115 lines
3.1 KiB
JavaScript
115 lines
3.1 KiB
JavaScript
const fs = require('fs');
|
|
const bodyParser = require('body-parser');
|
|
const jsonServer = require('json-server');
|
|
const jwt = require('jsonwebtoken');
|
|
const bcrypt = require('bcrypt');
|
|
const path = require('path');
|
|
const scanPhoto = require('./scanphoto.js');
|
|
|
|
const SECRET_KEY = '123456789';
|
|
const expiresIn = '1h';
|
|
|
|
const server = jsonServer.create();
|
|
|
|
// Serve static files
|
|
server.use(jsonServer.defaults({
|
|
static: path.join(__dirname, '../public')
|
|
}));
|
|
|
|
// Router
|
|
let router;
|
|
if (fs.existsSync('./api_v1/db.json')) {
|
|
router = jsonServer.router('./api_v1/db.json');
|
|
} else {
|
|
const initialData = fs.readFileSync('api_v1/initialDB.json', 'utf8');
|
|
fs.writeFileSync('api_v1/db.json', initialData);
|
|
router = jsonServer.router('./api_v1/db.json');
|
|
}
|
|
|
|
// Users DB
|
|
const userdb = JSON.parse(fs.readFileSync('./api_v1/users.json', 'UTF-8'));
|
|
|
|
server.use(bodyParser.urlencoded({ extended: true }));
|
|
server.use(bodyParser.json());
|
|
|
|
function createToken(payload) {
|
|
return jwt.sign(payload, SECRET_KEY, { expiresIn });
|
|
}
|
|
|
|
function verifyToken(token) {
|
|
return jwt.verify(token, SECRET_KEY, (err, decode) => decode || err);
|
|
}
|
|
|
|
function isAuthenticated({ email, password }) {
|
|
return userdb.users.findIndex(
|
|
user => user.email === email && bcrypt.compareSync(password, user.password)
|
|
) !== -1;
|
|
}
|
|
|
|
function azz() {
|
|
const initialData = fs.readFileSync('api_v1/initialDB.json', 'utf8');
|
|
fs.writeFileSync('api_v1/db.json', initialData);
|
|
router.db.setState(JSON.parse(initialData));
|
|
console.log('DB resettato');
|
|
}
|
|
|
|
// Home → public/index.html
|
|
server.get('/', (req, res) => {
|
|
res.sendFile(path.resolve("public/index.html"));
|
|
});
|
|
|
|
// Scan photos
|
|
server.get('/scan', async (req, res) => {
|
|
azz();
|
|
await scanPhoto('./public/photos/original');
|
|
console.log("Ricaricato");
|
|
res.send({ status: 'Ricaricato' });
|
|
});
|
|
|
|
// Serve files
|
|
server.get('/files', (req, res) => {
|
|
res.sendFile(path.resolve("public/" + req.query.file));
|
|
});
|
|
|
|
// Reset DB
|
|
server.get('/initDB', (req, res) => {
|
|
const initialData = fs.readFileSync('api_v1/initialDB.json', 'utf8');
|
|
fs.writeFileSync('api_v1/db.json', initialData);
|
|
router.db.setState(JSON.parse(initialData));
|
|
res.send({ status: 'DB resettato' });
|
|
});
|
|
|
|
// Login
|
|
server.post('/auth/login', (req, res) => {
|
|
const { email, password } = req.body;
|
|
|
|
if (!isAuthenticated({ email, password })) {
|
|
return res.status(401).json({ status: 401, message: 'Incorrect email or password' });
|
|
}
|
|
|
|
const token = createToken({ email, password });
|
|
res.status(200).json({ token });
|
|
});
|
|
|
|
// Auth middleware
|
|
server.use(/^(?!\/auth).*$/, (req, res, next) => {
|
|
if (!req.headers.authorization || req.headers.authorization.split(' ')[0] !== 'Bearer') {
|
|
return res.status(401).json({ status: 401, message: 'Bad authorization header' });
|
|
}
|
|
|
|
try {
|
|
verifyToken(req.headers.authorization.split(' ')[1]);
|
|
next();
|
|
} catch (err) {
|
|
res.status(401).json({ status: 401, message: 'Error: access_token is not valid' });
|
|
}
|
|
});
|
|
|
|
// Mount router
|
|
server.use(router);
|
|
|
|
// Start server on 4000
|
|
server.listen(4000, () => {
|
|
console.log('Auth API server running on port 4000 ...');
|
|
});
|
|
|