diff --git a/API/.env b/API/.env
index 48e75ec750ebe425f9066c5612f6735903cbbe57..c2da4ed548b26cbae7b57bc4f77c5a16b2053dd5 100644
--- a/API/.env
+++ b/API/.env
@@ -1,3 +1,5 @@
########################### Server env vars
API_PORT=30992
+########################### (openssl rand -hex 32)
+SECRET_KEY="d8e730bd53c2cb0b9271bded343dd19ceef04e58e6a10eafe29c8f4a9a99f488"
diff --git a/API/src/database/database.sqlite b/API/src/database/database.sqlite
index e7da284434d84742aed929297a91ca2b3b886e74..ed7be32ccd95fadcfdba4d8983a6d5731c58f8a2 100644
Binary files a/API/src/database/database.sqlite and b/API/src/database/database.sqlite differ
diff --git a/API/src/routes/BaseRoutes.ts b/API/src/routes/BaseRoutes.ts
index aeb0f7a3a4842d16970518552adaee4942cb1bb0..7c76bdff2bfabff5048f8fac4bf22c0928209f56 100644
--- a/API/src/routes/BaseRoutes.ts
+++ b/API/src/routes/BaseRoutes.ts
@@ -4,7 +4,7 @@ import { StatusCodes } from 'http-status-codes';
const router: express.Router = express.Router();
-router.get('/', (req: express.Request, res: express.Response) => res.status(StatusCodes.OK).json({message: "Base route"}));
+router.get('/token/login', (req: express.Request, res: express.Response) => res.status(StatusCodes.OK).json({message: "Base route"}));
diff --git a/API/src/routes/middleware.ts b/API/src/routes/middleware.ts
index 0c49da6e44e4d7e956ef3440463545acc48ba67d..3c3164c36f0467489626ed1b46ebafd347b1f834 100644
--- a/API/src/routes/middleware.ts
+++ b/API/src/routes/middleware.ts
@@ -1,8 +1,10 @@
-import express from 'express';
-import { StatusCodes } from 'http-status-codes';
+import express from 'express';
+import {StatusCodes} from 'http-status-codes';
import {userType} from '../database/models/User'
import {Database} from "../database/Database";
+const jwt = require('jsonwebtoken');
+
export function checkUserFields(req: express.Request, res: express.Response, next: express.NextFunction) {
if (!req.body.username && !req.body.password && !req.body.accountType) {
return res.status(400).json({ error: '"username", "password" and "accountType" required' });
@@ -41,6 +43,31 @@ export async function checkExistingUser(req: express.Request, res: express.Respo
}
+export interface TokenRequest extends express.Request {
+ user?: any;
+}
+
+export async function verifyToken(req: TokenRequest, res: express.Response, next: express.NextFunction) {
+ const authHeader = req.headers['authorization'];
+
+ if (!authHeader) {
+ return res.status(401).json({message: 'Token not provided', header: req.headers});
+ }
+ const token = authHeader.split(" ")[1];
+
+ const secretKey = process.env.SECRET_KEY;
+
+ try {
+ req.user = jwt.verify(token, secretKey);
+ if(req.user.username !== req.params.admin)
+ return res.status(403).json({message: 'Invalid token user'});
+ //check if admin or user
+ next();
+ } catch (error) {
+ return res.status(403).json({message: 'Invalid token'});
+ }
+}
+
export function checkQuestionFields(req: express.Request, res: express.Response, next: express.NextFunction) {
diff --git a/API/src/routes/router-admin.ts b/API/src/routes/router-admin.ts
index 3a7672abe342412d1fdcd4f6d81365225779f711..a8a1842e7e883b5e5b8bf9c46db7d437c7ff0d98 100644
--- a/API/src/routes/router-admin.ts
+++ b/API/src/routes/router-admin.ts
@@ -9,22 +9,18 @@ import {
checkQuestionFields,
checkUserFields,
checkUsernameField,
- createAccountCheck
+ createAccountCheck, verifyToken
} from './middleware'
import {Database} from "../database/Database";
const router: express.Router = express.Router();
-router.get('/', (req: express.Request, res: express.Response) => {
- res.status(StatusCodes.OK).json({ message: 'Admins route' })
-});
-router.get('/:admin', checkExistingUser, (req: express.Request, res: express.Response) => {
- res.status(StatusCodes.OK).json({ message: 'Admin id route' })
-});
-router.get('/:admin/list-users', checkExistingUser,async (req: express.Request, res: express.Response) => {
+
+
+router.get('/:admin/list-users', checkExistingUser, verifyToken, async (req: express.Request, res: express.Response) => {
try {
const users = await Database.getAllUsers();
res.status(StatusCodes.OK).json({users});
@@ -33,7 +29,7 @@ router.get('/:admin/list-users', checkExistingUser,async (req: express.Request,
}
});
-router.get('/:admin/list-questions', checkExistingUser, async (req: express.Request, res: express.Response) => {
+router.get('/:admin/list-questions', checkExistingUser, verifyToken, async (req: express.Request, res: express.Response) => {
try {
const questions = await Database.getAllQuestions();
questions.forEach(q => {
@@ -48,11 +44,11 @@ router.get('/:admin/list-questions', checkExistingUser, async (req: express.Req
}
});
-router.post('/:admin/create-user-account', checkExistingUser, checkUserFields, (req: express.Request, res: express.Response) => {
+router.post('/:admin/create-user-account', checkExistingUser, checkUserFields, verifyToken, (req: express.Request, res: express.Response) => {
createAccountCheck(req, res);
});
-router.post('/:admin/create-question', checkExistingUser, checkQuestionFields,async (req: express.Request, res: express.Response) => {
+router.post('/:admin/create-question', checkExistingUser, checkQuestionFields, verifyToken, async (req: express.Request, res: express.Response) => {
const data = req.body;
const correctResponse: string = data.possibleResponse[data.correctResponse];
if (correctResponse !== undefined) {
@@ -78,7 +74,7 @@ router.post('/:admin/create-question', checkExistingUser, checkQuestionFields,as
}
});
-router.put('/:admin/update-user-account', checkExistingUser, checkUsernameField, async (req: express.Request, res: express.Response) => {
+router.put('/:admin/update-user-account', checkExistingUser, checkUsernameField, verifyToken, async (req: express.Request, res: express.Response) => {
const data=req.body;
const username = data.username;
try{
@@ -109,7 +105,7 @@ router.put('/:admin/update-user-account', checkExistingUser, checkUsernameField,
});
-router.put('/:admin/update-question', checkExistingUser,checkIdField,async (req: express.Request, res: express.Response) => {
+router.put('/:admin/update-question', checkExistingUser,checkIdField, verifyToken, async (req: express.Request, res: express.Response) => {
const data=req.body;
const id = data.id;
try{
@@ -135,7 +131,7 @@ router.put('/:admin/update-question', checkExistingUser,checkIdField,async (req:
-router.delete('/:admin/delete-user-account', checkExistingUser, checkUsernameField, async (req: express.Request, res: express.Response) => {
+router.delete('/:admin/delete-user-account', checkExistingUser, checkUsernameField, verifyToken, async (req: express.Request, res: express.Response) => {
let data=req.body
if(req.params.admin !== data.username) {
try{
@@ -157,7 +153,7 @@ router.delete('/:admin/delete-user-account', checkExistingUser, checkUsernameFie
});
-router.delete('/:admin/delete-question', checkExistingUser, checkIdField, async (req: express.Request, res: express.Response) => {
+router.delete('/:admin/delete-question', checkExistingUser, checkIdField, verifyToken, async (req: express.Request, res: express.Response) => {
let data = req.body
try {
let questionDelete = await Database.deleteQuestion(data.id);
@@ -176,7 +172,7 @@ router.delete('/:admin/delete-question', checkExistingUser, checkIdField, async
});
-router.post('/:admin/get-user', checkExistingUser, async (req: express.Request, res: express.Response) => {
+router.post('/:admin/get-user', checkExistingUser, verifyToken, async (req: express.Request, res: express.Response) => {
const data = req.body
let user=await Database.infoUser(data.username);
user.dataValues.password="CONFIDENTIAL!!!"
diff --git a/API/src/routes/router-gamer.ts b/API/src/routes/router-gamer.ts
index cf915829b9769fc702354ba63450dd1cfbfbbd6e..415929610f97d2abac8fcc3882222f26600fb99d 100644
--- a/API/src/routes/router-gamer.ts
+++ b/API/src/routes/router-gamer.ts
@@ -1,6 +1,6 @@
import express from 'express';
import { StatusCodes } from 'http-status-codes';
-import {checkExistingUser} from "./middleware";
+import {checkExistingUser, TokenRequest, verifyToken} from "./middleware";
const router: express.Router = express.Router();
@@ -9,8 +9,8 @@ router.get('/', (req: express.Request, res: express.Response) => {
res.status(StatusCodes.OK).json({ message: 'Gamers route' })
});
-router.get('/:username', checkExistingUser, (req: express.Request, res: express.Response) => {
-
+router.get('/:username', checkExistingUser, verifyToken, (req: TokenRequest, res: express.Response) => {
+ res.status(StatusCodes.OK).json({access_user: req.user});
});
diff --git a/API/src/routes/router-guest.ts b/API/src/routes/router-guest.ts
index 79500bcdd50ece47bfb815a87c4a9967882bf3e7..ad6875e571b780883d9b047a867bb5aeee6a89fb 100644
--- a/API/src/routes/router-guest.ts
+++ b/API/src/routes/router-guest.ts
@@ -2,6 +2,9 @@ import express from 'express';
import { StatusCodes } from 'http-status-codes';
import {checkExistingUser, checkUserFields, createAccountCheck} from './middleware'
import {Database} from "../database/Database";
+import * as process from "process";
+import {userType} from "../database/models/User";
+const jwt = require('jsonwebtoken');
@@ -25,7 +28,11 @@ router.post('/:username', checkExistingUser, async (req: express.Request, res: e
if(user){
let usertype=user.dataValues.type === "user"?"USER":"ADMIN"
if (user.dataValues.password === data.password) {
- res.status(StatusCodes.OK).json({message: usertype+"_ALLOWED"})
+ // Génération du token JWT
+ const userInfo={ type: userType, username: req.params.username, firstname: user.dataValues.firstname, lastname: user.dataValues.lastname }
+ const secretKey=process.env.SECRET_KEY;
+ const token = jwt.sign(userInfo, secretKey);
+ res.status(StatusCodes.OK).json({message: usertype+"_ALLOWED", token: token, firstname: user.dataValues.firstname, lastname: user.dataValues.lastname});
}else{
res.status(StatusCodes.BAD_REQUEST).json({message: "USER_PASSWORD_FALSE"})
}
diff --git a/Frontend/quizz-game/src/app/login/session-model.ts b/Frontend/quizz-game/src/app/login/session-model.ts
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391