change code db and add env variable
This commit is contained in:
florian
parent
91999b0699
commit
b8c05105fa
191
index.js
191
index.js
@ -5,17 +5,18 @@ import bcrypt from 'bcrypt';
|
||||
import nodemailer from 'nodemailer';
|
||||
import dotenv from 'dotenv';
|
||||
import fs, { stat } from 'fs';
|
||||
import { verify } from 'crypto';
|
||||
|
||||
dotenv.config();
|
||||
|
||||
const transporter = nodemailer.createTransport({
|
||||
host: 'email.thepenguinontheweb.tech',
|
||||
port: 587,
|
||||
secure: false, // false pour STARTTLS
|
||||
host: process.env.SMTP_HOST,
|
||||
port: process.env.SMTP_PORT,
|
||||
secure: process.env.SMTP_SECURE === 'true', // false for 587, true for 465
|
||||
auth: {
|
||||
user: process.env.EMAIL_USER,
|
||||
pass: process.env.EMAIL_PASS
|
||||
}
|
||||
pass: process.env.EMAIL_PASS,
|
||||
},
|
||||
});
|
||||
|
||||
function sendMail(to, subject, html) {
|
||||
@ -81,35 +82,36 @@ app.get('/', (req, res) => {
|
||||
}
|
||||
);
|
||||
|
||||
app.post('/api/login', (req, res) => {
|
||||
app.post('/api/login', async (req, res) => {
|
||||
const { username, password } = req.body;
|
||||
|
||||
if (!username || !password) {
|
||||
return res.status(400).json({ message: 'Username and password are required' });
|
||||
}
|
||||
|
||||
db.get('SELECT * FROM users WHERE username = ? OR email = ?', [username, username])
|
||||
.then(user => {
|
||||
if (!user) {
|
||||
return res.status(401).json({ message: 'Invalid username or password' });
|
||||
}
|
||||
try {
|
||||
const user = await db.get('SELECT * FROM users WHERE username = ? OR email = ?', [username, username]);
|
||||
|
||||
// Check password (replace with real password check logic)
|
||||
const isPasswordValid = bcrypt.compareSync(password, user.password);
|
||||
if (!isPasswordValid) {
|
||||
return res.status(401).json({ message: 'Invalid username or password' });
|
||||
}
|
||||
if (!user) {
|
||||
return res.status(401).json({ message: 'Invalid username or password' });
|
||||
}
|
||||
|
||||
res.status(200).json({ message: 'Login successful' });
|
||||
})
|
||||
.catch(err => {
|
||||
console.error('Database error:', err);
|
||||
res.status(500).json({ message: 'Internal server error' });
|
||||
});
|
||||
|
||||
// Check password (replace with real password check logic)
|
||||
const isPasswordValid = bcrypt.compareSync(password, user.password);
|
||||
if (!isPasswordValid) {
|
||||
return res.status(401).json({ message: 'Invalid username or password' });
|
||||
}
|
||||
|
||||
res.status(200).json({ message: 'Login successful' });
|
||||
} catch (err) {
|
||||
console.error('Database error:', err);
|
||||
res.status(500).json({ message: 'Internal server error' });
|
||||
}
|
||||
}
|
||||
);
|
||||
|
||||
app.post('/api/register', (req, res) => {
|
||||
app.post('/api/register', async (req, res) => {
|
||||
const { username, email, password } = req.body;
|
||||
|
||||
if (!username || !email || !password) {
|
||||
@ -118,68 +120,43 @@ app.post('/api/register', (req, res) => {
|
||||
|
||||
const hashedPassword = bcrypt.hashSync(password, 10);
|
||||
|
||||
let isAlreadyRegistered = false;
|
||||
db.get('SELECT * FROM users WHERE username = ? OR email = ?', [username, email])
|
||||
.then(user => {
|
||||
if (user) {
|
||||
isAlreadyRegistered = true;
|
||||
return res.status(409).json({ message: 'Username or email already exists' });
|
||||
try {
|
||||
// Check if user already exists in users table
|
||||
const user = await db.get('SELECT * FROM users WHERE username = ? OR email = ?', [username, email]);
|
||||
if (user) {
|
||||
return res.status(409).json({ message: 'Username or email already exists' });
|
||||
}
|
||||
|
||||
// Check if user is already in verify table
|
||||
const verify = await db.get('SELECT * FROM verify WHERE username = ? OR email = ?', [username, email]);
|
||||
if (verify) {
|
||||
// If token is still valid
|
||||
if (Date.now() - new Date(verify.createdAt).getTime() < 24 * 60 * 60 * 1000) {
|
||||
return res.status(409).json({ message: 'Verification already sent, please check your email' });
|
||||
} else {
|
||||
// If token is expired, delete it
|
||||
await db.run('DELETE FROM verify WHERE id = ?', [verify.id]);
|
||||
}
|
||||
})
|
||||
.catch(err => {
|
||||
console.error('Database error:', err);
|
||||
return res.status(500).json({ message: 'Internal server error' });
|
||||
});
|
||||
}
|
||||
|
||||
if (isAlreadyRegistered) {
|
||||
return;
|
||||
// Insert new verification token
|
||||
const verificationToken = Math.random().toString(36).substring(2, 15);
|
||||
await db.run('INSERT INTO verify (token, username, email, password) VALUES (?, ?, ?, ?)', [verificationToken, username, email, hashedPassword]);
|
||||
|
||||
// read the email template
|
||||
const emailTemplate = fs.readFileSync('mailFile/mail.html', 'utf8');
|
||||
const emailContent = emailTemplate.replace('{{verification_link}}', `${process.env.URL}/verify?token=${verificationToken}`);
|
||||
|
||||
sendMail(email, 'Welcome to Our Service', emailContent);
|
||||
return res.status(201).json({ message: 'email send' });
|
||||
|
||||
} catch (err) {
|
||||
await db.run('DELETE FROM verify WHERE username = ? OR email = ?', [username, email]);
|
||||
|
||||
console.error('Database error:', err);
|
||||
return res.status(500).json({ message: 'Internal server error' });
|
||||
}
|
||||
|
||||
db.get('SELECT * FROM verify WHERE username = ? OR email = ?', [username, email])
|
||||
.then(verify => {
|
||||
if (verify) {
|
||||
// Verify if the last verification token is still valid
|
||||
if (Date.now() - new Date(verify.createdAt).getTime() < 24 * 60 * 60 * 1000) {
|
||||
isAlreadyRegistered = true;
|
||||
return res.status(409).json({ message: 'Verification already sent, please check your email' });
|
||||
}
|
||||
else {
|
||||
// If the token is expired, delete it
|
||||
db.run('DELETE FROM verify WHERE id = ?', [verify.id])
|
||||
.catch(err => {
|
||||
console.error('Database error:', err);
|
||||
return res.status(500).json({ message: 'Internal server error' });
|
||||
});
|
||||
}
|
||||
}
|
||||
})
|
||||
.catch(err => {
|
||||
console.error('Database error:', err);
|
||||
return res.status(500).json({ message: 'Internal server error' });
|
||||
});
|
||||
|
||||
if (isAlreadyRegistered) {
|
||||
return;
|
||||
}
|
||||
|
||||
const verificationToken = Math.random().toString(36).substring(2, 15);
|
||||
db.run('INSERT INTO verify (token, username, email, password) VALUES (?, ?, ?, ?)', [verificationToken, username, email, hashedPassword])
|
||||
.then(() => {
|
||||
// read the email template
|
||||
const emailTemplate = fs.readFileSync('mailFile/mail.html', 'utf8');
|
||||
|
||||
// replace placeholders in the email template
|
||||
const emailContent = emailTemplate.replace('{{verification_link}}', `${process.env.URL}/verify?token=${verificationToken}`);
|
||||
|
||||
sendMail(email, 'Welcome to Our Service', emailContent);
|
||||
res.status(201).json({ message: 'email send' });
|
||||
})
|
||||
.catch(err => {
|
||||
console.error('Database error:', err);
|
||||
return res.status(500).json({ message: 'Internal server error' });
|
||||
});
|
||||
}
|
||||
);
|
||||
});
|
||||
|
||||
app.get('/verify', (req, res) => {
|
||||
const { token } = req.query;
|
||||
@ -188,45 +165,37 @@ app.get('/verify', (req, res) => {
|
||||
return res.status(400).json({ message: 'Token is required' });
|
||||
}
|
||||
|
||||
res.sendFile('verify.html', { root: 'public' });
|
||||
res.sendFile('verify.html', { root: 'public' });
|
||||
}
|
||||
);
|
||||
|
||||
app.post('/api/verify', (req, res) => {
|
||||
app.post('/api/verify', async (req, res) => {
|
||||
const { token } = req.body;
|
||||
|
||||
if (!token) {
|
||||
return res.status(400).json({ message: 'Token is required' });
|
||||
}
|
||||
|
||||
db.get('SELECT * FROM verify WHERE token = ?', [token])
|
||||
.then(verify => {
|
||||
if (!verify) {
|
||||
return res.status(404).json({ message: 'Invalid or expired token' });
|
||||
}
|
||||
try {
|
||||
const verify = await db.get('SELECT * FROM verify WHERE token = ?', [token]);
|
||||
|
||||
// Insert user into users table
|
||||
db.run('INSERT INTO users (username, email, password) VALUES (?, ?, ?)', [verify.username, verify.email, verify.password])
|
||||
.then(() => {
|
||||
// Delete the verification record
|
||||
db.run('DELETE FROM verify WHERE id = ?', [verify.id])
|
||||
.then(() => {
|
||||
res.status(200).json({ message: 'Email verified successfully' });
|
||||
})
|
||||
.catch(err => {
|
||||
console.error('Database error:', err);
|
||||
res.status(500).json({ message: 'Internal server error' });
|
||||
});
|
||||
})
|
||||
.catch(err => {
|
||||
console.error('Database error:', err);
|
||||
res.status(500).json({ message: 'Internal server error' });
|
||||
});
|
||||
})
|
||||
.catch(err => {
|
||||
console.error('Database error:', err);
|
||||
res.status(500).json({ message: 'Internal server error' });
|
||||
});
|
||||
if (!verify) {
|
||||
return res.status(404).json({ message: 'Invalid or expired token' });
|
||||
}
|
||||
|
||||
// Check if the token is still valid (24 hours)
|
||||
if (Date.now() - new Date(verify.createdAt).getTime() > 24 * 60 * 60 * 1000) {
|
||||
return res.status(410).json({ message: 'Token has expired' });
|
||||
}
|
||||
|
||||
// Insert user into users table
|
||||
await db.run('INSERT INTO users (username, email, password) VALUES (?, ?, ?)', [verify.username, verify.email, verify.password])
|
||||
|
||||
await db.run('DELETE FROM verify WHERE id = ?', [verify.id]);
|
||||
} catch (err) {
|
||||
console.error('Database error:', err);
|
||||
return res.status(500).json({ message: 'Internal server error' });
|
||||
}
|
||||
}
|
||||
);
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user