fake-api-jwt-json-server/server.js at master · fabricadecodigo/fake-api-jwt-json-server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
const fs = require('fs')
const bodyParser = require('body-parser')
const jsonServer = require('json-server')
const jwt = require('jsonwebtoken')

const server = jsonServer.create()
const router = jsonServer.router('./barbearia-db.json')
const userdb = JSON.parse(fs.readFileSync('./users.json', 'UTF-8'))

server.use(bodyParser.urlencoded({ extended: true }))
server.use(bodyParser.json())
server.use(jsonServer.defaults());

const SECRET_KEY = '123456789'

const expiresIn = '1h'

// Create a token from a payload
function createToken(payload){
  return jwt.sign(payload, SECRET_KEY, {expiresIn})
}

// Verify the token
function verifyToken(token) {
  return jwt.verify(token, SECRET_KEY, (err, decode) => {
    let result = {};
    if (decode !== undefined) {
      result = {
        success: true,
        ...decode
      }
    } else {
      result = {
        success: false,
        ...err
      }
    }
    return result;
  })
}

// Check if the user exists in database
function isAuthenticated({email, password}){
  return userdb.users.findIndex(user => user.email === email && user.password === password) !== -1
}


server.post('/auth/login', (req, res) => {
  const {email, password} = req.body
  if (isAuthenticated({email, password}) === false) {
    const status = 401
    const message = 'Incorrect email or password'
    res.status(status).json({status, message})
    return
  }
  const access_token = createToken({email, password})
  res.status(200).json({access_token})
})

server.use(/^(?!\/auth).*$/, (req, res, next) => {
  const path = req.baseUrl;
  const blockedEndpoints = ['/schedules'];

  if (blockedEndpoints.indexOf(path) >= 0) {
    if (req.headers.authorization === undefined || req.headers.authorization.split(' ')[0] !== 'Bearer') {
      const status = 403
      const message = 'Error in authorization format'
      res.status(status).json({ status, message })
      return
    }
    try {
      const result = verifyToken(req.headers.authorization.split(' ')[1]);
      if (result.success) {
        next()
      } else {
        throw result;
      }
    } catch (err) {
      const status = 401
      res.status(status).json(err)
    }
  } else {
    next();
  }
})

server.use(router)

server.listen(3000, () => {
  console.log('Run Auth API Server')
})