add token sign and verify

79de47f1 · narindra.rajohnso · e56dc14a · 79de47f1 · 79de47f1 · 79de47f1
Commit 79de47f1 authored 2 years ago by narindra.rajohnso
--- a/API/.env
+++ b/API/.env
 ########################### Server env vars
 API_PORT=30992
+########################### (openssl rand -hex 32)
+SECRET_KEY="d8e730bd53c2cb0b9271bded343dd19ceef04e58e6a10eafe29c8f4a9a99f488"
--- a/API/src/database/database.sqlite
+++ b/API/src/database/database.sqlite
--- a/API/src/routes/BaseRoutes.ts
+++ b/API/src/routes/BaseRoutes.ts
@@ -4,7 +4,7 @@ import { StatusCodes } from 'http-status-codes';
 const router: express.Router = express.Router();
-router.get('/', (req: express.Request, res: express.Response) => res.status(StatusCodes.OK).json({message: "Base route"}));
+router.get('/token/login', (req: express.Request, res: express.Response) => res.status(StatusCodes.OK).json({message: "Base route"}));

--- a/API/src/routes/middleware.ts
+++ b/API/src/routes/middleware.ts
@@ -3,6 +3,8 @@ import { StatusCodes } from 'http-status-codes';
 import {userType} from '../database/models/User'
 import {Database} from "../database/Database";
+const jwt = require('jsonwebtoken');
 export function checkUserFields(req: express.Request, res: express.Response, next: express.NextFunction)  {
    if (!req.body.username && !req.body.password && !req.body.accountType) {
        return res.status(400).json({ error: '"username", "password" and "accountType" required' });
@@ -41,6 +43,31 @@ export async function checkExistingUser(req: express.Request, res: express.Respo
 }
+export interface TokenRequest extends express.Request {
+    user?: any;
+}
+export async function verifyToken(req: TokenRequest, res: express.Response, next: express.NextFunction) {
+    const authHeader = req.headers['authorization'];
+    if (!authHeader) {
+        return res.status(401).json({message: 'Token not provided', header: req.headers});
+    }
+    const token = authHeader.split(" ")[1];
+    const secretKey = process.env.SECRET_KEY;
+    try {
+        req.user = jwt.verify(token, secretKey);
+        if(req.user.username !== req.params.admin)
+            return res.status(403).json({message: 'Invalid token user'});
+        //check if admin or user
+        next();
+    } catch (error) {
+        return res.status(403).json({message: 'Invalid token'});
+    }
+}
 export function checkQuestionFields(req: express.Request, res: express.Response, next: express.NextFunction)  {

--- a/API/src/routes/router-admin.ts
+++ b/API/src/routes/router-admin.ts
@@ -9,22 +9,18 @@ import {
    checkQuestionFields,
    checkUserFields,
    checkUsernameField,
-    createAccountCheck
+    createAccountCheck, verifyToken
 } from './middleware'
 import {Database} from "../database/Database";
 const router: express.Router = express.Router();
-router.get('/', (req: express.Request, res: express.Response) => {
-    res.status(StatusCodes.OK).json({ message: 'Admins route' })
-});
-router.get('/:admin', checkExistingUser, (req: express.Request, res: express.Response) => {
-    res.status(StatusCodes.OK).json({ message: 'Admin id route' })
-});
-router.get('/:admin/list-users', checkExistingUser,async (req: express.Request, res: express.Response) => {
+router.get('/:admin/list-users', checkExistingUser, verifyToken, async (req: express.Request, res: express.Response) => {
    try {
        const users = await Database.getAllUsers();
        res.status(StatusCodes.OK).json({users});
@@ -33,7 +29,7 @@ router.get('/:admin/list-users', checkExistingUser,async (req: express.Request,
    }
 });
-router.get('/:admin/list-questions',  checkExistingUser, async (req: express.Request, res: express.Response) => {
+router.get('/:admin/list-questions',  checkExistingUser, verifyToken, async (req: express.Request, res: express.Response) => {
    try {
        const questions = await Database.getAllQuestions();
        questions.forEach(q => {
@@ -48,11 +44,11 @@ router.get('/:admin/list-questions',  checkExistingUser, async (req: express.Req
    }
 });
-router.post('/:admin/create-user-account', checkExistingUser, checkUserFields,  (req: express.Request, res: express.Response) => {
+router.post('/:admin/create-user-account', checkExistingUser, checkUserFields, verifyToken, (req: express.Request, res: express.Response) => {
    createAccountCheck(req, res);
 });
-router.post('/:admin/create-question', checkExistingUser, checkQuestionFields,async (req: express.Request, res: express.Response) => {
+router.post('/:admin/create-question', checkExistingUser, checkQuestionFields, verifyToken, async (req: express.Request, res: express.Response) => {
    const data = req.body;
    const correctResponse: string = data.possibleResponse[data.correctResponse];
    if (correctResponse !== undefined) {
@@ -78,7 +74,7 @@ router.post('/:admin/create-question', checkExistingUser, checkQuestionFields,as
    }
 });
-router.put('/:admin/update-user-account', checkExistingUser, checkUsernameField, async (req: express.Request, res: express.Response) => {
+router.put('/:admin/update-user-account', checkExistingUser, checkUsernameField, verifyToken, async (req: express.Request, res: express.Response) => {
    const data=req.body;
    const username = data.username;
    try{
@@ -109,7 +105,7 @@ router.put('/:admin/update-user-account', checkExistingUser, checkUsernameField,
 });
-router.put('/:admin/update-question', checkExistingUser,checkIdField,async (req: express.Request, res: express.Response) => {
+router.put('/:admin/update-question', checkExistingUser,checkIdField, verifyToken, async (req: express.Request, res: express.Response) => {
    const data=req.body;
    const id = data.id;
    try{
@@ -135,7 +131,7 @@ router.put('/:admin/update-question', checkExistingUser,checkIdField,async (req:
-router.delete('/:admin/delete-user-account', checkExistingUser, checkUsernameField, async (req: express.Request, res: express.Response) => {
+router.delete('/:admin/delete-user-account', checkExistingUser, checkUsernameField, verifyToken, async (req: express.Request, res: express.Response) => {
    let data=req.body
    if(req.params.admin !== data.username) {
        try{
@@ -157,7 +153,7 @@ router.delete('/:admin/delete-user-account', checkExistingUser, checkUsernameFie
 });
-router.delete('/:admin/delete-question', checkExistingUser, checkIdField, async (req: express.Request, res: express.Response) => {
+router.delete('/:admin/delete-question', checkExistingUser, checkIdField, verifyToken, async (req: express.Request, res: express.Response) => {
    let data = req.body
    try {
        let questionDelete = await Database.deleteQuestion(data.id);
@@ -176,7 +172,7 @@ router.delete('/:admin/delete-question', checkExistingUser, checkIdField, async
 });
-router.post('/:admin/get-user', checkExistingUser, async (req: express.Request, res: express.Response) => {
+router.post('/:admin/get-user', checkExistingUser, verifyToken, async (req: express.Request, res: express.Response) => {
    const data = req.body
    let user=await Database.infoUser(data.username);
    user.dataValues.password="CONFIDENTIAL!!!"

--- a/API/src/routes/router-gamer.ts
+++ b/API/src/routes/router-gamer.ts
 import express         from 'express';
 import { StatusCodes } from 'http-status-codes';
-import {checkExistingUser} from "./middleware";
+import {checkExistingUser, TokenRequest, verifyToken} from "./middleware";
 const router: express.Router = express.Router();
@@ -9,8 +9,8 @@ router.get('/', (req: express.Request, res: express.Response) => {
    res.status(StatusCodes.OK).json({ message: 'Gamers route' })
 });
-router.get('/:username', checkExistingUser, (req: express.Request, res: express.Response) => {
+router.get('/:username', checkExistingUser, verifyToken, (req: TokenRequest, res: express.Response) => {
+    res.status(StatusCodes.OK).json({access_user: req.user});
 });

--- a/API/src/routes/router-guest.ts
+++ b/API/src/routes/router-guest.ts
@@ -2,6 +2,9 @@ import express         from 'express';
 import { StatusCodes } from 'http-status-codes';
 import {checkExistingUser, checkUserFields, createAccountCheck} from './middleware'
 import {Database} from "../database/Database";
+import * as process from "process";
+import {userType} from "../database/models/User";
+const jwt = require('jsonwebtoken');
@@ -25,7 +28,11 @@ router.post('/:username', checkExistingUser, async (req: express.Request, res: e
    if(user){
        let usertype=user.dataValues.type === "user"?"USER":"ADMIN"
        if (user.dataValues.password === data.password) {
-            res.status(StatusCodes.OK).json({message: usertype+"_ALLOWED"})
+            // Génération du token JWT
+            const userInfo={ type: userType, username: req.params.username, firstname: user.dataValues.firstname, lastname: user.dataValues.lastname }
+            const secretKey=process.env.SECRET_KEY;
+            const token = jwt.sign(userInfo, secretKey);
+            res.status(StatusCodes.OK).json({message: usertype+"_ALLOWED", token: token, firstname: user.dataValues.firstname, lastname: user.dataValues.lastname});
        }else{
            res.status(StatusCodes.BAD_REQUEST).json({message: "USER_PASSWORD_FALSE"})
        }

--- a/Frontend/quizz-game/src/app/login/session-model.ts
+++ b/Frontend/quizz-game/src/app/login/session-model.ts