Authentication: check if the user is who they claim
Authorization: check if the user have the right permissions to access that resource.
For this, we have created a users model and validating that internally using joi module and joi-password-complexity for setting password complexity.
we also created separate routes for user creation and user login checking.
/api/users
/api/auth
For password encryotion we used bcrypt module.And a config object to save the private key of server.
For individual picking of elements we used lodash module.
To split the routes to multiple files instead of writing in single index.js file, we used Router class.
And database we used in mongodb with mongoose module.
Also, to track the session, token is generated and user uses that to have access to the site during his session, which is created using jwt(jsonwebtoken) module.
package.json:
{
"name": "crypto_backend",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1",
"start": "nodemon index.js"
},
"keywords": [],
"author": "",
"license": "ISC",
"dependencies": {
"bcrypt": "^5.0.1",
"config": "^3.3.6",
"express": "^4.17.1",
"joi": "^17.4.0",
"joi-password-complexity": "^5.1.0",
"jsonwebtoken": "^8.5.1",
"lodash": "^4.17.21",
"mongoose": "^5.12.12"
},
"devDependencies": {
"nodemon": "^2.0.7"
}
}
index.js:
const config = require("config");
console.log(config);
if(!config.get('jwtPrivateKey')){
console.log("FATAL ERROR: key not defined");
process.exit(1);
}
const express = require("express");
const app = express();
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
const courses = [
{ id: 1, name: "uday1" },
{ id: 2, name: "uday2" },
{ id: 3, name: "uday3" },
{ id: 4, name: "uday4" },
];
//db connectivity
const mongoose = require("mongoose");
mongoose.connect('mongodb://localhost/playground')
.then(()=>console.log('Connected to MongoDB...'))
.catch(err=>console.error('Could not connect to MongoDB...',err))
//routers
const users = require('./router/users');
app.use('/api/users',users);
const auth = require('./router/auth');
app.use('/api/auth',auth);
app.get("/api/courseslist", (req, res) => {
res.send(courses);
});
app.post("/api/courses", (req, res) => {
console.log(req);
const course = {
id: courses.length + 1,
name: req.body.name,
};
courses.push(course);
res.send(course);
});
app.listen(3000, () => console.log("listening"));
utils/passwordRelated.js:
const bcrypt = require('bcrypt');
async function getHashed(value){
const salt = await bcrypt.genSalt(10);
console.log(salt);
const hashed = await bcrypt.hash(value,salt);
console.log(hashed);
return hashed;
}
module.exports.getHashed = getHashed
router\auth.js:
const {User,validate} = require('../models/user');
const mongoose = require('mongoose');
const express = require('express');
const router = express.Router();
const _ = require('lodash');
const {getHashed} = require('../utils/passwordRelated');
const jwt = require('jsonwebtoken');
const Joi=require('Joi');
const bcrypt = require('bcrypt');
const config = require("config");
router.post('/',async(req,res)=>{
const {error}=validateAuth(req.body);
if(error) return res.status(400).send(error.details[0].message);
let user = await User.findOne({email:req.body.email});
if(!user) return res.status(400).send("User does'nt exist");
const validPassword = bcrypt.compare(req.body.password,user.password);
if(!validPassword) return res.status(400).send("Invalid credentials");
const token = jwt.sign({_id:user._id},config.get('jwtPrivateKey'))//'jwtprivatekey'
res.send(token);
});
function validateAuth(req){
const schema = Joi.object({
email: Joi.string().min(5).max(255).required().email(),
password: Joi.string().min(5).max(50).required()
});
return schema.validate(req);
}
module.exports = router;
router\users.js:
const {User,validate} = require('../models/user');
const mongoose = require('mongoose');
const express = require('express');
const router = express.Router();
const _ = require('lodash');
const {getHashed} = require('../utils/passwordRelated');
router.post('/',async(req,res)=>{
const {error}=validate(req.body);
if(error) return res.status(400).send(error.details[0].message);
let user = await User.findOne({email:req.body.email});
if(user) return res.status(400).send("User already exists");
user = new User({
name: req.body.name,
email:req.body.email,
password: await getHashed(req.body.password)
});
await user.save();
user = _.pick(user,['name','email']);
res.send(user);
});
module.exports = router;
models\user.js:
const Joi = require("joi");
const mongoose= require("mongoose");
const User = mongoose.model('User',new mongoose.Schema({
name: {
type: String,
required: true,
minLength: 5,
maxLength: 50,
lowercase: true
},
email:{
type: String,
required: true,
minLength: 5,
maxLength: 50,
unique: true,
lowercase: true
},
password:{
type: String,
required: true,
minLength: 5,
maxLength: 255
}
}));
function validateUser(user){
const schema = Joi.object({
name: Joi.string().min(5).max(50).required(),
email: Joi.string().min(5).max(255).required().email(),
password: Joi.string().min(5).max(255).required()
});
return schema.validate(user);
}
exports.User = User;
exports.validate = validateUser;
config\default.json
{
"jwtPrivateKey": "jwtprivatekey"
}
sample internal logic models for product specific:
Coin.js
const mongoose = require("mongoose");
const Schema = mongoose.Schema;
const CoinSchema = new Schema({
coinName: String,
coinDescription: String,
});
const Coin = mongoose.model("Coin", CoinSchema);
module.exports = Coin;
Orders.js
const mongoose = require("mongoose");
const Schema = mongoose.Schema;
const OrderSchema = new Schema({
orderDate: { type: Date, default: Date.now },
orderAmount: Number,
orderCount: Number,
orderCommission: Number,
coinName: String,
});
const Order = mongoose.model("Coin", OrderSchema);
module.exports = Order;
No comments:
Post a Comment