diff --git a/server/index.js b/server/index.js index e170ad3..da081c1 100644 --- a/server/index.js +++ b/server/index.js @@ -80,7 +80,7 @@ app.use(require("./root")) */ app.use("/kfu-m-24-1", require("./routers/kfu-m-24-1")) app.use("/epja-2024-1", require("./routers/epja-2024-1")) -app.use("/todo", require("./routers/todo/routes")) +app.use("/v1/todo", require("./routers/todo")) app.use("/dogsitters-finder", require("./routers/dogsitters-finder")) app.use("/kazan-explore", require("./routers/kazan-explore")) app.use("/edateam", require("./routers/edateam-legacy")) diff --git a/server/routers/todo/auth.js b/server/routers/todo/auth.js new file mode 100644 index 0000000..af340e9 --- /dev/null +++ b/server/routers/todo/auth.js @@ -0,0 +1,90 @@ +const { Router } = require("express"); +const hash = require("pbkdf2-password")(); +const { promisify } = require("node:util"); +const jwt = require('jsonwebtoken') + +const { AuthModel } = require("./model/todo/auth"); +const { UserModel } = require("./model/todo/user"); +const { getAnswer } = require("../../utils/common"); + +const router = Router(); + +const TOKEN_KEY = process.env.TOKEN_KEY || "asdfhoa-podh829438132 iahda98gauj dj2i3-111" + +const requiredValidate = + (...fields) => + (req, res, next) => { + const errors = [] + + fields.forEach((field) => { + if (!req.body[field]) { + errors.push(field); + } + }); + + if (errors.length) { + throw new Error(`Не все поля заполнены: ${errors.join(", ")}`); + } else { + next(); + } + }; + +router.post( + "/signup", + requiredValidate("login", "password", "email"), + async (req, res, next) => { + const { login, password, email } = req.body; + + const user = await AuthModel.findOne({ login }); + + if (user) { + throw new Error("Пользователь с таким логином уже существует"); + } + + hash({ password }, async function (err, pass, salt, hash) { + if (err) return next(err); + + const user = await UserModel.create({ login, email }); + await AuthModel.create({ login, hash, salt, userId: user.id }); + + res.json(getAnswer(null, { ok: true })); + }); + } +); + +function authenticate(login, pass, cb) { + AuthModel.findOne({ login }).populate('userId').exec().then((user) => { + if (!user) return cb(null, null) + + hash({ password: pass, salt: user.salt }, function (err, pass, salt, hash) { + if (err) return cb(err) + if (hash === user.hash) return cb(null, user) + cb(null, null) + }) + }) +} + +const auth = promisify(authenticate); + +router.post('/signin', async (req, res) => { + const { login, password } = req.body; + + const user = await auth(login, password) + + if (!user) { + throw new Error("Неверный логин или пароль") + } + + const accessToken = jwt.sign({ + ...user.userId + }, TOKEN_KEY, { + expiresIn: '12h' + }) + + res.json(getAnswer(null, { + user: user.userId, + token: accessToken + })) +}) + +module.exports = router diff --git a/server/routers/todo/const.js b/server/routers/todo/const.js index ad185bf..ecfa281 100644 --- a/server/routers/todo/const.js +++ b/server/routers/todo/const.js @@ -1,2 +1,6 @@ exports.TODO_LIST_MODEL_NAME = 'TODO_LIST' exports.TODO_ITEM_MODEL_NAME = 'TODO_ITEM' + +exports.TODO_AUTH_PASSWD_MODEL_NAME = 'TODO_AUTH_PASSWD' +exports.TODO_AUTH_USER_MODEL_NAME = 'TODO_AUTH_USER' +exports.TODO_AUTH_CHAT_MODEL_NAME = 'TODO_AUTH_CHAT' diff --git a/server/routers/todo/index.js b/server/routers/todo/index.js new file mode 100644 index 0000000..d2e025e --- /dev/null +++ b/server/routers/todo/index.js @@ -0,0 +1,11 @@ +const { Router } = require('express') + +const router = Router() + +const todoRouter = require('./routes') +const authRouter = require('./auth') + +router.use(todoRouter) +router.use('/auth', authRouter) + +module.exports = router diff --git a/server/routers/todo/model/todo/auth.js b/server/routers/todo/model/todo/auth.js new file mode 100644 index 0000000..dc85649 --- /dev/null +++ b/server/routers/todo/model/todo/auth.js @@ -0,0 +1,31 @@ +const { Schema, model } = require("mongoose"); + +const { + TODO_AUTH_PASSWD_MODEL_NAME, + TODO_AUTH_USER_MODEL_NAME, +} = require("../../const"); + +const schema = new Schema({ + login: { type: String, required: true, unique: true }, + hash: { type: String, required: true }, + salt: { type: String, required: true }, + userId: { type: Schema.Types.ObjectId, ref: TODO_AUTH_USER_MODEL_NAME }, + created: { + type: Date, + default: () => new Date().toISOString(), + }, +}); + +schema.set("toJSON", { + virtuals: true, + versionKey: false, + transform: function (doc, ret) { + delete ret._id; + }, +}); + +schema.virtual("id").get(function () { + return this._id.toHexString(); +}); + +exports.AuthModel = model(TODO_AUTH_PASSWD_MODEL_NAME, schema); diff --git a/server/routers/todo/model/todo/user.js b/server/routers/todo/model/todo/user.js new file mode 100644 index 0000000..2ef85f1 --- /dev/null +++ b/server/routers/todo/model/todo/user.js @@ -0,0 +1,27 @@ +const { Schema, model } = require("mongoose"); + +const { TODO_AUTH_USER_MODEL_NAME } = require("../../const"); + +const schema = new Schema({ + login: { type: String, required: true, unique: true }, + email: { type: String, required: true, unique: true }, + role: { type: String, default: "user" }, + created: { + type: Date, + default: () => new Date().toISOString(), + }, +}) + +schema.set("toJSON", { + virtuals: true, + versionKey: false, + transform: function (doc, ret) { + delete ret._id + }, +}) + +schema.virtual("id").get(function () { + return this._id.toHexString() +}) + +exports.UserModel = model(TODO_AUTH_USER_MODEL_NAME, schema);