aboutsummaryrefslogtreecommitdiff
path: root/routes/api/private/user.js
diff options
context:
space:
mode:
Diffstat (limited to 'routes/api/private/user.js')
-rw-r--r--routes/api/private/user.js82
1 files changed, 82 insertions, 0 deletions
diff --git a/routes/api/private/user.js b/routes/api/private/user.js
new file mode 100644
index 00000000..8874d2e5
--- /dev/null
+++ b/routes/api/private/user.js
@@ -0,0 +1,82 @@
+const router = require("express").Router();
+const mysql = require("mysql2");
+const bcrypt = require("bcryptjs");
+const jwt = require("jsonwebtoken");
+
+require("dotenv").config();
+
+const connectionURL = process.env.DATABASE_URL;
+const validationString = process.env.AUTHORIZATION_STRING;
+
+router.post("/login", (req, res) => {
+ // Log in as user
+ const username = req.body.username;
+ const password = req.body.password;
+ const connection = mysql.createConnection(connectionURL);
+ connection.connect();
+ const sql = "SELECT * FROM Users WHERE username = ?";
+ connection.query(sql, [username], (err, results, fields) => {
+ if (err) {
+ res.status(500).json({
+ message: "Error logging in",
+ error: err,
+ });
+ } else {
+ if (results.length > 0) {
+ const user = results[0];
+ if (bcrypt.compareSync(password, user.password)) {
+ const token = jwt.sign(
+ {
+ username: user.username,
+ admin: user.admin,
+ },
+ validationString
+ );
+ res.status(200).json({
+ message: "Logged in",
+ token: token,
+ });
+ } else {
+ res.status(401).json({
+ message: "Incorrect password",
+ });
+ }
+ } else {
+ res.status(401).json({
+ message: "User not found",
+ });
+ }
+ }
+ });
+ connection.end();
+});
+
+router.post("/create", (req, res) => {
+ // Creates a regular user
+ const username = req.body.username;
+ const password = req.body.password;
+ const connection = mysql.createConnection(connectionURL);
+ connection.connect();
+ const sql = "INSERT INTO Users (username, password, admin) VALUES (?, ?, ?)";
+ const hashedPassword = bcrypt.hashSync(password, 10);
+ const admin = 0;
+ connection.query(
+ sql,
+ [username, hashedPassword, admin],
+ (err, results, fields) => {
+ if (err) {
+ res.status(500).json({
+ message: "Error creating user",
+ error: err,
+ });
+ } else {
+ res.status(201).json({
+ message: "User created",
+ });
+ }
+ }
+ );
+ connection.end();
+});
+
+module.exports = router;
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-06 02:31:56 +0000