Add User Authentication

package.json

@@ -18,8 +18,10 @@
     "ejs": "^3.1.6",
     "express": "^4.17.3",
     "express-ejs-layouts": "^2.5.1",
+    "express-session": "^1.17.2",
     "mongoose": "^6.2.5",
-    "postcss-cli": "^9.1.0"
+    "postcss-cli": "^9.1.0",
+    "uid-safe": "^2.1.5"
   },
   "devDependencies": {
     "autoprefixer": "^10.4.2",

src/.env.example

@@ -1,7 +1,11 @@
-# Server
+# Website localhost:SERVER_PORT
 SERVER_PORT=4000
 
+# Keep long and disclosed - to administer sessions
+SECRET_KEY=
+
 # Database
 DB_HOST=127.0.0.1
 DB_PORT=27017
+# Super class for all data
 DB_NAME=

src/app/Http/AuthenticationController.js

@@ -1,22 +1,131 @@
 const User = require('../Models/User');
 const bcrypt = require('bcrypt');
+// On any request req, req.session.user is now available where the userSession can be accesed
+//  by User = require('../Models/User'); and then User.findOne to fetch the user from the database
 
+/**
+ * Show the login page and check if the user is already logged in
+ * @param {*} req
+ * @param {*} res
+ */
 exports.login = (req, res) => {
+    if (req.session.user)
+        res.redirect('dashboard');
+
     res.render('auth/login');
 }
 
+/**
+ * Show the register page and check if the user is already logged in
+ * @param {*} req
+ * @param {*} res
+ */
 exports.register = (req, res) => {
+    if (req.session.user)
+        res.redirect('dashboard');
+
     res.render('auth/register');
 }
 
+/**
+ * Authenticate the user and redirect to the dashboard
+ * @param {*} req
+ * @param {*} res
+ * @returns
+ */
 exports.authenticate = (req, res) => {
+    const {
+        email,
+        password
+    } = req.body;
+
+    if (!email || !password) {
+        return res.status(400).send("Please fill all the fields");
+    };
 
+    User.findOne({
+            email
+        })
+        .then(user => {
+            if (!user) {
+                return res.status(400).send("User does not exist");
+            }
+
+            bcrypt.compare(password, user.password)
+                .then(isMatch => {
+                    if (isMatch) {
+                        req.session.user = user;
+                        res.json(user);
+                    } else {
+                        return res.status(400).send("Incorrect password");
+                    }
+                })
+                .catch(err => console.log(err));
+        });
 }
 
+/**
+ * Create a new user and redirect to the dashboard
+ * @param {*} req
+ * @param {*} res
+ * @returns
+ */
 exports.store = (req, res) => {
-
+    const {
+        name,
+        email,
+        password,
+        password_confirmation
+    } = req.body;
+
+    if (!name || !email || !password || !password_confirmation) {
+        return res.status(400).send("Please fill all the fields");
+    };
+
+    if (password !== password_confirmation) {
+        return res.status(400).send('Passwords do not match');
+    }
+
+    if (password.length < 6) {
+        return res.status(400).send("Password must be at least 6 characters");
+    };
+
+    User.findOne({
+            email
+        })
+        .then(user => {
+            if (user) {
+                return res.status(400).send("User already exists");
+            }
+
+            const newUser = new User({
+                name,
+                email,
+                password
+            });
+
+            bcrypt.genSalt(10, (err, salt) => {
+                bcrypt.hash(newUser.password, salt, (err, hash) => {
+                    if (err) throw err;
+                    newUser.password = hash;
+                    newUser.save()
+                        .then(user => {
+                            req.session.user = user;
+                            res.json(user);
+                            // res.redirect('login');
+                        })
+                        .catch(err => console.log(err));
+                });
+            });
+        });
 }
 
+/**
+ * Logout the user and redirect to the login page
+ * @param {*} req
+ * @param {*} res
+ */
 exports.logout = (req, res) => {
-
-}
+    req.session.destroy();
+    res.redirect('/login');
+}

src/app/Models/User.js

@@ -1,13 +1,24 @@
 const mongo = require('mongoose');
-
 const Schema = mongo.Schema;
 
 const UserSchema = new Schema({
     name: {
         type: String,
-        required: true,
+        required: true
+    },
+    email: {
+        type: String,
+        required: true
+    },
+    password: {
+        type: String,
+        required: true
+    },
+    date: {
+        type: Date,
+        default: Date.now
     },
 });
 
 const User = mongo.model('User', UserSchema);
-module.exports = User;
+module.exports = User;

src/server.js

@@ -2,8 +2,11 @@ const express = require('express');
 const app = express();
 const path = require('path');
 const expressEjsLayout = require('express-ejs-layouts');
-require('dotenv').config();
+const sessions = require("express-session");
+const dotenv = require('dotenv');
 
+//read .env
+dotenv.config();
 
 // Template Engine
 app.set('views', path.join(__dirname, '../src/resources/views'));
@@ -20,6 +23,17 @@ app.use('/api/auth', require('./routes/auth'));
 
 // Database
 require('./database/mongo');
+// create req.body method
+app.use(express.json());
+app.use(express.urlencoded({ extended: true }));
+// Register session cookies
+app.use(sessions({
+    secret: process.env.SECRET_KEY,
+    saveUninitialized:true,
+    cookie: { maxAge: 108000 }, //30 hours add ", Secure: True" and next to maxAge and app.set('trust proxy', 1)  for https
+    resave: false,
+    rolling: true //Add store: if instead of saving cookie sessions in memory save to the database instead
+}));
 
 // Server app
 app.listen(process.env.SERVER_PORT || 3000, (err) => {