diff options
| author | Bobby <[email protected]> | 2022-07-05 00:23:58 +0530 |
|---|---|---|
| committer | Bobby <[email protected]> | 2022-07-05 00:23:58 +0530 |
| commit | 406a35de9d0d37d20123a0a3e961614142c2cf3c (patch) | |
| tree | 31299b83e59f02ad08051c7e21655e1895b79106 /routes/api/private | |
| parent | de994764b87d2716f951941f26a1044aaca63ed7 (diff) | |
| download | thatcomputerscientist-archived.tar.xz thatcomputerscientist-archived.zip | |
Updarte Screenshot API as a Public Servicearchived
Diffstat (limited to 'routes/api/private')
| -rw-r--r-- | routes/api/private/admin.js | 86 | ||||
| -rw-r--r-- | routes/api/private/user.js | 82 |
2 files changed, 168 insertions, 0 deletions
diff --git a/routes/api/private/admin.js b/routes/api/private/admin.js new file mode 100644 index 00000000..8b7d7d5f --- /dev/null +++ b/routes/api/private/admin.js @@ -0,0 +1,86 @@ +const router = require("express").Router(); +const mysql = require("mysql2"); +const bcrypt = require("bcryptjs"); +const validateAuthorization = require("../../../functions/validate"); + +require("dotenv").config(); +const connectionURL = process.env.DATABASE_URL; + +router.get("/", (req, res) => { + const validationHeader = req.headers.auth; + if (validateAuthorization(validationHeader)) { + res.status(200).json({ + message: "Welcome to the Admin API!", + }); + } else { + res.status(401).json({ + message: "Unauthorized", + }); + } +}); + +router.post("/create", (req, res) => { + // Creates an admin user + const validationHeader = req.headers.auth; + if (validateAuthorization(validationHeader)) { + const connection = mysql.createConnection(connectionURL); + connection.connect(); + const sql = + "INSERT INTO Users (username, password, admin) VALUES (?, ?, ?)"; + const username = req.body.username; + const password = req.body.password; + const hashedPassword = bcrypt.hashSync(password, 10); + const admin = 1; + connection.query( + sql, + [username, hashedPassword, admin], + (err, results, fields) => { + if (err) { + res.status(500).json({ + message: "Error creating user", + error: err, + }); + } else { + res.status(201).json({ + message: "User created", + }); + } + } + ); + connection.end(); + } else { + res.status(401).json({ + message: "Unauthorized", + }); + } +}); + +router.post("/delete", (req, res) => { + // Deletes an admin user + const validationHeader = req.headers.auth; + if (validateAuthorization(validationHeader)) { + const connection = mysql.createConnection(connectionURL); + connection.connect(); + const sql = "DELETE FROM Users WHERE username = ?"; + const username = req.body.username; + connection.query(sql, [username], (err, results, fields) => { + if (err) { + res.status(500).json({ + message: "Error deleting user", + error: err, + }); + } else { + res.status(200).json({ + message: "User deleted", + }); + } + }); + connection.end(); + } else { + res.status(401).json({ + message: "Unauthorized", + }); + } +}); + +module.exports = router; diff --git a/routes/api/private/user.js b/routes/api/private/user.js new file mode 100644 index 00000000..8874d2e5 --- /dev/null +++ b/routes/api/private/user.js @@ -0,0 +1,82 @@ +const router = require("express").Router(); +const mysql = require("mysql2"); +const bcrypt = require("bcryptjs"); +const jwt = require("jsonwebtoken"); + +require("dotenv").config(); + +const connectionURL = process.env.DATABASE_URL; +const validationString = process.env.AUTHORIZATION_STRING; + +router.post("/login", (req, res) => { + // Log in as user + const username = req.body.username; + const password = req.body.password; + const connection = mysql.createConnection(connectionURL); + connection.connect(); + const sql = "SELECT * FROM Users WHERE username = ?"; + connection.query(sql, [username], (err, results, fields) => { + if (err) { + res.status(500).json({ + message: "Error logging in", + error: err, + }); + } else { + if (results.length > 0) { + const user = results[0]; + if (bcrypt.compareSync(password, user.password)) { + const token = jwt.sign( + { + username: user.username, + admin: user.admin, + }, + validationString + ); + res.status(200).json({ + message: "Logged in", + token: token, + }); + } else { + res.status(401).json({ + message: "Incorrect password", + }); + } + } else { + res.status(401).json({ + message: "User not found", + }); + } + } + }); + connection.end(); +}); + +router.post("/create", (req, res) => { + // Creates a regular user + const username = req.body.username; + const password = req.body.password; + const connection = mysql.createConnection(connectionURL); + connection.connect(); + const sql = "INSERT INTO Users (username, password, admin) VALUES (?, ?, ?)"; + const hashedPassword = bcrypt.hashSync(password, 10); + const admin = 0; + connection.query( + sql, + [username, hashedPassword, admin], + (err, results, fields) => { + if (err) { + res.status(500).json({ + message: "Error creating user", + error: err, + }); + } else { + res.status(201).json({ + message: "User created", + }); + } + } + ); + connection.end(); +}); + +module.exports = router; |