ambrosini

1. const bcrypt = require('bcrypt');
2. const fastify = require('fastify')({
3. logger: true,
4. ignoreTrailingSlash: true
5. });
6.  
7. const saltRounds = 10;
8. // Link utili per eseguire l'hash delle password e farne la verifica
9. // https://www.npmjs.com/package/bcrypt
10. // https://www.abeautifulsite.net/hashing-passwords-with-nodejs-and-bcrypt
11.  
12. fastify.register(require('fastify-jwt'), {
13. secret: 'supersecret'
14. })
15.  
16. const sql=require('mssql');
17.  
18. const config = {
19. user: 'sa',
20. password: 'momesso',
21. server: 'DESKTOP-IG00RD0\\SQLEXPRESS',
22. database: 'ITS-DAM',
23. options:{
24. encrypt: true
25. }
26. }
27.  
28.  
29. fastify.post('/api/account/register', async (request, reply) => {
30. let obj=request.body;
31. try {
32. let pool=await sql.connect(config);
33. let passwordHash = bcrypt.hashSync(obj.Password, saltRounds);
34. let result=await pool.request()
35. .input('Username',obj.Username)
36. .input('Password',passwordHash)
37. .input('FullName',obj.FullName)
38. .query('Insert into Users(Username,Password,FullName) values(@Username,@Password,@FullName)');
39.  
40. return {User: result.recordset};
41. pool.close();
42. } catch (error) {
43. console.log(error);
44. }
45. });
46.  
47.  
48. fastify.post('/token', async (request, reply) => {
49. // some code
50. let pool=await sql.connect(config);
51. let obj = request.body;
52.  
53. let result=await pool.request()
54. .input('Username',obj.Username)
55. .query('SELECT Username,Password from Users where Username=@Username');
56. //let passwordHash = bcrypt.hashSync(obj.Password, saltRounds);
57. let isOk = bcrypt.compareSync(obj.Password, result.recordset[0].Password);
58. if(obj.Username==result.recordset[0].Username && isOk==true) {
59. var user = {
60. id: 1,
61. username: obj.Username
62. };
63. const token = fastify.jwt.sign({ payload: user });
64. reply.send({ token });
65. }else{
66. reply.status(401).send({
67. statusCode: 401,
68. error: "Unauthorized",
69. message: "Inavalid username or passord."
70. });
71. }
72. });
73.  
74.  
75. fastify.get('/api/news', async (request, reply) => {
76. try {
77. let pool=await sql.connect(config);
78. let result=await pool.request().query('select * from News');
79.  
80. return {news: result.recordset};
81. pool.close();
82. } catch (error) {
83. console.log(error);
84. }
85. });
86.  
87.  
88. fastify.get('/verify', function (request, reply) {
89. request.jwtVerify(function (err, decoded) {
90. return reply.send(err || decoded)
91. })
92. });
93.  
94.  
95. fastify.register(async function (fastify, opts) {
96. fastify.addHook("onRequest", async (request, reply) => {
97. try {
98. await request.jwtVerify()
99. } catch (err) {
100. reply.send(err)
101. }
102. });
103.  
104. fastify.get('/', async (request, reply) => {
105. let tokenJwt = request.user;
106.  
107. return {
108. hello: 'world',
109. user: tokenJwt.payload
110. }
111. });
112.  
113. fastify.post('/api/news', async (request, reply) => {
114. let tokenJwt = request.user;
115.  
116. return {
117. hello: 'world',
118. user: tokenJwt.payload
119. }
120.  
121. let obj=request.body;
122. try {
123. let pool=await sql.connect(config);
124. let result=await pool.request()
125. .input('author',obj.Author)
126. .input('title',obj.Title)
127. .input('article',obj.Article)
128. .input('visible',obj.Visible)
129. .query('Insert into News(Author,Title,Article,Visible) values(@author,@title,@article,@visible)');
130.  
131. return {news: result.recordset};
132. pool.close();
133. } catch (error) {
134. console.log(error);
135. }
136. });
137. });
138.  
139. // Run the server!
140. const start = async () => {
141. try {
142. await fastify.listen(3000)
143. fastify.log.info(`server listening on ${fastify.server.address().port}`)
144. } catch (err) {
145. fastify.log.error(err)
146. process.exit(1)
147. }
148. }
149. start();