Skip to content
Snippets Groups Projects
Commit 6a720d0b authored by mhdaltaweel's avatar mhdaltaweel
Browse files

Merge branch 'main' of https://gitlab.univ-lorraine.fr/villaum55u/dp_projet into creation_compte

 Conflicts:
	app.js
	package-lock.json
	package.json
parents 999147ba 810a3a48
No related branches found
No related tags found
1 merge request!1Creation compte
.env 0 → 100644
SECRET=b528de99b1ee795573b242b41872f257d7e7ad95a2a0801b93c90886e5162798
\ No newline at end of file
...@@ -2,6 +2,11 @@ const path = require('path'); ...@@ -2,6 +2,11 @@ const path = require('path');
const express = require('express'); const express = require('express');
const app = express(); const app = express();
const db = require('./db/Database.js'); const db = require('./db/Database.js');
const auth = require('./controller/AuthController.js');
const bodyParser = require('body-parser');
const cookieParser = require('cookie-parser');
const app = express();
...@@ -10,20 +15,27 @@ const db = require('./db/Database.js'); ...@@ -10,20 +15,27 @@ const db = require('./db/Database.js');
const viewsPath = path.join(__dirname, 'views'); const viewsPath = path.join(__dirname, 'views');
app.set("views", viewsPath); app.set("views", viewsPath);
app.set("view engine", "ejs"); app.set("view engine", "ejs");
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());
app.use(cookieParser());
// Pour analyser les corps des requêtes POST en format URL-encoded // Pour analyser les corps des requêtes POST en format URL-encoded
app.use(express.urlencoded({ extended: true })); app.use(express.urlencoded({ extended: true }));
// Ajoute ceci pour les fichiers statiques depuis le dossier public // Ajoute ceci pour les fichiers statiques depuis le dossier public
app.use(express.static(path.join(__dirname, 'public'))); app.use(express.static(path.join(__dirname, 'public')));
app.use(auth.authenticate);
//chemin d'accès //chemin d'accès
app.get("/", defaut).get("/accueil",defaut); app.get("/", defaut).get("/accueil",defaut);
app.get("/db/:collection", collection).get("/db", dbAdmin); app.get("/db/:collection", collection).get("/db", dbAdmin);
app.get("/login", (req, res) => res.render("login")).post("/login", postLogin);
app.all("*", (req, res) => res.status(404).send("<h1>Il semblerait que cette page n'existe pas.</h1>"));
//route pour creation compte
//route pour creation compte
app.get("/signup" , (req ,res)=>{ app.get("/signup" , (req ,res)=>{
res.render("signup", { title: 'Inscription' }); res.render("signup", { title: 'Inscription' });
}); });
...@@ -39,7 +51,7 @@ app.post('/signup', async (req, res) => { ...@@ -39,7 +51,7 @@ app.post('/signup', async (req, res) => {
const hashedPassword = await bcrypt.hash(password, saltRounds); const hashedPassword = await bcrypt.hash(password, saltRounds);
// Insère les données dans la base de données // Insère les données dans la base de données
await db.insert('users', { username, email, password:hashedPassword }); await db.insert('users', { username, email, password:hashedPassword });
res.send('Inscription réussie'); res.send('Inscription réussie');
} catch (error) { } catch (error) {
...@@ -49,11 +61,6 @@ app.post('/signup', async (req, res) => { ...@@ -49,11 +61,6 @@ app.post('/signup', async (req, res) => {
}); });
app.all("*", (req, res) => res.status(404).send("<h1>Il semblerait que cette page n'existe pas.</h1>"));
function defaut(req, res){ function defaut(req, res){
const ind = {method : req.method, url : req.url} const ind = {method : req.method, url : req.url}
...@@ -71,5 +78,16 @@ async function dbAdmin(req, res){ ...@@ -71,5 +78,16 @@ async function dbAdmin(req, res){
res.render("db/admin", {collections}); res.render("db/admin", {collections});
} }
async function postLogin(req, res){
let { username, password } = req.body;
let token = await auth.checkLogin(username, password);
if (token == -1) {
res.render("login",{username, password, error: "Il semblerait que le nom d'utilisateur ou le mot de passe soit incorrect."});
} else {
res.cookie("accessToken", token, {httpOnly: true});
res.redirect("/accueil");
}
}
module.exports = app; module.exports = app;
\ No newline at end of file
const db = require('../db/Database.js');
const { createHash } = require('crypto');
const jwt = require('jsonwebtoken');
const dotenv = require('dotenv');
async function checkLogin(username, password) {
let user = await db.find("users",{username: username});
if(user.length == 0){
return -1; //pas d'utilitisateur avec ce nom
}
let salt = user[0].salt;
password = salt+password;
let hash = createHash("sha256").update(password).digest("hex"); //hash du mot de passe rentré
if (hash != user[0].password){
return -1; //mot de passe incorrect
} else {
dotenv.config();
let token = jwt.sign({id: user[0]._id, username: user[0].username}, process.env.SECRET, {expiresIn: "3h"});
return token; //mot de passe correct
}
}
function authenticate(req, res, next) {
try {
let token = req.cookies.accessToken;
let user = jwt.verify(token, process.env.SECRET);
res.locals.user = user;
next();
} catch {
next();
}
}
module.exports = {checkLogin, authenticate};
\ No newline at end of file
const crypto = require('crypto');
const secretKey = crypto.randomBytes(32).toString('hex');
console.log('SECRET='+secretKey);
\ No newline at end of file
This diff is collapsed.
...@@ -6,6 +6,7 @@ ...@@ -6,6 +6,7 @@
"scripts": { "scripts": {
"start": "node index.js", "start": "node index.js",
"serv_start": "node server.js", "serv_start": "node server.js",
"secretKey": "node keyGen.js",
"test": "echo \"Error: no test specified\" && exit 1" "test": "echo \"Error: no test specified\" && exit 1"
}, },
"repository": { "repository": {
...@@ -16,9 +17,12 @@ ...@@ -16,9 +17,12 @@
"license": "ISC", "license": "ISC",
"dependencies": { "dependencies": {
"bcrypt": "^5.1.1", "bcrypt": "^5.1.1",
"body-parser": "^1.20.2",
"cookie-parser": "^1.4.6",
"dotenv": "^16.3.1",
"ejs": "^3.1.9", "ejs": "^3.1.9",
"express": "^4.18.2", "express": "^4.18.2",
"mongodb": "^6.2.0", "jsonwebtoken": "^9.0.2",
"mongoose": "^8.0.1" "mongodb": "^6.2.0"
} }
} }
...@@ -5,8 +5,11 @@ ...@@ -5,8 +5,11 @@
</head> </head>
<body> <body>
<h1>Requête reçu</h1> <h1>Requête reçu</h1>
<p> <p> La requête <%= method %> a été reçu à l'adresse <%= url %> </p>
La requête <%= method %> a été reçu à l'adresse <%= url %> <% if (locals.user) {%>
</p> <p>Bonjour <%= locals.user.username %></p>
<% } else { %>
<p>Vous n'êtes pas connecté</p>
<% } %>
</body> </body>
</html> </html>
\ No newline at end of file
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="UTF-8">
<title>Connexion</title>
</head>
<body>
<h1>Connexion</h1>
<form action="/login" method="post">
<input type="text" name="username" value="<%= locals.username ?? '' %>">
<input type="password" name="password" value="<%= locals.password ?? '' %>">
<input type="submit" value="Se connecter">
</form>
<% if (locals.error) {%>
<p><%= locals.error %></p>
<% } %>
</body>
</html>
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment