Merge pull request #9 from Lend-it/110_login

[NEW] Login
Lend-it · Mar 28, 2021 · e1210cd · e1210cd
2 parents 429371a + fc75851
commit e1210cd
Show file tree

Hide file tree

Showing 9 changed files with 176 additions and 1 deletion.
diff --git a/.env-example b/.env-example
@@ -1 +1,2 @@
 SALT_ROUNDS =
+SECRET =
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -39,6 +39,7 @@
     "bcrypt": "^5.0.1",
     "dotenv": "^8.2.0",
     "express": "^4.17.1",
+    "jsonwebtoken": "^8.5.1",
     "pg": "^8.5.1",
     "pg-hstore": "^2.3.3",
     "sequelize": "^6.5.0"

diff --git a/src/controllers/SessionController.js b/src/controllers/SessionController.js
@@ -0,0 +1,27 @@
+import User from '../models/User.js';
+import bcrypt from 'bcrypt';
+import generateToken from '../services/auth.js';
+
+export default {
+  async create(request, response) {
+    const { useremail, password } = request.body;
+
+    try {
+      const user = await User.findOne({
+        where: {
+          useremail,
+        },
+      });
+
+      if (!user || !(await bcrypt.compare(password, user.password))) {
+        return response.status(404).json({ error: 'Usuário/Senha inválidos' });
+      }
+
+      const token = generateToken({ useremail });
+
+      return response.status(201).json(token);
+    } catch (error) {
+      return response.status(500).json({ error: error.message });
+    }
+  },
+};
diff --git a/src/controllers/UserController.js b/src/controllers/UserController.js
@@ -1,5 +1,6 @@
 import User from '../models/User.js';
 import bcrypt from 'bcrypt';
+import generateToken from '../services/auth.js';
 
 const saltRounds = process.env.SALT_ROUNDS;
 
@@ -38,7 +39,9 @@ export default {
         longitude,
       });
 
-      return response.status(201).json(user);
+      const token = generateToken({ useremail });
+
+      return response.status(201).json({ user, token });
     } catch (error) {
       return response.status(500).json({ error: error.message });
     }

diff --git a/src/middlewares/auth.js b/src/middlewares/auth.js
@@ -0,0 +1,32 @@
+import jwt from 'jsonwebtoken';
+
+function verifyToken(request, response, next) {
+  const authHeader = request.headers.authorization;
+
+  if (!authHeader) {
+    return response.status(400).json({ error: 'Token não encontrado' });
+  }
+
+  const parts = authHeader.split(' ');
+
+  if (!parts.lenght == 2) {
+    return response.status(401).json({ error: 'Erro no token' });
+  }
+
+  const [scheme, token] = parts;
+
+  if (!/^Bearer$/i.test(scheme)) {
+    return response.status(401).json({ error: 'Token mal formatado' });
+  }
+
+  jwt.verify(token, process.env.SECRET, (err, decoded) => {
+    if (err) {
+      return response.status(401).json({ error: 'Token inválido' });
+    }
+
+    request.useremail = decoded.useremail;
+    return next();
+  });
+}
+
+export default verifyToken;
diff --git a/src/routes.js b/src/routes.js
@@ -1,9 +1,11 @@
 import { Router } from 'express';
 
 import userRouter from './routes/user.routes.js';
+import sessionRouter from './routes/session.routes.js';
 
 const routes = Router();
 
 routes.use('/users', userRouter);
+routes.use('/session', sessionRouter);
 
 export default routes;
diff --git a/src/routes/session.routes.js b/src/routes/session.routes.js
@@ -0,0 +1,9 @@
+import { Router } from 'express';
+
+import SessionController from '../controllers/SessionController.js';
+
+const sessionRouter = Router();
+
+sessionRouter.post('/', SessionController.create);
+
+export default sessionRouter;
diff --git a/src/services/auth.js b/src/services/auth.js
@@ -0,0 +1,9 @@
+import jwt from 'jsonwebtoken';
+
+function generateToken(params = {}) {
+  return jwt.sign(params, process.env.SECRET, {
+    expiresIn: 86400,
+  });
+}
+
+export default generateToken;