change code db and add env variable

index.js

@@ -5,17 +5,18 @@ import bcrypt from 'bcrypt';
 import nodemailer from 'nodemailer';
 import dotenv from 'dotenv';
 import fs, { stat } from 'fs';
+import { verify } from 'crypto';
 
 dotenv.config();
 
 const transporter = nodemailer.createTransport({
-  host: 'email.thepenguinontheweb.tech',
+  host: process.env.SMTP_HOST,
-  port: 587,
+  port: process.env.SMTP_PORT,
-  secure: false, // false pour STARTTLS
+  secure: process.env.SMTP_SECURE === 'true', // false for 587, true for 465
   auth: {
     user: process.env.EMAIL_USER,
-    pass: process.env.EMAIL_PASS
+    pass: process.env.EMAIL_PASS,
-  }
+  },
 });
 
 function sendMail(to, subject, html) {
@@ -81,19 +82,21 @@ app.get('/', (req, res) => {
 }
 );
 
-app.post('/api/login', (req, res) => {
+app.post('/api/login', async (req, res) => {
   const { username, password } = req.body;
 
   if (!username || !password) {
     return res.status(400).json({ message: 'Username and password are required' });
   }
 
-  db.get('SELECT * FROM users WHERE username = ? OR email = ?', [username, username])
+  try {
-    .then(user => {
+    const user = await db.get('SELECT * FROM users WHERE username = ? OR email = ?', [username, username]);
+
     if (!user) {
       return res.status(401).json({ message: 'Invalid username or password' });
     }
 
+
     // Check password (replace with real password check logic)
     const isPasswordValid = bcrypt.compareSync(password, user.password);
     if (!isPasswordValid) {
@@ -101,15 +104,14 @@ app.post('/api/login', (req, res) => {
     }
 
     res.status(200).json({ message: 'Login successful' });
-    })
+  } catch (err) {
-    .catch(err => {
     console.error('Database error:', err);
     res.status(500).json({ message: 'Internal server error' });
-    });
+  }
 }
 );
 
-app.post('/api/register', (req, res) => {
+app.post('/api/register', async (req, res) => {
   const { username, email, password } = req.body;
 
   if (!username || !email || !password) {
@@ -118,68 +120,43 @@ app.post('/api/register', (req, res) => {
 
   const hashedPassword = bcrypt.hashSync(password, 10);
 
-  let isAlreadyRegistered = false;
+  try {
-  db.get('SELECT * FROM users WHERE username = ? OR email = ?', [username, email])
+    // Check if user already exists in users table
-    .then(user => {
+    const user = await db.get('SELECT * FROM users WHERE username = ? OR email = ?', [username, email]);
     if (user) {
-        isAlreadyRegistered = true;
       return res.status(409).json({ message: 'Username or email already exists' });
     }
-    })
-    .catch(err => {
-      console.error('Database error:', err);
-      return res.status(500).json({ message: 'Internal server error' });
-    });
 
-  if (isAlreadyRegistered) {
+    // Check if user is already in verify table
-    return;
+    const verify = await db.get('SELECT * FROM verify WHERE username = ? OR email = ?', [username, email]);
-  }
-
-  db.get('SELECT * FROM verify WHERE username = ? OR email = ?', [username, email])
-    .then(verify => {
     if (verify) {
-        // Verify if the last verification token is still valid
+      // If token is still valid
       if (Date.now() - new Date(verify.createdAt).getTime() < 24 * 60 * 60 * 1000) {
-          isAlreadyRegistered = true;
         return res.status(409).json({ message: 'Verification already sent, please check your email' });
+      } else {
+        // If token is expired, delete it
+        await db.run('DELETE FROM verify WHERE id = ?', [verify.id]);
       }
-        else {
-          // If the token is expired, delete it
-          db.run('DELETE FROM verify WHERE id = ?', [verify.id])
-            .catch(err => {
-              console.error('Database error:', err);
-              return res.status(500).json({ message: 'Internal server error' });
-            });
-        }
-      }
-    })
-    .catch(err => {
-      console.error('Database error:', err);
-      return res.status(500).json({ message: 'Internal server error' });
-    });
-
-  if (isAlreadyRegistered) {
-    return;
     }
 
+    // Insert new verification token
     const verificationToken = Math.random().toString(36).substring(2, 15);
-  db.run('INSERT INTO verify (token, username, email, password) VALUES (?, ?, ?, ?)', [verificationToken, username, email, hashedPassword])
+    await db.run('INSERT INTO verify (token, username, email, password) VALUES (?, ?, ?, ?)', [verificationToken, username, email, hashedPassword]);
-    .then(() => {
+
     // read the email template
     const emailTemplate = fs.readFileSync('mailFile/mail.html', 'utf8');
-
-      // replace placeholders in the email template
     const emailContent = emailTemplate.replace('{{verification_link}}', `${process.env.URL}/verify?token=${verificationToken}`);
 
     sendMail(email, 'Welcome to Our Service', emailContent);
-      res.status(201).json({ message: 'email send' });
+    return res.status(201).json({ message: 'email send' });
-    })
+
-    .catch(err => {
+  } catch (err) {
+    await db.run('DELETE FROM verify WHERE username = ? OR email = ?', [username, email]);
+
     console.error('Database error:', err);
     return res.status(500).json({ message: 'Internal server error' });
-    });
   }
-);
+});
 
 app.get('/verify', (req, res) => {
   const { token } = req.query;
@@ -192,41 +169,33 @@ app.get('/verify', (req, res) => {
 }
 );
 
-app.post('/api/verify', (req, res) => {
+app.post('/api/verify', async (req, res) => {
   const { token } = req.body;
 
   if (!token) {
     return res.status(400).json({ message: 'Token is required' });
   }
 
-  db.get('SELECT * FROM verify WHERE token = ?', [token])
+  try {
-    .then(verify => {
+    const verify = await db.get('SELECT * FROM verify WHERE token = ?', [token]);
+
     if (!verify) {
       return res.status(404).json({ message: 'Invalid or expired token' });
     }
 
+    // Check if the token is still valid (24 hours)
+    if (Date.now() - new Date(verify.createdAt).getTime() > 24 * 60 * 60 * 1000) {
+      return res.status(410).json({ message: 'Token has expired' });
+    }
+
     // Insert user into users table
-      db.run('INSERT INTO users (username, email, password) VALUES (?, ?, ?)', [verify.username, verify.email, verify.password])
+    await db.run('INSERT INTO users (username, email, password) VALUES (?, ?, ?)', [verify.username, verify.email, verify.password])
-        .then(() => {
+
-          // Delete the verification record
+    await db.run('DELETE FROM verify WHERE id = ?', [verify.id]);
-          db.run('DELETE FROM verify WHERE id = ?', [verify.id])
+  } catch (err) {
-            .then(() => {
-              res.status(200).json({ message: 'Email verified successfully' });
-            })
-            .catch(err => {
     console.error('Database error:', err);
-              res.status(500).json({ message: 'Internal server error' });
+    return res.status(500).json({ message: 'Internal server error' });
-            });
+  }
-        })
-        .catch(err => {
-          console.error('Database error:', err);
-          res.status(500).json({ message: 'Internal server error' });
-        });
-    })
-    .catch(err => {
-      console.error('Database error:', err);
-      res.status(500).json({ message: 'Internal server error' });
-    });
 }
 );