Compare revisions

HENRIQUES Valentin · HENRIQUES Valentin · 486d0aab · 486d0aab · 486d0aab · 486d0aab
--- a/db/database.db
+++ b/db/database.db
--- a/index.js
+++ b/index.js
@@ -24,6 +24,8 @@ import bcrypt from 'bcrypt';
 import authSignup from './src/routes/auth/authSignup.js';
 import authLogin from './src/routes/auth/authLogin.js';
 import authMiddleware from './src/routes/auth/authMiddleware.js';
+import authDisconnect from './src/routes/auth/authDisconnect.js';
+import authRefresh from './src/routes/auth/authRefresh.js';

 async function createDb() {
    if(fs.existsSync('./db/database.db') == false){
@@ -65,6 +67,8 @@ api.use(express.json());

 api.use('/auth/signup',authSignup);
 api.use('/auth/login',authLogin);
+api.use('/auth/disconnect', authDisconnect);
+api.use('/auth/refresh', authRefresh);

 api.use('/hello',authMiddleware,helloRoute);
 api.use('/monkey/deleteAll',monkeyDeletteAll);

--- a/migrations/001-db.sql
+++ b/migrations/001-db.sql
@@ -27,6 +27,19 @@ CREATE TABLE user (
    password VARCHAR(50) NOT NULL
 );

+CREATE TABLE invalid_token (
+    token TEXT
+);
+
+CREATE TABLE refresh_tokens (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id INTEGER,
+    token TEXT NOT NULL,
+    expiry_date TIMESTAMP NOT NULL,
+    FOREIGN KEY(user_id) REFERENCES users(id)
+);
+
+
 -- Insertion des données dans la table 'user'
 INSERT INTO user (id, username, password) VALUES
 (1, 'admin', 'admin');

--- a/src/DAO/MonkeyDbDAO.js
+++ b/src/DAO/MonkeyDbDAO.js
@@ -21,6 +21,25 @@ class MonkeyDbDAO extends IMonkeyDAO{
            filename: './db/database.db',
            driver: sqlite3.Database
        });
+        const dataMonkey = await this.db.get('SELECT * FROM monkey WHERE id = ?', [monkey.id]);
+        if(monkey.name == null){
+            monkey.name = dataMonkey.name;
+        }
+        if(monkey.speciesId == null){
+            monkey.speciesId = dataMonkey.speciesId;
+        }
+        if(monkey.sex == null){
+            monkey.sex = dataMonkey.sex
+        }
+        if(monkey.age == null){
+            monkey.age = dataMonkey.age;
+        }
+        if(monkey.birthLoc == null){
+            monkey.birthLoc = dataMonkey.birthLoc;
+        }
+        if(monkey.liveLoc == null){
+            monkey.liveLoc = dataMonkey.liveLoc;
+        }
        await this.db.run('UPDATE monkey SET name = ?, speciesId = ?, sex=?, age = ?, birthLoc = ?, liveLoc = ? WHERE id = ?',[monkey.name, monkey.speciesId, monkey.sex, monkey.age, monkey.birthLoc, monkey.liveLoc, monkey.id]);
    }
    async delete(id){

--- a/src/DAO/SpeciesDbDAO.js
+++ b/src/DAO/SpeciesDbDAO.js
@@ -19,6 +19,22 @@ class SpeciesDbDAO extends ISpeciesDAO{
            filename: './db/database.db',
            driver: sqlite3.Database
        });
+        const dataSpecies = await this.db.get('SELECT * FROM species WHERE id = ?', [species.id]);
+        if(species.name == null){
+            species.name = dataSpecies.name;
+        }
+        if(species.habitat == null){
+            species.habitat = dataSpecies.habitat;
+        }
+        if(species.height == null){
+            species.height = dataSpecies.height;
+        }
+        if(species.weight == null){
+            species.weight = dataSpecies.weight;
+        }
+        if(species.diet == null){
+            species.diet = dataSpecies.diet;
+        }
        await this.db.run('UPDATE species SET name = ?, habitat = ?, height = ?, weight = ?, diet = ? WHERE id = ?', [species.name, species.habitat, species.height, species.weight, species.diet, species.id]);
    }


--- a/src/routes/auth/authDisconnect.js
+++ b/src/routes/auth/authDisconnect.js
+import express from 'express';
+import bcrypt from 'bcrypt';
+import jwt from 'jsonwebtoken';
+import sqlite from 'better-sqlite3';
+import dotenv from 'dotenv';
+dotenv.config();
+
+const router = express.Router();
+
+export let blacklistedTokens = [];
+
+router.post('/', (req, res) => {
+    const db = new sqlite('./db/database.db');
+    const token = req.header('x-auth-token');
+    if (!token) {
+        return res.status(401).json({ msg: 'Aucun token, autorisation refusée' });
+    }
+    db.prepare('INSERT INTO invalid_token (token) VALUES (?)').run(token);
+    res.json({ msg: 'Déconnecté avec succès' });
+});
+
+export default router;
\ No newline at end of file
--- a/src/routes/auth/authLogin.js
+++ b/src/routes/auth/authLogin.js
@@ -11,41 +11,38 @@ router.post('/', async (req, res) => {
    try {
        const { username, password } = req.body;

-        // Ouvrez la base de données
        const db = new sqlite('./db/database.db');

-        // Vérifiez si l'utilisateur existe
        let user = db.prepare('SELECT * FROM user WHERE username = ?').get(username);
        if (!user) {
            return res.status(400).json({ msg: 'Cet utilisateur n\'existe pas' });
        }

-        // Vérifiez le mot de passe
        const isMatch = await bcrypt.compare(password, user.password);
        if (!isMatch) {
            return res.status(400).json({ msg: 'Mot de passe incorrect' });
        }

-        // Créez et renvoyez un token JWT
        const payload = {
            user: {
                id: user.id
            }
        };

-        jwt.sign(
-            payload,
-            process.env.JWT_SECRET, // Assurez-vous d'avoir défini cette variable d'environnement
-            { expiresIn: 3600 },
-            (err, token) => {
-                if (err) throw err;
-                res.json({ token });
-            }
-        );
+        const accessToken = jwt.sign(payload, process.env.JWT_SECRET, { expiresIn: '15m' });
+        const refreshToken = jwt.sign(payload, process.env.JWT_SECRET, { expiresIn: '7d' });
+
+        // Stockez le refresh token dans la base de données
+        //db.prepare('INSERT INTO refresh_tokens (user_id, token, expiry_date) VALUES (?, ?, datetime("now", "+7 day"))').run(user.id, refreshToken);
+
+
+        res.json({ accessToken, refreshToken });
    } catch (err) {
        console.error(err.message);
        res.status(500).send('Erreur du serveur');
    }
 });

+
+
 export default router;
--- a/src/routes/auth/authMiddleware.js
+++ b/src/routes/auth/authMiddleware.js
 import jwt from 'jsonwebtoken';
 import sqlite from 'better-sqlite3';

+
 const authMiddleware = (req, res, next) => {
-    // Récupérez le token du header de la requête
    const token = req.header('x-auth-token');
-
-    // Vérifiez si le token n'existe pas
+    const db = new sqlite('./db/database.db');
    if (!token) {
        return res.status(401).json({ msg: 'Aucun token, autorisation refusée' });
    }
-
-    // Vérifiez le token
+    let tokenExists = db.prepare('SELECT token FROM invalid_token WHERE token = ?').get(token);
+    if (tokenExists) {
+        return res.status(401).json({ msg: 'Token sur la liste noire, veuillez vous reconnecter' });
+    }
    try {
        const decoded = jwt.verify(token, process.env.JWT_SECRET);

-        // Ouvrez la base de données
-        const db = new sqlite('./db/database.db');
-
-        // Vérifiez si l'utilisateur existe
        let user = db.prepare('SELECT * FROM user WHERE id = ?').get(decoded.user.id);
        if (!user) {
            return res.status(401).json({ msg: 'Token non valide' });

--- a/src/routes/auth/authRefresh.js
+++ b/src/routes/auth/authRefresh.js
+import express from 'express';
+import bcrypt, { compare } from 'bcrypt';
+import jwt from 'jsonwebtoken';
+import sqlite from 'better-sqlite3';
+import dotenv from 'dotenv';
+dotenv.config();
+
+const router = express.Router();
+
+router.post('/refresh', (req, res) => {
+    const refreshToken = req.body.token;
+
+    // Vérifiez si le refresh token est valide
+
+    jwt.verify(refreshToken, process.env.JWT_SECRET, (err, user) => {
+        if (err) return res.sendStatus(403);
+
+        const accessToken = jwt.sign({ id: user.id }, process.env.JWT_SECRET, { expiresIn: '15m' });
+
+        res.json({ accessToken });
+    });
+});
+
+export default router;
\ No newline at end of file
--- a/src/routes/auth/authSignup.js
+++ b/src/routes/auth/authSignup.js
@@ -11,26 +11,20 @@ router.post('/', async (req, res) => {
    try {
        const { username, password } = req.body;

-        // Ouvrez la base de données
        const db = new sqlite('./db/database.db');

-        // Vérifiez si l'utilisateur existe déjà
        let user = db.prepare('SELECT * FROM user WHERE username = ?').get(username);
        if (user) {
            return res.status(400).json({ msg: 'Cet utilisateur existe déjà' });
        }

-        // Hachez le mot de passe
        const salt = await bcrypt.genSalt(10);
        const hashedPassword = await bcrypt.hash(password, salt);

-        // Créez un nouvel utilisateur
        db.prepare('INSERT INTO user (username, password) VALUES (?, ?)').run(username, hashedPassword);

-        // Récupérez l'utilisateur de la base de données
        user = db.prepare('SELECT * FROM user WHERE username = ?').get(username);

-        // Créez et renvoyez un token JWT
        const payload = {
            user: {
                id: user.id
@@ -39,7 +33,7 @@ router.post('/', async (req, res) => {

        jwt.sign(
            payload,
-            process.env.JWT_SECRET, // Assurez-vous d'avoir défini cette variable d'environnement
+            process.env.JWT_SECRET, 
            { expiresIn: 3600 },
            (err, token) => {
                if (err) throw err;
No results found