Hw04 auth

app.js

@@ -1,25 +1,31 @@
-const express = require('express')
-const logger = require('morgan')
-const cors = require('cors')
+import express from "express";
+import logger from "morgan";
+import cors from "cors";
+import router from "./routes/api/contactsRouter.js"; // Import your routes correctly
+import { router as usersRouter } from "./routes/api/usersRouter.js";
 
-const contactsRouter = require('./routes/api/contacts')
+const app = express();
 
-const app = express()
+const formatsLogger = app.get("env") === "development" ? "dev" : "short";
 
-const formatsLogger = app.get('env') === 'development' ? 'dev' : 'short'
+app.use(logger(formatsLogger));
+app.use(cors());
+app.use(express.json());
 
-app.use(logger(formatsLogger))
-app.use(cors())
-app.use(express.json())
+// Use proper route for contacts API
+app.use("/api/contacts", router);
 
-app.use('/api/contacts', contactsRouter)
+// http://localhost:3000/api/users
+app.use("/api/users", usersRouter);
 
 app.use((req, res) => {
-  res.status(404).json({ message: 'Not found' })
-})
+  res.status(404).json({ message: "Not found" });
+});
 
+// Central error handler
 app.use((err, req, res, next) => {
-  res.status(500).json({ message: err.message })
-})
+  console.error(err.stack);
+  res.status(500).json({ message: err.message });
+});
 
-module.exports = app
+export { app };

controllers/contactsController.js

@@ -0,0 +1,94 @@
+import { Contact } from "../models/contactsModel.js";
+// prettier-ignore
+import { contactValidation, favoriteValidation } from "../validations/validation.js";
+import { httpError } from "../helpers/httpError.js";
+
+const getAllContacts = async (req, res) => {
+  const { page = 1, limit = 20, favorite } = req.query;
+  const query = favorite ? { favorite: true } : {};
+
+  const result = await Contact.find(query)
+    .skip((page - 1) * limit)
+    .limit(parseInt(limit));
+
+  res.json(result);
+};
+
+const getContactById = async (req, res) => {
+  const { contactId } = req.params;
+
+  const result = await Contact.findById(contactId);
+
+  if (!result) {
+    throw httpError(404, "Contact ID Not Found");
+  }
+
+  res.json(result);
+};
+
+const addContact = async (req, res) => {
+  const { error } = contactValidation.validate(req.body);
+
+  if (error) {
+    throw httpError(400, "missing required field");
+  }
+
+  const result = await Contact.create(req.body);
+
+  res.status(201).json(result);
+};
+
+const deleteContactById = async (req, res) => {
+  const { contactId } = req.params;
+
+  const result = await Contact.findByIdAndDelete(contactId);
+
+  if (!result) {
+    throw httpError(404);
+  }
+
+  res.json({
+    message: "Contact deleted",
+  });
+};
+
+const updateContactById = async (req, res) => {
+  const { error } = contactValidation.validate(req.body);
+  if (error) {
+    throw httpError(400, "missing fields");
+  }
+
+  const { contactId } = req.params;
+
+  const result = await Contact.findByIdAndUpdate(contactId, req.body, {
+    new: true,
+  });
+
+  if (!result) {
+    throw httpError(404);
+  }
+
+  res.json(result);
+};
+
+const updateStatusContact = async (req, res) => {
+  const { error } = favoriteValidation.validate(req.body);
+  if (error) {
+    throw httpError(400, "missing field favorite");
+  }
+
+  const { contactId } = req.params;
+
+  const result = await Contact.findByIdAndUpdate(contactId, req.body, {
+    new: true,
+  });
+
+  if (!result) {
+    throw httpError(404);
+  }
+
+  res.json(result);
+};
+
+// prettier-ignore
+export { getAllContacts, getContactById, addContact, deleteContactById, updateContactById, updateStatusContact};

controllers/usersController.js

@@ -0,0 +1,113 @@
+import bcrypt from "bcrypt";
+import jwt from "jsonwebtoken";
+import "dotenv/config";
+import { User } from "../models/usersModel.js";
+// prettier-ignore
+import { signupValidation, subscriptionValidation } from "../validations/validation.js";
+import { httpError } from "../helpers/httpError.js";
+
+const { SECRET_KEY } = process.env;
+
+const signupUser = async (req, res) => {
+  const { email, password } = req.body;
+
+  //  Registration validation error
+  const { error } = signupValidation.validate(req.body);
+  if (error) {
+    throw httpError(400, error.message);
+  }
+
+  // Registration conflict error
+  const user = await User.findOne({ email });
+  if (user) {
+    throw httpError(409, "Email in Use");
+  }
+
+  const hashPassword = await bcrypt.hash(password, 10);
+
+  const newUser = await User.create({ email, password: hashPassword });
+
+  // Registration success response
+  res.status(201).json({
+    user: {
+      email: newUser.email,
+      subscription: newUser.subscription,
+    },
+  });
+};
+
+const loginUser = async (req, res) => {
+  const { email, password } = req.body;
+
+  //  Login validation error
+  const { error } = signupValidation.validate(req.body);
+  if (error) {
+    throw httpError(401, error.message);
+  }
+
+  // Login auth error (email)
+  const user = await User.findOne({ email });
+  if (!user) {
+    throw httpError(401, "Email or password is wrong");
+  }
+
+  // Login auth error (password)
+  const isPasswordValid = await bcrypt.compare(password, user.password);
+  if (!isPasswordValid) {
+    throw httpError(401, "Email or password is wrong");
+  }
+
+  const payload = { id: user._id };
+  const token = jwt.sign(payload, SECRET_KEY, { expiresIn: "23h" });
+
+  await User.findByIdAndUpdate(user._id, { token });
+
+  //   Login success response
+  res.status(200).json({
+    token: token,
+    user: {
+      email: user.email,
+      subscription: user.subscription,
+    },
+  });
+};
+
+const logoutUser = async (req, res) => {
+  const { _id } = req.user;
+
+  // Logout unauthorized error (setting token to empty string will remove token -> will logout)
+  await User.findByIdAndUpdate(_id, { token: "" });
+
+  //   Logout success response
+  res.status(204).send();
+};
+
+const getCurrentUsers = async (req, res) => {
+  const { email, subscription } = req.user;
+
+  res.json({
+    email,
+    subscription,
+  });
+};
+
+const updateUserSubscription = async (req, res) => {
+  const { error } = subscriptionValidation.validate(req.body);
+  if (error) {
+    throw httpError(400, error.message);
+  }
+
+  const { _id } = req.user;
+
+  const updatedUser = await User.findByIdAndUpdate(_id, req.body, {
+    new: true,
+  });
+
+  res.json({
+    email: updatedUser.email,
+    subscription: updatedUser.subscription,
+  });
+};
+
+// prettier-ignore
+export { signupUser, loginUser, logoutUser, getCurrentUsers, updateUserSubscription };

helpers/ctrlWrapper.js

@@ -0,0 +1,12 @@
+const ctrlWrapper = (ctrl) => {
+  const func = async (req, res, next) => {
+    try {
+      await ctrl(req, res, next);
+    } catch (error) {
+      next(error);
+    }
+  };
+  return func;
+};
+
+export { ctrlWrapper };

helpers/httpError.js

@@ -0,0 +1,15 @@
+const messages = {
+  400: "Bad request",
+  401: "Unauthorized",
+  403: "Forbidden",
+  404: "Not found",
+  409: "Conflict",
+};
+
+const httpError = (status, message = messages[status]) => {
+  const error = new Error(message);
+  error.status = status;
+  return error;
+};
+
+export { httpError };

middlewares/authenticateToken.js

@@ -0,0 +1,30 @@
+import jwt from "jsonwebtoken";
+import { User } from "../models/usersModel.js";
+import { httpError } from "../helpers/httpError.js";
+import "dotenv/config";
+const { SECRET_KEY } = process.env;
+
+const authenticateToken = async (req, _res, next) => {
+  const { authorization = "" } = req.headers;
+  const [bearer, token] = authorization.split(" ");
+
+  if (bearer !== "Bearer") {
+    next(httpError(401, "Not authorized"));
+  }
+
+  try {
+    const { id } = jwt.verify(token, SECRET_KEY);
+    const user = await User.findById(id);
+
+    if (!user || user.token !== token || !user.token) {
+      next(httpError(401, "Not authorized"));
+    }
+
+    req.user = user;
+    next();
+  } catch {
+    next(httpError(401, "Not authorized"));
+  }
+};
+
+export { authenticateToken };