add: added auth to the api

back/api/auth.js

@@ -0,0 +1,57 @@
+const express = require('express');
+const sha256 = require("sha256");
+const jwt = require('jsonwebtoken');
+const { getConnection, addUser, getUserByEmail } = require('../libs/mysql');
+const { checkAuth } = require('../libs/middlewares');
+
+const router = express.Router();
+
+router.post('/login', async (req, res) => {
+    const { email, password } = req.body;
+
+    if (!email || !password) {
+        return res.status(400).send({ error: 'Invalid email or password' });
+    }
+
+    const connection = await getConnection();
+    const user = await getUserByEmail(connection, email);
+    connection.end();
+    if (user[0]) {
+        if (user[0].password === sha256(password)) {
+            const token = jwt.sign({ id: user[0].id }, process.env.JWT_SECRET, {
+                expiresIn: 1000 * 60 * 60 * 24 * 7,
+            });
+            return res.send({ token: token });
+        }
+    }
+    res.status(401).send({ error: 'Invalid email or password' });
+});
+
+router.post('/register', async (req, res) => {
+    const { name, lastname, email, numero, password } = req.body;
+    const connection = await getConnection();
+
+    if (!name || !lastname || !password || !email || !numero) {
+        connection.end();
+        return res.status(400).send({ error: 'Invalid username or password' });
+    }
+
+    const user = await getUserByEmail(connection, email);
+    if (user[0]) {
+        connection.end();
+        return res.status(401).send({ error: 'Username already exists' });
+    }
+
+    const hash = sha256(password);
+    await addUser(connection, name, lastname, email, numero, hash);
+    connection.end();
+
+    res.send({ message: 'User added' });
+});
+
+router.post('/me', checkAuth, async (req, res) => {
+    const user = req.user;
+    res.send({ id: user.id, name: user.name, lastname: user.lastname, admin: user.admin });  
+});
+
+module.exports = router;

back/api/hello.js

@@ -1,14 +1,6 @@
 const express = require('express');
-const cookieParser = require('cookie-parser');
-const cors = require('cors');
-const jwt = require('jsonwebtoken');
-
 const router = express.Router();
 
-router.use(express.json());
-router.use(cookieParser());
-router.use(cors());
-
 router.get('/', (req, res) => {
     res.send('Hello World!');
 });

back/bank.sql

@@ -0,0 +1,141 @@
+-- phpMyAdmin SQL Dump
+-- version 5.2.1
+-- https://www.phpmyadmin.net/
+--
+-- Host: leizour.fr
+-- Generation Time: Apr 09, 2025 at 02:41 PM
+-- Server version: 10.11.3-MariaDB-1:10.11.3+maria~ubu2204
+-- PHP Version: 8.1.19
+
+SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
+START TRANSACTION;
+SET time_zone = "+00:00";
+
+
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
+/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
+/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
+/*!40101 SET NAMES utf8mb4 */;
+
+--
+-- Database: `bank`
+--
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `accounts`
+--
+
+CREATE TABLE `accounts` (
+  `id` int(11) NOT NULL,
+  `balance` bigint(20) NOT NULL,
+  `client_id` int(11) NOT NULL,
+  `name` varchar(20) NOT NULL,
+  `interest` float NOT NULL DEFAULT 0
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `cards`
+--
+
+CREATE TABLE `cards` (
+  `id` int(11) NOT NULL,
+  `account_id` int(11) NOT NULL,
+  `number` int(11) NOT NULL,
+  `expiration` timestamp NOT NULL,
+  `cvc` int(11) NOT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `transfers`
+--
+
+CREATE TABLE `transfers` (
+  `id` int(11) NOT NULL,
+  `account_from_id` int(11) NOT NULL,
+  `account_to_id` int(11) NOT NULL,
+  `name` varchar(30) NOT NULL,
+  `value` int(11) NOT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `users`
+--
+
+CREATE TABLE `users` (
+  `id` int(11) NOT NULL,
+  `name` varchar(20) NOT NULL,
+  `lastname` varchar(20) NOT NULL,
+  `password` varchar(150) NOT NULL,
+  `email` varchar(100) NOT NULL,
+  `numero` varchar(20) NOT NULL,
+  `admin` tinyint(1) NOT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+
+--
+-- Indexes for dumped tables
+--
+
+--
+-- Indexes for table `accounts`
+--
+ALTER TABLE `accounts`
+  ADD PRIMARY KEY (`id`);
+
+--
+-- Indexes for table `cards`
+--
+ALTER TABLE `cards`
+  ADD PRIMARY KEY (`id`);
+
+--
+-- Indexes for table `transfers`
+--
+ALTER TABLE `transfers`
+  ADD PRIMARY KEY (`id`);
+
+--
+-- Indexes for table `users`
+--
+ALTER TABLE `users`
+  ADD PRIMARY KEY (`id`);
+
+--
+-- AUTO_INCREMENT for dumped tables
+--
+
+--
+-- AUTO_INCREMENT for table `accounts`
+--
+ALTER TABLE `accounts`
+  MODIFY `id` int(11) NOT NULL AUTO_INCREMENT;
+
+--
+-- AUTO_INCREMENT for table `cards`
+--
+ALTER TABLE `cards`
+  MODIFY `id` int(11) NOT NULL AUTO_INCREMENT;
+
+--
+-- AUTO_INCREMENT for table `transfers`
+--
+ALTER TABLE `transfers`
+  MODIFY `id` int(11) NOT NULL AUTO_INCREMENT;
+
+--
+-- AUTO_INCREMENT for table `users`
+--
+ALTER TABLE `users`
+  MODIFY `id` int(11) NOT NULL AUTO_INCREMENT;
+COMMIT;
+
+/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
+/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
+/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

back/index.js

@@ -4,6 +4,7 @@ const path = require("path");
 const config = require("./config");
 const cookieParser = require("cookie-parser");
 const cors = require("cors");
+require("dotenv").config();
 
 const app = express();
 const port = config.port || 3000;

back/libs/middlewares.js

@@ -0,0 +1,28 @@
+const jwt = require('jsonwebtoken');
+const { getConnection, getUser } = require('./mysql');
+
+async function checkAuth(req, res, next) {
+    const { token } = req.body;
+    if (!token) {
+        return res.status(401).send({ error: 'No token provided' });
+    }
+    
+    try {
+        const decoded = jwt.verify(token, process.env.JWT_SECRET);
+        const connection = await getConnection();
+        const user = await getUser(connection, decoded.id);
+        connection.end();
+        if (!user[0]) {
+            return res.status(401).send({ error: 'Invalid token' });
+        }
+        req.user = user[0];
+        next();
+    }
+    catch (err) {
+        return res.status(401).send({ error: 'Invalid token' });
+    }
+}
+
+module.exports = {
+    checkAuth,
+};

back/libs/mysql.js

@@ -0,0 +1,82 @@
+const mysql = require("mysql");
+
+function getConnection() {
+	return mysql.createConnection({
+		host: process.env.MYSQL_HOST,
+		user: process.env.MYSQL_USER,
+		password: process.env.MYSQL_PASSWORD,
+		database: process.env.MYSQL_DATABASE,
+	});
+}
+
+// +-------------------------------+
+// |            Users              |
+// +-------------------------------+
+
+function addUser(connection, name, lastname, email, numero, password) {
+	return new Promise((resolve, reject) => {
+		connection.query(
+			`INSERT INTO users (name, lastname, email, numero, password) VALUES (?, ?, ?, ?, ?)`,
+			[name, lastname, email, numero, password],
+			(error, result) => {
+				if (error) {
+					reject(new Error(error));
+				}
+				resolve(result);
+			}
+		);
+	});
+}
+
+function getUsers(connection) {
+	return new Promise((resolve, reject) => {
+		connection.query(
+			`SELECT * FROM users`,
+			(error, result) => {
+				if (error) {
+					reject(new Error(error));
+				}
+				resolve(result);
+			}
+		);
+	});
+}
+
+function getUser(connection, id) {
+	return new Promise((resolve, reject) => {
+		connection.query(
+			`SELECT * FROM users WHERE id = ?`,
+			[id],
+			(error, result) => {
+				if (error) {
+					reject(new Error(error));
+				}
+				resolve(result);
+			}
+		);
+	});
+}
+
+function getUserByEmail(connection, email) {
+	return new Promise((resolve, reject) => {
+		connection.query(
+			`SELECT * FROM users WHERE email = ?`,
+			[email],
+			(error, result) => {
+				if (error) {
+					reject(new Error(error));
+				}
+				resolve(result);
+			}
+		);
+	});
+}
+
+module.exports = {
+	getConnection,
+
+	addUser,
+	getUsers,
+	getUser,
+	getUserByEmail,
+};

back/package.json

@@ -11,13 +11,12 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "axios": "^1.6.5",
     "cookie-parser": "^1.4.6",
     "cors": "^2.8.5",
     "dotenv": "^16.3.1",
     "express": "^4.18.2",
-    "fs": "^0.0.1-security",
-    "https": "^1.0.0",
-    "jsonwebtoken": "^9.0.2"
+    "jsonwebtoken": "^9.0.2",
+    "mysql": "^2.18.1",
+    "sha256": "^0.2.0"
   }
 }