forked from andydlindsay/apr03-2023-b
-
Notifications
You must be signed in to change notification settings - Fork 0
/
server.js
154 lines (123 loc) · 3.4 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
const express = require('express');
const morgan = require('morgan');
const cookieParser = require('cookie-parser');
const users = {
abc: {
id: "abc",
email: "a@a.com",
password: "1234",
},
def: {
id: "def",
email: "b@b.com",
password: "5678",
},
};
const app = express();
const port = 8000;
// configuration
app.set('view engine', 'ejs');
// middleware
app.use(morgan('dev'));
app.use(cookieParser()); // populates req.cookies
app.use(express.urlencoded({ extended: false })); // populates req.body
// GET /register
app.get('/register', (req, res) => {
res.render('register');
});
// POST /register
app.post('/register', (req, res) => {
// pull the info off the body object
const email = req.body.email;
const password = req.body.password;
// did we NOT receive an email and/or password
if (!email || !password) {
return res.status(400).send('Please provide an email AND a password');
}
// look through existing users to see if one already has the email provided
let foundUser = null;
for (const userId in users) {
const user = users[userId];
if (user.email === email) {
// we found a duplicate email
foundUser = user;
}
}
// did we find an existing user with that email?
if (foundUser) {
return res.status(400).send('a user with that email already exists');
}
// happy path! we can create the new user object
const id = Math.random().toString(36).substring(2, 5);
const newUser = {
id: id,
email: email,
password: password
};
// add the new user to the users object
users[id] = newUser;
console.log(users);
// redirect to the login page
res.redirect('/login');
});
// GET /login
app.get('/login', (req, res) => {
res.render('login');
});
// POST /login
app.post('/login', (req, res) => {
// console.log(req.body);
// pull the info off the body object
const email = req.body.email;
const password = req.body.password;
// did we NOT receive an email and/or password
if (!email || !password) {
return res.status(400).send('Please provide an email AND a password');
}
// lookup the user based off the email provided
let foundUser = null;
for (const userId in users) {
const user = users[userId];
if (user.email === email) {
// we found our user!!!
foundUser = user;
}
}
// did we NOT find a user
if (!foundUser) {
return res.status(400).send('no user with that email found');
}
// does the provided password NOT match the one from the database
if (foundUser.password !== password) {
return res.status(400).send('passwords do not match');
}
// happy path! The user is who they say they are!
// set a cookie and redirect the user
res.cookie('userId', foundUser.id);
res.redirect('/protected');
});
// GET /protected
app.get('/protected', (req, res) => {
// do they have a cookie?
const userId = req.cookies.userId;
if (!userId) {
return res.status(401).send('you must be logged in to see this page');
}
// lookup the user based off their cookie
const user = users[userId];
const templateVars = {
user: user
};
// render the protected template
res.render('protected', templateVars);
});
// POST /logout
app.post('/logout', (req, res) => {
// clear the userId cookie
res.clearCookie('userId');
// redirect the user
res.redirect('/login');
});
app.listen(port, () => {
console.log(`app is listening on port ${port}`);
});