better structure for requests and auth protection
parent
0d957ab6af
commit
50ecea2a6b
20
index.ts
20
index.ts
|
|
@ -8,10 +8,12 @@ import swaggerJsDoc from "swagger-jsdoc";
|
|||
const app: Express = express();
|
||||
const port = process.env.PORT || 3000;
|
||||
|
||||
import routes from "./src/routes/routes";
|
||||
import { initDatabase } from "./src/mongodb/mongodb";
|
||||
import swaggerUI from "swagger-ui-express";
|
||||
|
||||
import { initDatabase } from "./src/mongodb/mongodb";
|
||||
import adminRoutes from "./src/routes/adminRoutes";
|
||||
import userRoutes from "./src/routes/userRoutes";
|
||||
import eventRoutes from "./src/routes/eventRoutes";
|
||||
|
||||
const options = {
|
||||
definition: {
|
||||
|
|
@ -39,11 +41,23 @@ const options = {
|
|||
};
|
||||
|
||||
app.use(bodyParser.json());
|
||||
app.use("/api/v1", routes);
|
||||
|
||||
app.use("/api/v1/user", userRoutes);
|
||||
app.use("/api/v1/admin", adminRoutes);
|
||||
app.use("/api/v1/events", eventRoutes);
|
||||
|
||||
const specs = swaggerJsDoc(options);
|
||||
app.use("/api-docs", swaggerUI.serve, swaggerUI.setup(specs));
|
||||
|
||||
app.use((req, res, next) => {
|
||||
res.status(404).send("not found");
|
||||
});
|
||||
|
||||
app.use((err: any, req: any, res: any, next: any) => {
|
||||
console.log("req err", err.stack);
|
||||
res.status(500).send({ err: "invalid request" });
|
||||
});
|
||||
|
||||
initDatabase();
|
||||
|
||||
app.listen(port, () => {
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ export async function SignUp(req: Request, res: Response) {
|
|||
const existingUser = await User.findOne({ accountName }).lean();
|
||||
|
||||
if (existingUser) {
|
||||
return res.status(400).json({ status: "err" });
|
||||
return res.status(400).json({ status: 1 });
|
||||
}
|
||||
|
||||
const isBase64Password =
|
||||
|
|
|
|||
|
|
@ -0,0 +1,18 @@
|
|||
import { Request } from "express";
|
||||
import { Session } from "../models/session";
|
||||
|
||||
export async function sessionProtection(req: Request, res: any, next: any) {
|
||||
const xAuthorization = req.get("x-authorization");
|
||||
|
||||
if (!xAuthorization) {
|
||||
return res.status(401).json({ status: "err" });
|
||||
}
|
||||
|
||||
const session = await Session.findOne({ sessionId: xAuthorization }).lean();
|
||||
|
||||
if (!session) {
|
||||
return res.status(401).json({ status: "err" });
|
||||
}
|
||||
|
||||
next();
|
||||
}
|
||||
|
|
@ -1,12 +1,12 @@
|
|||
import mongoose, { InferSchemaType, Schema } from "mongoose";
|
||||
import { ADMIN_MAX_USERS_PER_PAGE } from "../utils/utils";
|
||||
import { DEFAULT_SESSION_EXPIRATION } from "../utils/constants";
|
||||
|
||||
export const sessionSchema = new Schema({
|
||||
sessionId: String,
|
||||
accountName: String,
|
||||
expiresAt: {
|
||||
type: Date,
|
||||
default: new Date(Date.now() + ADMIN_MAX_USERS_PER_PAGE),
|
||||
default: new Date(Date.now() + DEFAULT_SESSION_EXPIRATION),
|
||||
},
|
||||
});
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,9 @@
|
|||
import express from "express";
|
||||
const router = express.Router();
|
||||
|
||||
import * as adminController from "../controllers/adminController";
|
||||
import { sessionProtection } from "../middleware/authMiddleware";
|
||||
|
||||
router.get("/users", sessionProtection, adminController.GetAllUsers);
|
||||
|
||||
export default router;
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
import express from "express";
|
||||
const router = express.Router();
|
||||
|
||||
export default router;
|
||||
|
|
@ -1,7 +1,6 @@
|
|||
import express from "express";
|
||||
const router = express.Router();
|
||||
import * as userController from "../controllers/userController";
|
||||
import * as adminController from "../controllers/adminController";
|
||||
|
||||
/**
|
||||
* @swagger
|
||||
|
|
@ -63,7 +62,7 @@ import * as adminController from "../controllers/adminController";
|
|||
* type: string
|
||||
* example: 'err'
|
||||
*/
|
||||
router.post("/user/signup", userController.SignUp);
|
||||
router.post("/signup", userController.SignUp);
|
||||
|
||||
/**
|
||||
* @swagger
|
||||
|
|
@ -125,10 +124,8 @@ router.post("/user/signup", userController.SignUp);
|
|||
* type: string
|
||||
* example: 'err'
|
||||
*/
|
||||
router.post("/user/login", userController.Login);
|
||||
router.post("/login", userController.Login);
|
||||
|
||||
router.get("/user/profile/:accountName", userController.GetUserProfile);
|
||||
|
||||
router.get("/admin/users", adminController.GetAllUsers);
|
||||
router.get("/profile/:accountName", userController.GetUserProfile);
|
||||
|
||||
export default router;
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
// Time duration in milliseconds for a default session expiration (7 days)
|
||||
export const DEFAULT_SESSION_EXPIRATION: number = 7 * 24 * 60 * 60 * 1000;
|
||||
|
||||
// Maximum number of users to display per page in the admin interface
|
||||
export const ADMIN_MAX_USERS_PER_PAGE: number = 10;
|
||||
|
|
@ -2,9 +2,6 @@ import crypto from "crypto";
|
|||
import { Session } from "../models/session";
|
||||
import { Response } from "express";
|
||||
|
||||
export const DEFAULT_SESSION_EXPIRATION = 7 * 24 * 60 * 60 * 1000; // 7 days
|
||||
export const ADMIN_MAX_USERS_PER_PAGE = 10;
|
||||
|
||||
export async function saveSession(res: Response, accountName: string) {
|
||||
try {
|
||||
// Generate a random session ID
|
||||
|
|
|
|||
Reference in New Issue