From d88e680413c8fa0b13fac0a66edf596eddf542a3 Mon Sep 17 00:00:00 2001
From: Primakov Alexandr Alexandrovich <primakov.pro@yandex.ru>
Date: Sat, 18 Jan 2025 15:44:14 +0300
Subject: [PATCH] todo auth

---
 server/index.js                        |  2 +-
 server/routers/todo/auth.js            | 90 ++++++++++++++++++++++++++
 server/routers/todo/const.js           |  4 ++
 server/routers/todo/index.js           | 11 ++++
 server/routers/todo/model/todo/auth.js | 31 +++++++++
 server/routers/todo/model/todo/user.js | 27 ++++++++
 6 files changed, 164 insertions(+), 1 deletion(-)
 create mode 100644 server/routers/todo/auth.js
 create mode 100644 server/routers/todo/index.js
 create mode 100644 server/routers/todo/model/todo/auth.js
 create mode 100644 server/routers/todo/model/todo/user.js

diff --git a/server/index.js b/server/index.js
index e170ad3..da081c1 100644
--- a/server/index.js
+++ b/server/index.js
@@ -80,7 +80,7 @@ app.use(require("./root"))
  */
 app.use("/kfu-m-24-1", require("./routers/kfu-m-24-1"))
 app.use("/epja-2024-1", require("./routers/epja-2024-1"))
-app.use("/todo", require("./routers/todo/routes"))
+app.use("/v1/todo", require("./routers/todo"))
 app.use("/dogsitters-finder", require("./routers/dogsitters-finder"))
 app.use("/kazan-explore", require("./routers/kazan-explore"))
 app.use("/edateam", require("./routers/edateam-legacy"))
diff --git a/server/routers/todo/auth.js b/server/routers/todo/auth.js
new file mode 100644
index 0000000..af340e9
--- /dev/null
+++ b/server/routers/todo/auth.js
@@ -0,0 +1,90 @@
+const { Router } = require("express");
+const hash = require("pbkdf2-password")();
+const { promisify } = require("node:util");
+const jwt = require('jsonwebtoken')
+
+const { AuthModel } = require("./model/todo/auth");
+const { UserModel } = require("./model/todo/user");
+const { getAnswer } = require("../../utils/common");
+
+const router = Router();
+
+const TOKEN_KEY = process.env.TOKEN_KEY || "asdfhoa-podh829438132 iahda98gauj dj2i3-111"
+
+const requiredValidate =
+  (...fields) =>
+  (req, res, next) => {
+    const errors = []
+
+    fields.forEach((field) => {
+      if (!req.body[field]) {
+        errors.push(field);
+      }
+    });
+
+    if (errors.length) {
+      throw new Error(`Не все поля заполнены: ${errors.join(", ")}`);
+    } else {
+      next();
+    }
+  };
+
+router.post(
+  "/signup",
+  requiredValidate("login", "password", "email"),
+  async (req, res, next) => {
+    const { login, password, email } = req.body;
+
+    const user = await AuthModel.findOne({ login });
+
+    if (user) {
+      throw new Error("Пользователь с таким логином уже существует");
+    }
+
+    hash({ password }, async function (err, pass, salt, hash) {
+      if (err) return next(err);
+
+      const user = await UserModel.create({ login, email });
+      await AuthModel.create({ login, hash, salt, userId: user.id });
+
+      res.json(getAnswer(null, { ok: true }));
+    });
+  }
+);
+
+function authenticate(login, pass, cb) {
+    AuthModel.findOne({ login }).populate('userId').exec().then((user) => {
+    if (!user) return cb(null, null)
+
+    hash({ password: pass, salt: user.salt }, function (err, pass, salt, hash) {
+      if (err) return cb(err)
+      if (hash === user.hash) return cb(null, user)
+      cb(null, null)
+    })
+  })
+}
+
+const auth = promisify(authenticate);
+
+router.post('/signin', async (req, res) => {
+    const { login, password } = req.body;
+
+    const user = await auth(login, password)
+
+    if (!user) {
+        throw new Error("Неверный логин или пароль")
+    }
+
+    const accessToken = jwt.sign({
+        ...user.userId
+    }, TOKEN_KEY, {
+        expiresIn: '12h'
+    })
+
+    res.json(getAnswer(null, {
+        user: user.userId,
+        token: accessToken  
+    }))
+})
+
+module.exports = router
diff --git a/server/routers/todo/const.js b/server/routers/todo/const.js
index ad185bf..ecfa281 100644
--- a/server/routers/todo/const.js
+++ b/server/routers/todo/const.js
@@ -1,2 +1,6 @@
 exports.TODO_LIST_MODEL_NAME = 'TODO_LIST'
 exports.TODO_ITEM_MODEL_NAME = 'TODO_ITEM'
+
+exports.TODO_AUTH_PASSWD_MODEL_NAME = 'TODO_AUTH_PASSWD'
+exports.TODO_AUTH_USER_MODEL_NAME = 'TODO_AUTH_USER'
+exports.TODO_AUTH_CHAT_MODEL_NAME = 'TODO_AUTH_CHAT'
diff --git a/server/routers/todo/index.js b/server/routers/todo/index.js
new file mode 100644
index 0000000..d2e025e
--- /dev/null
+++ b/server/routers/todo/index.js
@@ -0,0 +1,11 @@
+const { Router } = require('express')
+
+const router = Router()
+
+const todoRouter = require('./routes')
+const authRouter = require('./auth')
+
+router.use(todoRouter)
+router.use('/auth', authRouter)
+
+module.exports = router
diff --git a/server/routers/todo/model/todo/auth.js b/server/routers/todo/model/todo/auth.js
new file mode 100644
index 0000000..dc85649
--- /dev/null
+++ b/server/routers/todo/model/todo/auth.js
@@ -0,0 +1,31 @@
+const { Schema, model } = require("mongoose");
+
+const {
+  TODO_AUTH_PASSWD_MODEL_NAME,
+  TODO_AUTH_USER_MODEL_NAME,
+} = require("../../const");
+
+const schema = new Schema({
+  login: { type: String, required: true, unique: true },
+  hash: { type: String, required: true },
+  salt: { type: String, required: true },
+  userId: { type: Schema.Types.ObjectId, ref: TODO_AUTH_USER_MODEL_NAME },
+  created: {
+    type: Date,
+    default: () => new Date().toISOString(),
+  },
+});
+
+schema.set("toJSON", {
+  virtuals: true,
+  versionKey: false,
+  transform: function (doc, ret) {
+    delete ret._id;
+  },
+});
+
+schema.virtual("id").get(function () {
+  return this._id.toHexString();
+});
+
+exports.AuthModel = model(TODO_AUTH_PASSWD_MODEL_NAME, schema);
diff --git a/server/routers/todo/model/todo/user.js b/server/routers/todo/model/todo/user.js
new file mode 100644
index 0000000..2ef85f1
--- /dev/null
+++ b/server/routers/todo/model/todo/user.js
@@ -0,0 +1,27 @@
+const { Schema, model } = require("mongoose");
+
+const { TODO_AUTH_USER_MODEL_NAME } = require("../../const");
+
+const schema = new Schema({
+  login: { type: String, required: true, unique: true },
+  email: { type: String, required: true, unique: true },
+  role: { type: String, default: "user" },
+  created: {
+    type: Date,
+    default: () => new Date().toISOString(),
+  },
+})
+
+schema.set("toJSON", {
+  virtuals: true,
+  versionKey: false,
+  transform: function (doc, ret) {
+    delete ret._id
+  },
+})
+
+schema.virtual("id").get(function () {
+  return this._id.toHexString()
+})
+
+exports.UserModel = model(TODO_AUTH_USER_MODEL_NAME, schema);