hw04-auth

app.js

@@ -1,25 +1,33 @@
-const express = require('express')
-const logger = require('morgan')
-const cors = require('cors')
+const express = require("express");
+const logger = require("morgan");
+const cors = require("cors");
+const contactsRouter = require("./routes/api/contacts");
+const usersRouter = require("./routes/api/users");
+const auth = require("./middlewares/auth"); // middleware pt autentificare
 
-const contactsRouter = require('./routes/api/contacts')
+const app = express();
 
-const app = express()
+const formatsLogger = app.get("env") === "development" ? "dev" : "short";
 
-const formatsLogger = app.get('env') === 'development' ? 'dev' : 'short'
+// middlewareuri globale
+app.use(logger(formatsLogger));
+app.use(cors());
+app.use(express.json());
 
-app.use(logger(formatsLogger))
-app.use(cors())
-app.use(express.json())
+// rute publice (fara autentificare)
+app.use("/api/users", usersRouter);
 
-app.use('/api/contacts', contactsRouter)
+// rute protejate (autentificare necesara)
+app.use("/api/contacts", auth, contactsRouter); // adauga autentificarea pt rutele de contacte
 
+// ruta pentru erori 404
 app.use((req, res) => {
-  res.status(404).json({ message: 'Not found' })
-})
+  res.status(404).json({ message: "Not found" });
+});
 
+// middleware global pentru gestionarea erorilor
 app.use((err, req, res, next) => {
-  res.status(500).json({ message: err.message })
-})
+  res.status(500).json({ message: err.message });
+});
 
-module.exports = app
+module.exports = app;

middlewares/auth.js

@@ -0,0 +1,33 @@
+const jwt = require("jsonwebtoken");
+const User = require("../models/user");
+require("dotenv").config();
+
+const { SECRET_KEY } = process.env;
+
+const auth = async (req, res, next) => {
+  const { authorization = "" } = req.headers; // extrage antetul Authorization
+  const [bearer, token] = authorization.split(" ");
+
+  if (bearer !== "Bearer" || !token) {
+    return res.status(401).json({ message: "Not authorized" });
+  }
+
+  try {
+    // decodifica token
+    const { id } = jwt.verify(token, SECRET_KEY);
+
+    // gaseste utilizatorul in baza de date
+    const user = await User.findById(id);
+    if (!user || !user.token) {
+      return res.status(401).json({ message: "Not authorized" });
+    }
+
+    // adauga utilizatorul în req pentru a fi utilizat în rutele protejate
+    req.user = user;
+    next(); // Permite accesul la ruta
+  } catch (error) {
+    res.status(401).json({ message: "Not authorized" });
+  }
+};
+
+module.exports = auth;

models/contacts.js

@@ -1,19 +1,26 @@
-// const fs = require('fs/promises')
+const { Schema, model } = require("mongoose");
 
-const listContacts = async () => {}
+const contactSchema = new Schema({
+  name: {
+    type: String,
+    required: [true, "Set name for contact"],
+  },
+  email: {
+    type: String,
+  },
+  phone: {
+    type: String,
+  },
+  favorite: {
+    type: Boolean,
+    default: false,
+  },
+  owner: {
+    type: Schema.Types.ObjectId, // ref la utilizator
+    ref: "User", // numele modelului de utilizatori
+  },
+});
 
-const getContactById = async (contactId) => {}
+const Contact = model("contact", contactSchema);
 
-const removeContact = async (contactId) => {}
-
-const addContact = async (body) => {}
-
-const updateContact = async (contactId, body) => {}
-
-module.exports = {
-  listContacts,
-  getContactById,
-  removeContact,
-  addContact,
-  updateContact,
-}
+module.exports = Contact;

models/user.js

@@ -0,0 +1,26 @@
+const { Schema, model } = require("mongoose");
+
+const userSchema = new Schema({
+  password: {
+    type: String,
+    required: [true, "Password is required"],
+  },
+  email: {
+    type: String,
+    required: [true, "Email is required"],
+    unique: true,
+  },
+  subscription: {
+    type: String,
+    enum: ["starter", "pro", "business"],
+    default: "starter",
+  },
+  token: {
+    type: String,
+    default: null,
+  },
+});
+
+const User = model("user", userSchema);
+
+module.exports = User;