From 5307b1d53b8396d4d3eccc231fe4d37c8a08a5e3 Mon Sep 17 00:00:00 2001
From: Valentin <valentin.henriques@etu.univ-amu.fr>
Date: Sun, 10 Dec 2023 22:40:00 +0100
Subject: [PATCH] =?UTF-8?q?Mise=20en=20place=20d=C3=A9connection?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
db/database.db | Bin 20480 -> 24576 bytes
index.js | 3 ++-
migrations/001-db.sql | 4 ++++
src/routes/auth/authDisconnect.js | 22 ++++++++++++++++++++++
src/routes/auth/authLogin.js | 6 +-----
src/routes/auth/authMiddleware.js | 15 ++++++---------
src/routes/auth/authSignup.js | 8 +-------
7 files changed, 36 insertions(+), 22 deletions(-)
create mode 100644 src/routes/auth/authDisconnect.js
diff --git a/db/database.db b/db/database.db
index 040e3be80b52c758fa2ceae725fca695716aebdf..ef9e61a81ab022667b3de14a2853a19442bd0565 100644
GIT binary patch
delta 490
zcmZozz}Rqrae}lU3j+fK8v_EcPSi0LXJODQTExr1z`)8gg@Hekub;P;=QYoijg4|V
z;i0T-;_B***(HfdIjNa>Wr;bNDe)!w*{OLb95&}5SH}=ng%C$4A6EqwDFqE)E(HYz
z1+XTC5Z8zhUM|heuX&`ISwb1OLN_*gb8&QQFtRfUPKn$+QR*tw<mWQH@&t_794EU>
ziGzuMB?JEl{*{{r4QBHvGcdR^u`-A@vX<nR<f|AZsTdll6oh0~>3dd|hniS8r+B7E
zW#$B0Mx};Slo&;(l?Ivyl)B|cdZy`_xdbJdX1fICm82(EhVwD9Fo=sMrsQVkfeBF1
zF!HA|@TYDTREXxUZ<JtUZZc1;^vXzbPtNqu^zsa?@-+0z^epzw3o=c1_B8X%E{F(o
z_OjGVt@JWXHVUis%qlSV%+1O6%*wA!3og%040ki|%*wCut8%RL%?dQ|&2laGarVkd
z^>EDe&vG^Pb@8n9b4fPw4RNy6Gbt|&4$m?&OAW{=kI+q#iT5q^cl9VYs|*d+P4tPV
R$~MhSHce0Q4+x3O2LMk;k+T2*
delta 413
zcmZoTz}T>Wae}lU8v_FaD+2<sOw=(JWn<7QTExr1z`(-unt?x(ub;P;=k;bmg>s(F
zuX&`ISvncGIyW}fb8&Q)FtRfUPA=RWD|MA=bDHctB|cWZ%MAP<_*d{J@=Nhu-Ylqa
zkgwjAm6buXk+meVBvZvGNyX4W#h}7BJs`+CIXu(CFgrgf#XsDnqD0Rl(9BTZ%f~Up
zFfcRGJhL>dRIk*a+||)7r68mvE7+9<VoYL5BGi}+FXxK9WMem@6h}SR(g;%%r!ptk
zQi~$XT+7^4H#Z|cf1hlBzxpt91M?&U3rqhhUrS4iU{_{{Ir$~|P;=6~b2I%56EiBk
z9TVLRgDkQvlKi9mE2<2W0@J<I3XIExvMdWqLV}WA!W_+#oV){zUGh`im{=La8(9-m
zax?Rw=2#SYq?@`{X1PSB`gnvGg}ND;W)}MEoA{Z!d3dCG2N%0Um8X_Qx)(%-I2wid
VTNoJx26(#jF|sg-i-XMp699n|bu0h?
diff --git a/index.js b/index.js
index 3a5cdd7..5ef99e5 100644
--- a/index.js
+++ b/index.js
@@ -24,7 +24,7 @@ import bcrypt from 'bcrypt';
import authSignup from './src/routes/auth/authSignup.js';
import authLogin from './src/routes/auth/authLogin.js';
import authMiddleware from './src/routes/auth/authMiddleware.js';
-
+import authDisconnect from './src/routes/auth/authDisconnect.js';
async function createDb() {
if(fs.existsSync('./db/database.db') == false){
const db = await open({
@@ -65,6 +65,7 @@ api.use(express.json());
api.use('/auth/signup',authSignup);
api.use('/auth/login',authLogin);
+api.use('/auth/disconnect', authDisconnect);
api.use('/hello',authMiddleware,helloRoute);
api.use('/monkey/deleteAll',monkeyDeletteAll);
diff --git a/migrations/001-db.sql b/migrations/001-db.sql
index 9e9552c..2424d4e 100644
--- a/migrations/001-db.sql
+++ b/migrations/001-db.sql
@@ -27,6 +27,10 @@ CREATE TABLE user (
password VARCHAR(50) NOT NULL
);
+CREATE TABLE invalid_token (
+ token TEXT
+);
+
-- Insertion des données dans la table 'user'
INSERT INTO user (id, username, password) VALUES
(1, 'admin', 'admin');
diff --git a/src/routes/auth/authDisconnect.js b/src/routes/auth/authDisconnect.js
new file mode 100644
index 0000000..c73eda7
--- /dev/null
+++ b/src/routes/auth/authDisconnect.js
@@ -0,0 +1,22 @@
+import express from 'express';
+import bcrypt from 'bcrypt';
+import jwt from 'jsonwebtoken';
+import sqlite from 'better-sqlite3';
+import dotenv from 'dotenv';
+dotenv.config();
+
+const router = express.Router();
+
+export let blacklistedTokens = [];
+
+router.post('/', (req, res) => {
+ const db = new sqlite('./db/database.db');
+ const token = req.header('x-auth-token');
+ if (!token) {
+ return res.status(401).json({ msg: 'Aucun token, autorisation refusée' });
+ }
+ db.prepare('INSERT INTO invalid_token (token) VALUES (?)').run(token);
+ res.json({ msg: 'Déconnecté avec succès' });
+});
+
+export default router;
\ No newline at end of file
diff --git a/src/routes/auth/authLogin.js b/src/routes/auth/authLogin.js
index 2a358fc..df8cc48 100644
--- a/src/routes/auth/authLogin.js
+++ b/src/routes/auth/authLogin.js
@@ -11,22 +11,18 @@ router.post('/', async (req, res) => {
try {
const { username, password } = req.body;
- // Ouvrez la base de données
const db = new sqlite('./db/database.db');
- // Vérifiez si l'utilisateur existe
let user = db.prepare('SELECT * FROM user WHERE username = ?').get(username);
if (!user) {
return res.status(400).json({ msg: 'Cet utilisateur n\'existe pas' });
}
- // Vérifiez le mot de passe
const isMatch = await bcrypt.compare(password, user.password);
if (!isMatch) {
return res.status(400).json({ msg: 'Mot de passe incorrect' });
}
- // Créez et renvoyez un token JWT
const payload = {
user: {
id: user.id
@@ -35,7 +31,7 @@ router.post('/', async (req, res) => {
jwt.sign(
payload,
- process.env.JWT_SECRET, // Assurez-vous d'avoir défini cette variable d'environnement
+ process.env.JWT_SECRET,
{ expiresIn: 3600 },
(err, token) => {
if (err) throw err;
diff --git a/src/routes/auth/authMiddleware.js b/src/routes/auth/authMiddleware.js
index ecd76ed..0bc4094 100644
--- a/src/routes/auth/authMiddleware.js
+++ b/src/routes/auth/authMiddleware.js
@@ -1,23 +1,20 @@
import jwt from 'jsonwebtoken';
import sqlite from 'better-sqlite3';
+
const authMiddleware = (req, res, next) => {
- // Récupérez le token du header de la requête
const token = req.header('x-auth-token');
-
- // Vérifiez si le token n'existe pas
+ const db = new sqlite('./db/database.db');
if (!token) {
return res.status(401).json({ msg: 'Aucun token, autorisation refusée' });
}
-
- // Vérifiez le token
+ let tokenExists = db.prepare('SELECT token FROM invalid_token WHERE token = ?').get(token);
+ if (tokenExists) {
+ return res.status(401).json({ msg: 'Token sur la liste noire, veuillez vous reconnecter' });
+ }
try {
const decoded = jwt.verify(token, process.env.JWT_SECRET);
- // Ouvrez la base de données
- const db = new sqlite('./db/database.db');
-
- // Vérifiez si l'utilisateur existe
let user = db.prepare('SELECT * FROM user WHERE id = ?').get(decoded.user.id);
if (!user) {
return res.status(401).json({ msg: 'Token non valide' });
diff --git a/src/routes/auth/authSignup.js b/src/routes/auth/authSignup.js
index 078a09f..7b4a865 100644
--- a/src/routes/auth/authSignup.js
+++ b/src/routes/auth/authSignup.js
@@ -11,26 +11,20 @@ router.post('/', async (req, res) => {
try {
const { username, password } = req.body;
- // Ouvrez la base de données
const db = new sqlite('./db/database.db');
- // Vérifiez si l'utilisateur existe déjà
let user = db.prepare('SELECT * FROM user WHERE username = ?').get(username);
if (user) {
return res.status(400).json({ msg: 'Cet utilisateur existe déjà' });
}
- // Hachez le mot de passe
const salt = await bcrypt.genSalt(10);
const hashedPassword = await bcrypt.hash(password, salt);
- // Créez un nouvel utilisateur
db.prepare('INSERT INTO user (username, password) VALUES (?, ?)').run(username, hashedPassword);
- // Récupérez l'utilisateur de la base de données
user = db.prepare('SELECT * FROM user WHERE username = ?').get(username);
- // Créez et renvoyez un token JWT
const payload = {
user: {
id: user.id
@@ -39,7 +33,7 @@ router.post('/', async (req, res) => {
jwt.sign(
payload,
- process.env.JWT_SECRET, // Assurez-vous d'avoir défini cette variable d'environnement
+ process.env.JWT_SECRET,
{ expiresIn: 3600 },
(err, token) => {
if (err) throw err;
--
GitLab