API tools faq
paste
Guest User

Untitled

a guest
Oct 28th, 2017
92
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.42 KB | None | 0 0
raw download clone embed print report
  1. var express = require('express');
  2. var _ = require('lodash')
  3. var format = require('pg-format')
  4. var router = express.Router();
  5. var config = require('config');
  6. var dbConfig = config.get('dbConfig');
  7. const { Pool, Client } = require('pg')
  8. var crypto = require('crypto');
  9. var jwt = require('jsonwebtoken');
  10. const path = require('path');
  11. const conString = 'postgres://postgres@localhost:5432/vidillion';
  12. const pool = new Pool(dbConfig)
  13. router.post("/login", function (req, res, next) {
  14. var username = req.body.username;
  15. var password = req.body.password;
  16. var hash = crypto.createHash('sha256').update(password).digest('base64');
  17. console.log("HASH---------", hash)
  18. var selectQuery = format('SELECT * FROM USERS WHERE username=%L', username)
  19. pool.query(selectQuery, (err, resp) => {
  20. if (err) {
  21. console.log('----ERROR IN DB----', err)
  22. }
  23. else {
  24. console.log('----RESP IN DB----', resp)
  25. var response = resp.rows.length != 0 && resp.rows || []
  26. if (response.length != 0) {
  27. if (hash == response[0].password) {
  28. const payload = {
  29. admin: response[0].role
  30. };
  31. var token = jwt.sign(payload, config.get('secretKey'), {
  32. expiresIn: 60 * 60 * 24
  33. });
  34. res.json({ message: 'Authentication Success', userrole: response[0].role, token, success: true, })
  35. }
  36. else {
  37. res.json({ message: 'Authentication failed incorrect password', success: false })
  38. }
  39. }
  40. else {
  41. res.json({ message: 'Invalid user', success: false })
  42. }
  43. }
  44. // pool.end()
  45. })
  46.  
  47.  
  48.  
  49. });
  50. router.get("/", function (req, res, next) {
  51. var selectQuery = "SELECT name,username,role,email FROM USERS WHERE system!='vidillion'"
  52. const token = req.body.token || req.query.token || req.headers['x-access-token'];
  53. if (token) {
  54. // verifies secret and checks exp
  55. jwt.verify(token, config.get('secretKey'), function (err, decoded) {
  56. if (err) {
  57. return res.json({ success: false, message: 'Failed to authenticate token.' });
  58. } else {
  59. pool.query(selectQuery, (err, resp) => {
  60. if (err) {
  61. console.log('----ERROR IN DB----', err)
  62. res.json({ message: 'Fetch Error', success: false })
  63. }
  64. else {
  65. console.log('----RESP IN DB----', resp)
  66. var response = resp.rows.length != 0 && resp.rows || []
  67. res.json({ message: 'Fetch Success', success: true, users: response })
  68. }
  69. })
  70. }
  71. });
  72.  
  73. } else {
  74. return res.status(403).send({
  75. success: false,
  76. message: 'No token provided.'
  77. });
  78.  
  79. }
  80. });
  81. router.post("/create", function (req, res, next) {
  82. console.log('----REQ IN DB----', req.body)
  83. var username = req.body.username
  84. var name = req.body.name
  85. var password = req.body.password
  86. var role = req.body.role
  87. var email = req.body.email
  88. var system = req.body.system
  89. if (username && name && password && role && email) {
  90. const token = req.body.token || req.query.token || req.headers['x-access-token'];
  91. if (token) {
  92. // verifies secret and checks exp
  93. jwt.verify(token, config.get('secretKey'), function (err, decoded) {
  94. if (err) {
  95. return res.json({ success: false, message: 'Failed to authenticate token.' });
  96. } else {
  97. var hashedPassword = crypto.createHash('sha256').update(password).digest('base64');
  98. var selectQuery = format('INSERT INTO USERS (name,username,password,role,email,system) VALUES (%L,%L,%L,%L,%L,%L)', name, username, hashedPassword, role, email, system)
  99. pool.query(selectQuery, (err, resp) => {
  100. if (err) {
  101. console.log('----ERROR IN DB----', err)
  102. res.json({ message: 'DB Error', success: false, "Error": err.detail })
  103. }
  104. else {
  105. console.log('----RESP IN DB----', resp)
  106. res.json({ message: 'Add New User Success', success: true })
  107. }
  108. })
  109. }
  110. });
  111.  
  112. } else {
  113. return res.status(403).send({
  114. success: false,
  115. message: 'No token provided.'
  116. });
  117.  
  118. }
  119. }
  120. else {
  121. res.json({ message: 'Field Missing', success: false })
  122. }
  123. });
  124. router.post("/update", function (req, res, next) {
  125. console.log('----REQ IN DB----', req.body)
  126. var username = req.body.username
  127. var name = req.body.name
  128. var password = req.body.password
  129. var role = req.body.role
  130. var email = req.body.email
  131. var system = req.body.system
  132. if (username && role && name && email && system) {
  133. var selectQuery = format('UPDATE USERS SET name=%L,role=%L,email=%L WHERE username=%L AND system=%L', name, role, email, username, system)
  134. const token = req.body.token || req.query.token || req.headers['x-access-token'];
  135. if (token) {
  136. // verifies secret and checks exp
  137. jwt.verify(token, config.get('secretKey'), function (err, decoded) {
  138. if (err) {
  139. return res.json({ success: false, message: 'Failed to authenticate token.' });
  140. } else {
  141. pool.query(selectQuery, (error, respo) => {
  142. if (error) {
  143. console.log('----ERROR IN DB----', error)
  144. res.json({ message: 'DB Error', success: false, "Error": error.detail })
  145. }
  146. else {
  147. console.log('----RESP IN DB----', respo)
  148. if (respo.rowCount == 0) {
  149. res.json({ message: 'No User Found', success: false })
  150. }
  151. else {
  152. res.json({ message: 'Update User Success', success: true })
  153. }
  154. }
  155. // pool.end()
  156. })
  157. }
  158. });
  159.  
  160. } else {
  161. return res.status(403).send({
  162. success: false,
  163. message: 'No token provided.'
  164. });
  165.  
  166. }
  167. }
  168. else {
  169. res.json({ Message: 'Field Missing', success: false })
  170. }
  171. });
  172. router.post("/delete", function (req, res, next) {
  173. console.log('----REQ IN DB----', req.body)
  174. var username = req.body.username
  175. var system = req.body.system
  176. if (username && system) {
  177. var selectQuery = format('DELETE FROM USERS WHERE username=%L AND system=%L', username, system)
  178. const token = req.body.token || req.query.token || req.headers['x-access-token'];
  179. if (token) {
  180. // verifies secret and checks exp
  181. jwt.verify(token, config.get('secretKey'), function (err, decoded) {
  182. if (err) {
  183. return res.json({ success: false, message: 'Failed to authenticate token.' });
  184. } else {
  185. pool.query(selectQuery, (err, resp) => {
  186. if (err) {
  187. console.log('----ERROR IN DB----', err)
  188. res.json({ message: 'DB Error', success: false, "Error": err.detail })
  189. }
  190. else {
  191. console.log('----RESP IN DB----', resp)
  192. var response = resp.rowCount && resp.rowCount || 0
  193. if (response == 0) {
  194. res.json({ message: 'No USER Found', success: false })
  195. }
  196. else {
  197. res.json({ message: 'Delete USER Success', success: true })
  198. }
  199. }
  200. // pool.end()
  201. })
  202. }
  203. });
  204. } else {
  205. return res.status(403).send({
  206. success: false,
  207. message: 'No token provided.'
  208. });
  209.  
  210. }
  211. }
  212. else {
  213. res.json({ Message: 'Field Missing', success: false })
  214. }
  215. });
  216. router.post("/getUser", function (req, res, next) {
  217. console.log('----REQ IN DB----', req.body)
  218. var username = req.body.username
  219. var system = req.body.system
  220. if (username && system) {
  221. var selectQuery = format('SELECT name,username,role,email FROM USERS WHERE username=%L AND system=%L', username, system)
  222.  
  223. const token = req.body.token || req.query.token || req.headers['x-access-token'];
  224. if (token) {
  225. // verifies secret and checks exp
  226. jwt.verify(token, config.get('secretKey'), function (err, decoded) {
  227. if (err) {
  228. return res.json({ success: false, message: 'Failed to authenticate token.' });
  229. } else {
  230. pool.query(selectQuery, (err, resp) => {
  231. if (err) {
  232. console.log('----ERROR IN DB----', err)
  233. res.json({ message: 'DB Error', success: false, "Error": err.detail })
  234. }
  235. else {
  236. console.log('----RESP IN DB----', resp)
  237. var response = resp.rows.length != 0 && resp.rows || []
  238. if (resp.rowCount == 0) {
  239. res.json({ message: 'No USER Found', success: false, Roles: response })
  240. }
  241. else {
  242. res.json({ message: 'Fetch Success', success: true, Roles: response })
  243. }
  244. }
  245. // pool.end()
  246. })
  247. }
  248. });
  249.  
  250. } else {
  251. return res.status(403).send({
  252. success: false,
  253. message: 'No token provided.'
  254. });
  255.  
  256. }
  257.  
  258. }
  259. else {
  260. res.json({ Message: 'Field Missing', success: false })
  261. }
  262. });
  263.  
  264. module.exports = router;
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!