From d1b1ebac989ca44f5cb4a14e699d310ef879c2cf Mon Sep 17 00:00:00 2001
From: florian <la238872@student.helha.be>
Date: Sat, 6 Sep 2025 00:14:34 +0200
Subject: [PATCH] test

---
 index.js                | 24 ++++++++++++++++++------
 public/scripts/index.js | 35 +++++++++++++++++++++++------------
 2 files changed, 41 insertions(+), 18 deletions(-)

diff --git a/index.js b/index.js
index 105d37f..48d91ac 100644
--- a/index.js
+++ b/index.js
@@ -32,9 +32,7 @@ function sendMail(to, subject, html) {
     .catch(error => console.error('Error sending email:', error));
 }
 
-function authenticateToken(req, res, next) {
-  const authHeader = req.headers['authorization'];
-  const token = authHeader && authHeader.split(' ')[1];
+function authenticateToken(token) {
   if (!token) return res.sendStatus(401);
 
   jwt.verify(token, process.env.JWT_SECRET, (err, user) => {
@@ -98,8 +96,15 @@ app.get('/', (req, res) => {
 );
 
 // Exemple d'utilisation :
-app.get('/api/loginToken', authenticateToken, (req, res) => {
-  res.json({ message: 'Accès autorisé', user: req.user });
+app.get('/api/loginToken', async (req, res) => {
+
+  if (!req.cookies) return res.sendStatus(401);
+
+  if (!req.cookies.auth_token) return res.sendStatus(401);
+
+  const token = req.cookies.auth_token;
+
+  authenticateToken(token);
 });
 
 app.post('/api/login', async (req, res) => {
@@ -128,7 +133,14 @@ app.post('/api/login', async (req, res) => {
       { expiresIn: process.env.JWT_EXPIRATION }
     );
 
-    res.status(200).json({ message: 'Login successful', token });
+    res.cookie("auth_token", token,
+      {
+        httpOnly: true,
+        sameSite: 'Strict'
+      }
+    )
+
+    // res.status(200).json({ message: 'Login successful', token });
   } catch (err) {
     console.error('Database error:', err);
     res.status(500).json({ message: 'Internal server error' });
diff --git a/public/scripts/index.js b/public/scripts/index.js
index abd192a..54dcb44 100644
--- a/public/scripts/index.js
+++ b/public/scripts/index.js
@@ -18,11 +18,7 @@ loginForm.addEventListener('submit', async (event) => {
     });
 
     if (response.ok) {
-      const responseData = await response.json();
-
-      console.log('Login successful:', responseData);
-
-      localStorage.setItem('token', responseData.token);
+      // localStorage.setItem('token', responseData.token);
 
       displayLoginSuccess();
     } else {
@@ -37,21 +33,36 @@ loginForm.addEventListener('submit', async (event) => {
 );
 
 async function isLoggedInFunction() {
-  const token = localStorage.getItem('token');
-  if (!token) return false;
+  // const token = localStorage.getItem('token');
+  // if (!token) return false;
+
+  // try {
+  //   const response = await fetch('/api/loginToken', {
+  //     method: 'GET',
+  //     headers: {
+  //       'Authorization': `Bearer ${token}`
+  //     }
+  //   });
+
+  //   if (response.ok) {
+  //     return true;
+  //   } else {
+  //     localStorage.removeItem('token');
+  //     return false;
+  //   }
+  // } catch (error) {
+  //   console.error('Error checking login status:', error);
+  //   return false;
+  // }
 
   try {
     const response = await fetch('/api/loginToken', {
-      method: 'GET',
-      headers: {
-        'Authorization': `Bearer ${token}`
-      }
+      method: 'GET'
     });
 
     if (response.ok) {
       return true;
     } else {
-      localStorage.removeItem('token');
       return false;
     }
   } catch (error) {