DB server

var async = require('async');
var express = require('express');
const app = express()
const port = 1337
var fs = require('fs');
var formidable = require('formidable');
const fileUpload = require('express-fileupload');
var cors = require('cors')
var uniqid = require('uniqid');
var hash = require('object-hash');

app.use("/css", express.static(__dirname + '/css'));
app.use("/js", express.static(__dirname + '/js'));
app.use("/txt", express.static(__dirname + '/txt'));
app.use("/img", express.static(__dirname + '/img'));
app.use("/ups", express.static(__dirname + '/uploads'));
app.use("/thm", express.static(__dirname + '/thumbnails'));
app.use(cors())

var mysql = require('mysql');
var con = mysql.createConnection({
    host: "localhost",
    user: "Node",
    password: ""
});
con.connect(function (err) {
    if (err) throw err;
    console.log("Connected!");
});
app.post('/submitlogin', function (req, res) {
    console.log("smth")
        var form = new formidable.IncomingForm();
        form.parse(req, function (err, fields, files) {
            var passhash = hash(fields.pass);
            console.log(fields.name, passhash);
            var sql = "SELECT * FROM `database`.users WHERE name='" + fields.name + "' AND passwordHashed='" + passhash + "';"
            con.query(sql, function (err, result) {
                if (err) throw err;
                console.log(result);
            });
        });
});
app.post('/fileupload', function (req, res) {
    if (req.url == '/fileupload') {
        var form = new formidable.IncomingForm();
        form.parse(req, function (err, fields, files) {
            console.log(fields.desc);
            var oldpath = files.filetoupload.path;
            var terribleId = uniqid();
            terribleId +="-"
            var sql = "INSERT INTO `database`.`img` (`image`, `des`) VALUES ('" + terribleId + files.filetoupload.name + "', '" + fields.desc + "')";
            con.query(sql, function (err, result) {
                if (err) throw err;
                console.log("1 record inserted");
            });
            var newpath = 'C:/Users/azuz/source/repos/Database/Database/uploads/' + terribleId + files.filetoupload.name;
            fs.rename(oldpath, newpath, function (err) {
                if (err) throw err;
                res.writeHead(301,
                    {
                        Location: 'http://localhost:4200'
                    }
                );
                res.end();

            });
        });
    }
});

app.get('/delimg:delid', function (req, res) {
    res.writeHead(200, { 'Content-Type': 'text/plain' });
    var sql3 = "DELETE FROM`database`.`img` WHERE(`image` = '" + req.params.delid + "')";
    console.log(sql3);
    con.query(sql3, function (err, result) {
        if (err) throw err;
        res.write("most likely deleted");
        res.end();
    });
    fs.unlinkSync(__dirname + '/uploads/' + req.params.delid);
    console.log(req.params.delid);
});

app.get('/imagelist', function (req, res) {
    res.writeHead(200, { 'Content-Type': 'application/json' });
    var sql2 = "SELECT * FROM `database`.img";
    con.query(sql2, function (err, result) {
        if (err) throw err;
        console.log(result);
        res.write(JSON.stringify(result));
        res.end();
    });
});

app.set('view engine', 'pug')
app.get('/', function (req, res) {

    res.render('index', {});
})

app.listen(port, () => console.log(`Example app listening on port ${port}!`))