSpecial: process.env.PASSMINSYMBOLS,
specialChars: process.env.PASSSYMBOLS
}
const passWordCheck = new PassCheck(parseInt(process.env.SaltRounds), passwordPolicyOptions)
const passwordGen = new PasswordGenerator({passwordPolicyOptionsGenerate})
function verify(password, hash){
return passWordCheck.verifyPassword(password, hash)
}
function hash(password){
return passWordCheck.hashPassword(password)
}
function generatePassword(){
return passwordGen.Generate()
}
module.exports = {verify, hash, generatePassword}
auth/password.test.js
+31
View File
@@ -0,0 +1,31 @@
const dotenv = require("dotenv");
const {verify, hash, generatePassword} = require("./password");
dotenv.config();
describe('Password.js Tests', () => {
const password = 'password';
test('hash should return a hashed password', async () => {
const hashedPassword = await hash(password);
expect(hashedPassword).not.toEqual(password);
});
test('verify should return true for a valid password', async () => {
const hashedPassword = await hash(password);
const result = await verify(password, hashedPassword);
expect(result).toBe(true);
});
test('verify should return false for an invalid password', async () => {
const hashedPassword = await hash(password);
const result = await verify(password + 'a', hashedPassword);
expect(result).toBe(false);
});
test('generatePassword should return a valid password', async () => {
const generatedPassword = await generatePassword();
const hashedpass = await hash(generatedPassword);
const result = await verify(generatedPassword, hashedpass);
expect(result).toBe(true);
});
});
index.js
+21 -1
View File
@@ -1,4 +1,24 @@
const express = require('express'); const express = require('express');
const dotenv = require('dotenv'); const dotenv = require('dotenv');
const cors = require('cors'); const cors = require('cors');
const auth = require('./auth.js'); const auth = require('./auth/middleware');
const cookieParser = require('cookie-parser');
dotenv.config();
const app = express();
app.use(cookieParser());
app.use(express.json());
app.use(cors());
app.listen(process.env.PORT || 5000, () => {
console.log(`Server is running on port ${process.env.PORT || 5000}`);
});
app.use('/register', require('./routes/register.js'));
app.use('/login', require('./routes/login.js'));
app.use('/user', require('./routes/user.js'));
app.use('/create', auth, require('./routes/create.js'));
app.use('/post',auth, require('./routes/posts.js'));
module.exports = app;
package-lock.json
Generated
+3287 -72
View File
File diff suppressed because it is too large Load Diff
package.json
+5 -2
View File
@@ -4,18 +4,21 @@
"description": "backend for forum", "description": "backend for forum",
"main": "index.js", "main": "index.js",
"scripts": { "scripts": {
"test": "echo \"Error: no test specified\" && exit 1" "test": "jest",
"start": "nodemon index.js"
}, },
"author": "kaj van schalkwijk", "author": "kaj van schalkwijk",
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"auth-guardian": "^1.0.2", "auth-guardian": "^1.1.1",
"bcrypt": "^5.1.1", "bcrypt": "^5.1.1",
"cookie-parser": "^1.4.6", "cookie-parser": "^1.4.6",
"cors": "^2.8.5", "cors": "^2.8.5",
"dotenv": "^16.3.1", "dotenv": "^16.3.1",
"express": "^4.18.2", "express": "^4.18.2",
"jest": "^29.7.0",
"jsonwebtoken": "^9.0.2", "jsonwebtoken": "^9.0.2",
"supertest": "^6.3.4",
"surrealdb.node": "^0.3.0", "surrealdb.node": "^0.3.0",
"timestringconverter": "^1.0.0" "timestringconverter": "^1.0.0"
}, },
routes/create.js
+57
View File
@@ -0,0 +1,57 @@
const db = require('../surreal');
const router = require('express').Router();
router.post('/', async (req, res) => {
try{
const username = req.user;
const {title, content} = req.body;
if(title.length > process.env.MAXTITLELENGTH) return res.status(400).json({error: "Title is too long"});
if(content.length > process.env.MAXCONTENTLENGTH) return res.status(400).json({error: "Content is too long"});
if(!title || !content) return res.status(400).json({error: "Missing title or content"});
if(title.length < process.env.MINTITLELENGTH) return res.status(400).json({error: "Title is too short"});
if(content.length < process.env.MINCONTENTLENGTH) return res.status(400).json({error: "Content is too short"});
if(!username) return res.status(400).json({error: "Missing username"});
const currentDate = new Date();
const formattedDateAndTime = currentDate.toLocaleTimeString('en-gb', { timeStyle: 'short' });
const formattedDate = currentDate.toLocaleDateString('en-gb');
const date = formattedDateAndTime + " " + formattedDate;
const newPost = await db.create('posts', {title: title, content: content, author: username, date: date});
postId = (newPost[0].id).slice(6);
const update = await db.query(`UPDATE users SET posts += "${postId}" WHERE username = string::lowercase("${username}")`)
res.status(200).json({message: "Post created"});
}
catch(err){
console.log(err);
res.status(500).json({error: "Internal server error"});
}
});
router.delete('/:id', async (req, res) => {
try{
const username = req.user;
const id = 'posts:' + req.params.id;
if(!username) return res.status(400).json({error: "Missing username"});
if(!id) return res.status(400).json({error: "Missing id"});
const post = await db.query(`SELECT * FROM posts WHERE id = "${id}"`);
if(post.length == 0) return res.status(400).json({error: "Post does not exist"});
if(post[0].author != username) return res.status(400).json({error: "You are not the author of this post"});
const deletePost = await db.query(`DELETE FROM posts WHERE id = "${id}"`);
const update = await db.query(`UPDATE users SET posts -= "${id}" WHERE username = string::lowercase("${username}")`)
res.status(200).json({message: "Post deleted"});
}
catch(err){
console.log(err);
res.status(500).json({error: "Internal server error"});
}
});
module.exports = router;
routes/login.js
+38
View File
@@ -0,0 +1,38 @@
const db = require('../surreal');
const {generateAccesToken, generateRefreshToken, generatePermtoken} = require("../auth/auth");
const {verify} = require("../auth/password");
const router = require('express').Router();
const timestringconverter = require('timestringconverter');
router.post('/', async (req, res) => {
const {username, password, remember} = req.body;
console.log(username)
if(!username) return res.status(400).json({error: "Username not provided"});
if(!password) return res.status(400).json({error: "Password not provided"});
const user = await db.query(`SELECT * FROM users WHERE username = string::lowercase("${username}")`);
if (user.length == 0) {
return res.status(400).json({error: 'Wrong credentials'});
}
const validPass = await verify(password, user[0].password);
if(!validPass) return res.status(400).json({error: "Wrong credentials"});
const accessToken = generateAccesToken(user[0].username);
const refreshToken = generateRefreshToken(user[0].username);
if(remember == true){
const permtoken = generatePermtoken(user[0].username);
res.cookie('permtoken', permtoken, {httpOnly: true, maxAge: 1000 * timestringconverter.ToSec(process.env.PERMTOKENAGE), path: '/permtoken'});
}
res.cookie('accessToken', accessToken, {httpOnly: true, maxAge: 1000 * timestringconverter.ToSec(process.env.ACCESSTOKENAGE)});
res.cookie('refreshToken', refreshToken, {httpOnly: true, maxAge: 1000 * timestringconverter.ToSec(process.env.REFRESHTOKENAGE), path: '/refreshtoken'});
res.status(200).json({message: 'Logged in'});
});
module.exports = router;
routes/posts.js
+29
View File
@@ -0,0 +1,29 @@
const db = require('../surreal');
const router = require('express').Router();
router.post('/like/:postId', async (req, res) => {
const username = req.user;
const postId = 'posts:' + req.params.postId;
if(!username) return res.status(400).json({error: "Missing username"});
if(!postId) return res.status(400).json({error: "Missing postId"});
const postData = await db.query(`SELECT * FROM posts WHERE id = "${postId}"`);
//check if user already liked post
for(let i = 0; i < postData[0].likes.length; i++){
if(postData[0].likes[i] === username){
const post = await db.query(`UPDATE posts SET likes -= "${username}" WHERE id = "${postId}"`);
const user = await db.query(`UPDATE users SET likedPosts -= "${req.params.postId}" WHERE username = string::lowercase("${username}")`);
return res.status(200).json({message: "Post unliked"});
}
}
const post = await db.query(`UPDATE posts SET likes += "${username}" WHERE id = "${postId}"`);
const user = await db.query(`UPDATE users SET likedPosts += "${req.params.postId}" WHERE username = string::lowercase("${username}")`);
res.status(200).json({message: "Post liked"});
});
module.exports = router;
routes/register.js
+65
View File
@@ -0,0 +1,65 @@
const db = require('../surreal');
const { generateAccesToken, generateRefreshToken, generatePermtoken } = require("../auth/auth");
const { hash, generatePassword } = require("../auth/password");
const router = require('express').Router();
const timestringconverter = require('timestringconverter');
router.get('/password', async (req, res) => {
res.json({ password: generatePassword() });
});
router.post('/', async (req, res) => {
const { username, password, remember } = req.body;
if (!username) return res.status(400).json({ error: "Username not provided" });
if (!password) return res.status(400).json({ error: "Password not provided" });
if (username.length > process.env.USERNAMELENGTH) return res.status(400).json({ error: "Username too long" });
if (password.length < process.env.PASSMINLENGTH) return res.status(400).json({ error: "Password too short" });
if (password.length > process.env.PASSMAXLENGTH) return res.status(400).json({ error: "Password too long" });
if ((password.match(/[a-z]/g) || []).length < process.env.PASSMINLOWERCASE) return res.status(400).json({ error: "Password does not contain enough lowercase letters" });
if ((password.match(/[A-Z]/g) || []).length < process.env.PASSMINUPPERCASE) return res.status(400).json({ error: "Password does not contain enough uppercase letters" });
if ((password.match(/[0-9]/g) || []).length < process.env.PASSMINNUMBERS) return res.status(400).json({ error: "Password does not contain enough numbers" });
if ((password.match(/[!@#$%^&*()_+~`|}{[\]:;?><,./-]/g) || []).length < process.env.PASSMINSYMBOLS) return res.status(400).json({ error: "Password does not contain enough symbols" });
const userExists = await db.query(`SELECT * FROM users WHERE username = string::lowercase("${username}")`);
if (userExists.length != 0) {
return res.status(400).json({ message: 'Username already exists' });
}
const hashedPassword = await hash(password);
const currentDate = new Date();
const user = {
username: username,
password: hashedPassword,
creation: currentDate.toLocaleDateString('en-gb'),
}
console.log(user)
const newUser = await db.create('users', user);
console.log(newUser);
const accessToken = generateAccesToken(newUser[0].username);
const refreshToken = generateRefreshToken(newUser[0].username);
if (remember == true) {
const permtoken = generatePermtoken(newUser[0].username);
res.cookie('permtoken', permtoken, { httpOnly: true, maxAge: 1000 * timestringconverter.ToSec(process.env.PERMTOKENAGE), path: '/permtoken' });
}
res.cookie('accessToken', accessToken, { httpOnly: true, maxAge: 1000 * timestringconverter.ToSec(process.env.ACCESSTOKENAGE) });
res.cookie('refreshToken', refreshToken, { httpOnly: true, maxAge: 1000 * timestringconverter.ToSec(process.env.REFRESHTOKENAGE), path: '/refreshtoken' });
res.status(200).json({ message: 'User created' });
});
module.exports = router;
routes/user.js
+49
View File
@@ -0,0 +1,49 @@
const db = require('../surreal');
const router = require('express').Router();
const middleware = require('../auth/middleware');
router.get('/:username', async (req, res) => {
try{
const username = req.params.username;
if(!username) return res.status(400).json({error: "Missing username"});
const user = await db.query(`SELECT description, creation FROM users WHERE username = string::lowercase("${username}")`);
if(user.length == 0) return res.status(400).json({error: "User does not exist"});
const posts = await db.query(`SELECT * FROM posts WHERE author = string::lowercase("${username}")`);
const returnData = {
description: user[0].description,
creation: user[0].creation,
posts: posts
}
res.status(200).json({returnData});
}
catch(err){
console.log(err);
res.status(500).json({error: "Internal server error"});
}
});
router.put('/description', middleware, async (req, res) => {
try{
const username = req.user;
const {description} = req.body;
if(!username) return res.status(400).json({error: "Missing username"});
if(!description) return res.status(400).json({error: "Missing description"});
if(description.length > process.env.MAXDESCRIPTIONLENGTH) return res.status(400).json({error: "Description is too long"});
const update = await db.query(`UPDATE users SET description = "${description}" WHERE username = string::lowercase("${username}")`);
res.status(200).json({message: "Description updated"});
}
catch(err){
console.log(err);
res.status(500).json({error: "Internal server error"});
}
});
module.exports = router;
surreal.js
+1
View File
@@ -17,6 +17,7 @@ async function main() {
// Select a specific namespace / database // Select a specific namespace / database
await db.use({ ns: 'forum', db: 'forum' }); await db.use({ ns: 'forum', db: 'forum' });
} catch (e) { } catch (e) {
console.error('ERROR', e); console.error('ERROR', e);
} }