Hw04 auth

app.js

@@ -1,25 +1,34 @@
-const express = require('express')
-const logger = require('morgan')
-const cors = require('cors')
+require("dotenv").config();
 
-const contactsRouter = require('./routes/api/contacts')
+const express = require("express");
+const logger = require("morgan");
+const cors = require("cors");
+const mongoose = require("mongoose");
+const connectDB = require("./db");
+const authRoutes = require("./routes/auth");
+const userRoutes = require("./routes/api/users");
+const contactsRouter = require("./routes/api/contacts");
 
-const app = express()
+const app = express();
 
-const formatsLogger = app.get('env') === 'development' ? 'dev' : 'short'
+const formatsLogger = app.get("env") === "development" ? "dev" : "short";
 
-app.use(logger(formatsLogger))
-app.use(cors())
-app.use(express.json())
+connectDB();
 
-app.use('/api/contacts', contactsRouter)
+app.use(logger(formatsLogger));
+app.use(cors());
+app.use(express.json());
+
+app.use("/api/auth", authRoutes);
+app.use("/api/users", userRoutes);
+app.use("/api/contacts", contactsRouter);
 
 app.use((req, res) => {
-  res.status(404).json({ message: 'Not found' })
-})
+  res.status(404).json({ message: "Not found" });
+});
 
 app.use((err, req, res, next) => {
-  res.status(500).json({ message: err.message })
-})
+  res.status(500).json({ message: err.message });
+});
 
-module.exports = app
+module.exports = app;

controllers/authController.js

@@ -0,0 +1,147 @@
+const bcrypt = require("bcryptjs");
+const jwt = require("jsonwebtoken");
+const User = require("../models/user");
+
+const signup = async (req, res) => {
+  const { email, password } = req.body;
+
+  try {
+    const existingUser = await User.findOne({ email });
+    if (existingUser) {
+      return res.status(409).json({ message: "Email in use" });
+    }
+
+    const salt = await bcrypt.genSalt(10);
+    const hashedPassword = await bcrypt.hash(password, salt);
+
+    const newUser = new User({
+      email,
+      password: hashedPassword,
+      subscription: "starter",
+    });
+    await newUser.save();
+
+    res.status(201).json({
+      user: {
+        email: newUser.email,
+        subscription: newUser.subscription,
+      },
+    });
+  } catch (error) {
+    res
+      .status(500)
+      .json({ message: "Failed to save user", error: error.message });
+  }
+};
+
+const login = async (req, res) => {
+  const { email, password } = req.body;
+
+  if (!email || !password) {
+    return res.status(400).json({ message: "Email and password are required" });
+  }
+
+  try {
+    console.log("Login attempt with email:", email);
+
+    const user = await User.findOne({ email });
+    console.log("User found:", user);
+
+    if (!user) {
+      console.log("No user found with that email.");
+      return res.status(401).json({ message: "Email or password is wrong" });
+    }
+
+    const isPasswordCorrect = await bcrypt.compare(password, user.password);
+
+    if (!isPasswordCorrect) {
+      return res.status(401).json({ message: "Email or password is wrong" });
+    }
+
+    const token = jwt.sign({ id: user._id }, process.env.JWT_SECRET, {
+      expiresIn: "1h",
+    });
+
+    user.token = token;
+    await user.save();
+
+    res.status(200).json({
+      token,
+      user: {
+        email: user.email,
+        subscription: user.subscription,
+      },
+    });
+  } catch (error) {
+    console.error("Error during login process:", error);
+    res.status(500).json({ message: error.message });
+  }
+};
+
+const logout = async (req, res) => {
+  try {
+    const userId = req.user._id;
+
+    const user = await User.findByIdAndUpdate(userId, { token: null });
+    if (!user) {
+      return res.status(401).json({ message: "Not authorized" });
+    }
+
+    res.status(204).send();
+  } catch (error) {
+    console.error("Error during logout:", error);
+    res.status(500).json({ message: "Server error" });
+  }
+};
+
+const getCurrent = async (req, res) => {
+  try {
+    const userId = req.user._id;
+
+    const user = await User.findById(userId);
+    if (!user) {
+      return res.status(401).json({ message: "Not authorized" });
+    }
+
+    res.status(200).json({
+      email: user.email,
+      subscription: user.subscription,
+    });
+  } catch (error) {
+    console.error("Error fetching current user:", error);
+    res.status(500).json({ message: "Server error" });
+  }
+};
+
+const updateSubscription = async (req, res) => {
+  const { subscription } = req.body;
+
+  const validSubscriptions = ["starter", "pro", "business"];
+  if (!subscription) {
+    return res.status(400).json({ message: "Subscription is required" });
+  }
+  if (!validSubscriptions.includes(subscription)) {
+    return res.status(400).json({ message: "Invalid subscription value" });
+  }
+
+  try {
+    const updatedUser = await User.findByIdAndUpdate(
+      req.user._id,
+      { subscription },
+      { new: true }
+    );
+
+    if (!updatedUser) {
+      return res.status(404).json({ message: "User not found" });
+    }
+
+    res.status(200).json({
+      email: updatedUser.email,
+      subscription: updatedUser.subscription,
+    });
+  } catch (error) {
+    return res.status(500).json({ message: "Server error" });
+  }
+};
+
+module.exports = { signup, login, updateSubscription, logout, getCurrent };

db.js

@@ -0,0 +1,14 @@
+require("dotenv").config();
+const mongoose = require("mongoose");
+
+const connectDB = async () => {
+  try {
+    const conn = await mongoose.connect(process.env.MONGODB_URI);
+    console.log(`MongoDB connected: ${conn.connection.host}`);
+  } catch (error) {
+    console.error(`Error connecting to MongoDB: ${error.message}`);
+    process.exit(1);
+  }
+};
+
+module.exports = connectDB;

middleware/authMiddleware.js

@@ -0,0 +1,35 @@
+const jwt = require("jsonwebtoken");
+const User = require("../models/user");
+
+const authMiddleware = async (req, res, next) => {
+  const authHeader = req.headers.authorization;
+
+  if (!authHeader) {
+    return res.status(401).json({ message: "Not authorized" });
+  }
+
+  const [type, token] = authHeader.split(" ");
+
+  if (type !== "Bearer" || !token) {
+    return res.status(401).json({ message: "Not authorized" });
+  }
+
+  try {
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
+
+    const user = await User.findById(decoded.id);
+    if (!user || user.token !== token) {
+      return res.status(401).json({ message: "Not authorized" });
+    }
+
+    req.user = user;
+    next();
+  } catch (error) {
+    if (error.name === "TokenExpiredError") {
+      return res.status(401).json({ message: "Token expired" });
+    }
+    return res.status(401).json({ message: "Not authorized" });
+  }
+};
+
+module.exports = authMiddleware;

middleware/validation.js

@@ -0,0 +1,16 @@
+const Joi = require("joi");
+
+const userValidationSchema = Joi.object({
+  email: Joi.string().email().required(),
+  password: Joi.string().min(6).required(),
+});
+
+const validateUser = (req, res, next) => {
+  const { error } = userValidationSchema.validate(req.body);
+  if (error) {
+    return res.status(400).json({ message: error.message });
+  }
+  next();
+};
+
+module.exports = validateUser;

models/contacts.js

@@ -1,19 +1,76 @@
-// const fs = require('fs/promises')
+const { Schema, model } = require("mongoose");
 
-const listContacts = async () => {}
+const contactSchema = new Schema(
+  {
+    name: {
+      type: String,
+      required: true,
+    },
+    email: {
+      type: String,
+      required: true,
+      unique: true,
+      match: [/^\S+@\S+\.\S+$/, "Invalid email format"], // Walidacja email
+    },
+    phone: {
+      type: String,
+      required: true,
+      match: [/^\+?[0-9\s-]+$/, "Invalid phone number"], // Walidacja numeru
+    },
+    favorite: {
+      type: Boolean,
+      default: false,
+    },
+    owner: {
+      type: Schema.Types.ObjectId,
+      ref: "user",
+      required: true,
+    },
+  },
+  { timestamps: true }
+);
 
-const getContactById = async (contactId) => {}
+const Contact = model("Contact", contactSchema);
 
-const removeContact = async (contactId) => {}
+const listContacts = async (filter = {}, skip = 0, limit = 20) => {
+  try {
+    return await Contact.find(filter).skip(skip).limit(limit);
+  } catch (error) {
+    throw error;
+  }
+};
+const getContactById = async (contactId, owner) => {
+  return await Contact.findOne({ _id: contactId, owner });
+};
 
-const addContact = async (body) => {}
+const removeContact = async (contactId, owner) => {
+  return await Contact.findOneAndRemove({ _id: contactId, owner });
+};
 
-const updateContact = async (contactId, body) => {}
+const addContact = async (body, owner) => {
+  return await Contact.create({ ...body, owner });
+};
+
+const updateContact = async (contactId, body, owner) => {
+  return await Contact.findOneAndUpdate({ _id: contactId, owner }, body, {
+    new: true,
+  });
+};
+
+const updateStatusContact = async (contactId, { favorite }, owner) => {
+  return await Contact.findOneAndUpdate(
+    { _id: contactId, owner },
+    { favorite },
+    { new: true }
+  );
+};
 
 module.exports = {
   listContacts,
   getContactById,
   removeContact,
   addContact,
   updateContact,
-}
+  updateStatusContact,
+  Contact,
+};

models/contacts.json

@@ -1,9 +1,9 @@
 [
   {
     "id": "AeHIrLTr6JkxGE6SN-0Rw",
-    "name": "Allen Raymond",
-    "email": "[email protected]",
-    "phone": "(992) 914-3792"
+    "name": "Sebastian",
+    "email": "[email protected]",
+    "phone": "123456789"
   },
   {
     "id": "qdggE76Jtbfd9eWJHrssH",
@@ -58,5 +58,11 @@
     "name": "Alec Howard",
     "email": "[email protected]",
     "phone": "(748) 206-2688"
+  },
+  {
+    "id": "c967f137-6519-4c36-a0a2-1110e98fce27",
+    "name": "Aaaaa Test",
+    "email": "[email protected]",
+    "phone": "11111111"
   }
-]
+]