247 lines
7.8 KiB
JavaScript
247 lines
7.8 KiB
JavaScript
const express = require("express");
|
|
const sql = require("mssql");
|
|
const bcrypt = require("bcrypt");
|
|
const cors = require("cors");
|
|
const jwt = require("jsonwebtoken")
|
|
const dotenv = require("dotenv")
|
|
|
|
const serverPort = 3000;
|
|
|
|
const dev = process.argv.length > 2 && process.argv[2] == "-dev";
|
|
|
|
const app = express();
|
|
app.use(express.json());
|
|
app.use(express.static("public"))
|
|
app.use(cors({
|
|
origin: [
|
|
"https://project.rochesterx.dev",
|
|
"https://localhost:3000"
|
|
]
|
|
}));
|
|
|
|
let dbConfig = null;
|
|
|
|
dbConfig = {
|
|
user: "server",
|
|
password: "TorusField1*",
|
|
server: "mssql.rochesterx.dev",
|
|
database: "ProjectTest",
|
|
options: { trustServerCertificate: true }
|
|
};
|
|
|
|
let pool = null;
|
|
setupPool();
|
|
|
|
dotenv.config();
|
|
|
|
const JWT_SECRET = process.env.JWT_SECRET;
|
|
if (!JWT_SECRET) {
|
|
throw new Error("JWT_SECRET not set in environment.");
|
|
}
|
|
|
|
async function setupPool() {
|
|
pool = await sql.connect(dbConfig);
|
|
}
|
|
|
|
app.post("/register", async (req, res) => {
|
|
const { username, password, role } = req.body;
|
|
try {
|
|
const hash = await bcrypt.hash(password, 10);
|
|
await pool.request()
|
|
.input("username", sql.VarChar, username)
|
|
.input("hash", sql.VarChar, hash)
|
|
.input("role", sql.VarChar, role)
|
|
.query("INSERT INTO Users (Username, PasswordHash, Role, CreatedAt) VALUES (@username, @hash, @role, SYSUTCDATETIME())");
|
|
res.send({ success: true, message: "User registered" })
|
|
} catch (err) {
|
|
if (err.message.includes("Violation of UNIQUE KEY constraint")) {
|
|
res.status(500).send({ success: false, message: `Username "${username}" is already taken.` });
|
|
}
|
|
res.status(500).send({ success: false, message: err.message });
|
|
}
|
|
});
|
|
|
|
app.post("/login", async (req, res) => {
|
|
const { username, password } = req.body;
|
|
try {
|
|
const result = await pool.request()
|
|
.input("username", sql.VarChar, username)
|
|
.query("SELECT * FROM Users WHERE Username = @username");
|
|
|
|
if (result.recordset.length == 0) return res.status(400).send({ message: "User not found" });
|
|
|
|
const hash = result.recordset[0].PasswordHash;
|
|
const isDeleted = result.recordset[0].IsDeleted;
|
|
|
|
if (isDeleted === true) {
|
|
return res.status(400).json({ message: "User not found (deleted)" })
|
|
}
|
|
|
|
const match = await bcrypt.compare(password, hash);
|
|
|
|
if (match){
|
|
const token = jwt.sign(result.recordset[0], JWT_SECRET, { expiresIn: "1h" });
|
|
res.send({
|
|
success: true,
|
|
message: "Login successful",
|
|
token
|
|
});
|
|
await pool.request()
|
|
.input("username", sql.VarChar, username)
|
|
.query("UPDATE Users SET LastLogin = SYSUTCDATETIME() WHERE Username = @username");
|
|
|
|
console.log("Issued token: " + JSON.stringify(token))
|
|
}
|
|
else res.status(401).send({ success: false, message: "Invalid credentials" });
|
|
} catch (err) {
|
|
res.status(500).send({ success: false, message: err.message });
|
|
}
|
|
});
|
|
|
|
app.post("/getUsers", authenticate, async (req, res) => {
|
|
const { query, category } = req.body;
|
|
|
|
const allowed = ["Id", "Username", "FirstName", "LastName", "DOB", "Role", "LastLogin", "CreatedAt"];
|
|
|
|
if (!allowed.includes(category)) {
|
|
res.status(500).json({ message: `Illegal category "${category}"`});
|
|
}
|
|
|
|
const result = await pool.request()
|
|
.input("query", sql.VarChar, query)
|
|
.query(`SELECT * FROM Users WHERE ${category} LIKE '%' + @query + '%'`);
|
|
|
|
res.status(200).json({ query: query, matches: result.recordset });
|
|
});
|
|
|
|
app.post("/getInfo", authenticate, async (req, res) => {
|
|
const userData = req.user;
|
|
|
|
res.status(200).json(userData);
|
|
});
|
|
|
|
app.post("/getCourses", authenticate, async (req, res) => {
|
|
const result = await pool.request()
|
|
.query("SELECT * FROM Courses");
|
|
|
|
const courses = result.recordset;
|
|
|
|
res.status(200).json(courses);
|
|
});
|
|
|
|
app.post("/createSection", authenticate, async (req, res) => {
|
|
let { subject, number, days, startDate, endDate, startTime, endTime, term } = req.body;
|
|
startTime = new Date("1970-01-01T" + startTime);
|
|
endTime = new Date("1970-01-01T" + endTime);
|
|
console.log(req.user);
|
|
try {
|
|
await pool.request()
|
|
.input("subject", sql.VarChar(3), subject)
|
|
.input("number", sql.Int, number)
|
|
.input("professor", sql.Int, req.user.Id)
|
|
.input("term", sql.VarChar(10), term)
|
|
.input("startDate", sql.Date, startDate)
|
|
.input("endDate", sql.Date, endDate)
|
|
.input("startTime", sql.Time(0), startTime)
|
|
.input("endTime", sql.Time(0), endTime)
|
|
.input("days", sql.Int, days)
|
|
.query(`
|
|
INSERT INTO Sections (
|
|
Subject,
|
|
Number,
|
|
ProfessorID,
|
|
Term,
|
|
Days,
|
|
StartDate,
|
|
EndDate,
|
|
StartTime,
|
|
EndTime
|
|
) VALUES (
|
|
@subject,
|
|
@number,
|
|
@professor,
|
|
@term,
|
|
@days,
|
|
@startDate,
|
|
@endDate,
|
|
@startTime,
|
|
@endTime
|
|
)
|
|
`);
|
|
} catch (err) {
|
|
if (err.message.includes("Violation of UNIQUE KEY constraint")) {
|
|
res.status(500).send({ success: false, message: `Username "${username}" is already taken.` });
|
|
}
|
|
res.status(500).send({ success: false, message: err.message });
|
|
}
|
|
res.status(200).send({ success: true, message: "Section created successfully."});
|
|
})
|
|
|
|
app.post("/setInfo", authenticate, async (req, res) => {
|
|
const { firstName, lastName, dob } = req.body;
|
|
|
|
try {
|
|
await pool.request()
|
|
.input("username", sql.VarChar, req.user.Username)
|
|
.input("firstName", sql.NVarChar(50), firstName)
|
|
.input("lastName", sql.NVarChar(50), lastName)
|
|
.input("dob", sql.Date, dob)
|
|
.query(`
|
|
UPDATE Users
|
|
SET FirstName = @firstName,
|
|
LastName = @lastName,
|
|
DOB = @dob
|
|
WHERE Username = @username
|
|
`);
|
|
} catch (error) {
|
|
console.log(error);
|
|
res.status(500).json({ message: "Update request failed" })
|
|
}
|
|
|
|
res.status(200).json({ message: "Information updated successfully" });
|
|
});
|
|
|
|
app.post("/delete", authenticate, async (req, res) => {
|
|
let { username, actor } = req.body;
|
|
|
|
if (username === true) {
|
|
username = req.user.Username;
|
|
}
|
|
if (actor === true) {
|
|
actor = req.user.Username;
|
|
}
|
|
|
|
console.log(`Deleting user ${username}`);
|
|
|
|
await pool.request()
|
|
.input("username", sql.VarChar, username)
|
|
.input("actor", sql.VarChar, actor)
|
|
.query("UPDATE Users SET IsDeleted = 1, DeletedAt = SYSUTCDATETIME(), DeletedBy = @actor WHERE Username = @username");
|
|
|
|
console.log(`User ${username} deleted`);
|
|
res.status(200).json({ message: `User "${username}" deleted.` });
|
|
});
|
|
|
|
async function authenticate(req, res, next) {
|
|
try {
|
|
const authenticationHeader = req.headers["authorization"];
|
|
const token = authenticationHeader.split(" ")[1];
|
|
|
|
console.log(JSON.stringify(authenticationHeader));
|
|
const decoded = jwt.verify(token, JWT_SECRET);
|
|
|
|
req.user = decoded;
|
|
|
|
console.log(req.user);
|
|
|
|
console.log(decoded.Username + " authenticated");
|
|
} catch (error) {
|
|
console.log("Authentication header missing");
|
|
res.status(401).json({ message: "You are not logged in", error: error, logout: true });
|
|
return;
|
|
}
|
|
next();
|
|
}
|
|
|
|
app.listen(serverPort, "0.0.0.0", () => console.log(`Running ${dev ? "dev " : ""}server on port ${serverPort}`));
|