fix: user session management
This commit is contained in:
@@ -1,3 +0,0 @@
|
||||
DATABASE_URL=postgresql://user:password@localhost:5432/brew
|
||||
JWT_SECRET=your_jwt_secret_here
|
||||
PORT=5000
|
||||
@@ -11,11 +11,29 @@ const PORT = process.env.PORT || 5000;
|
||||
app.use(cors());
|
||||
app.use(express.json());
|
||||
|
||||
// Middleware to verify JWT token
|
||||
const authenticateToken = (req, res, next) => {
|
||||
const authHeader = req.headers['authorization'];
|
||||
const token = authHeader && authHeader.split(' ')[1];
|
||||
|
||||
if (!token) return res.status(401).json({ error: 'No token provided' });
|
||||
|
||||
jwt.verify(token, process.env.JWT_SECRET || 'fallback_secret', (err, user) => {
|
||||
if (err) return res.status(403).json({ error: 'Invalid token' });
|
||||
req.user = user;
|
||||
next();
|
||||
});
|
||||
};
|
||||
|
||||
// Registration
|
||||
app.post('/api/register', async (req, res) => {
|
||||
try {
|
||||
const { username, email, password } = req.body;
|
||||
|
||||
if (!username || !email || !password) {
|
||||
return res.status(400).json({ error: 'All fields are required' });
|
||||
}
|
||||
|
||||
// Check if user exists
|
||||
const userExists = await pool.query('SELECT * FROM users WHERE email = $1 OR username = $2', [email, username]);
|
||||
if (userExists.rows.length > 0) {
|
||||
@@ -32,7 +50,7 @@ app.post('/api/register', async (req, res) => {
|
||||
[username, email, passwordHash]
|
||||
);
|
||||
|
||||
res.status(201).json({ user: newUser.rows[0] });
|
||||
res.status(201).json({ message: 'Registration successful', user: newUser.rows[0] });
|
||||
} catch (err) {
|
||||
console.error(err);
|
||||
res.status(500).json({ error: 'Server error' });
|
||||
@@ -44,6 +62,10 @@ app.post('/api/login', async (req, res) => {
|
||||
try {
|
||||
const { email, password } = req.body;
|
||||
|
||||
if (!email || !password) {
|
||||
return res.status(400).json({ error: 'Email and password are required' });
|
||||
}
|
||||
|
||||
// Find user
|
||||
const user = await pool.query('SELECT * FROM users WHERE email = $1', [email]);
|
||||
if (user.rows.length === 0) {
|
||||
@@ -60,7 +82,7 @@ app.post('/api/login', async (req, res) => {
|
||||
const token = jwt.sign(
|
||||
{ id: user.rows[0].id, username: user.rows[0].username },
|
||||
process.env.JWT_SECRET || 'fallback_secret',
|
||||
{ expiresIn: '1h' }
|
||||
{ expiresIn: '24h' }
|
||||
);
|
||||
|
||||
res.json({ token, user: { id: user.rows[0].id, username: user.rows[0].username, email: user.rows[0].email } });
|
||||
@@ -70,6 +92,25 @@ app.post('/api/login', async (req, res) => {
|
||||
}
|
||||
});
|
||||
|
||||
app.listen(PORT, () => {
|
||||
console.log(\`Server running on port \${PORT}\`);
|
||||
// Get user profile (protected route)
|
||||
app.get('/api/profile', authenticateToken, async (req, res) => {
|
||||
try {
|
||||
const user = await pool.query('SELECT id, username, email, created_at FROM users WHERE id = $1', [req.user.id]);
|
||||
if (user.rows.length === 0) {
|
||||
return res.status(404).json({ error: 'User not found' });
|
||||
}
|
||||
res.json(user.rows[0]);
|
||||
} catch (err) {
|
||||
console.error(err);
|
||||
res.status(500).json({ error: 'Server error' });
|
||||
}
|
||||
});
|
||||
|
||||
// Verify token
|
||||
app.post('/api/verify-token', authenticateToken, (req, res) => {
|
||||
res.json({ valid: true, user: req.user });
|
||||
});
|
||||
|
||||
app.listen(PORT, () => {
|
||||
console.log(`Server running on port ${PORT}`);
|
||||
});
|
||||
|
||||
@@ -4,6 +4,7 @@
|
||||
"description": "",
|
||||
"main": "index.js",
|
||||
"scripts": {
|
||||
"start": "node index.js",
|
||||
"test": "echo \"Error: no test specified\" && exit 1"
|
||||
},
|
||||
"keywords": [],
|
||||
|
||||
Reference in New Issue
Block a user