Commit 1fac56ac authored by Tobias Ingebrigt Ørstad's avatar Tobias Ingebrigt Ørstad
Browse files

Merge branch '95-backend-cleanup' into 'dev'

Added hashing of passwords

Closes #95

See merge request tobiasio/progark-gruppe-3!105
parents 24eb33e3 d4346d12
const express = require("express"); const express = require("express");
const router = express.Router(); const router = express.Router();
const mongo = require("mongodb"); const mongo = require("mongodb");
const bcrypt = require("bcrypt");
const MongoClient = mongo.MongoClient; const MongoClient = mongo.MongoClient;
const connectionUrl = process.env.MONGO_CONNECTION_STRING; const connectionUrl = process.env.MONGO_CONNECTION_STRING;
const saltRounds = 10;
router.get("/username/:playerId", (req, res) => { router.get("/username/:playerId", (req, res) => {
// Connect to database // Connect to database
...@@ -67,14 +69,30 @@ router.get("/login/:username/:password", (req, res) => { ...@@ -67,14 +69,30 @@ router.get("/login/:username/:password", (req, res) => {
db.collection(collection) db.collection(collection)
.find({ .find({
name: req.params.username, name: req.params.username,
password: req.params.password,
}) })
.toArray((err, result) => { .toArray((err, result) => {
if (err) { if (err) {
res.sendStatus(500); res.sendStatus(500);
return; return;
} }
res.json(result); // Compares the given password with the encrypted password stored in the database,
// response is true on match, false else
bcrypt.compare(
req.params.password,
result[0].password,
(err, response) => {
if (err) {
res.sendStatus(500);
client.close();
return;
}
if (response) {
res.json(result);
} else {
res.json([]);
}
}
);
client.close(); client.close();
}); });
} }
...@@ -103,24 +121,30 @@ router.put("/", (req, res) => { ...@@ -103,24 +121,30 @@ router.put("/", (req, res) => {
res.status(400).send("Invalid parameters"); res.status(400).send("Invalid parameters");
return; return;
} }
//Hashes the password
// Inserts the user. Note that the name index is unique, inserting a user with an bcrypt.hash(req.body.password, saltRounds, (err, hash) => {
// already existing username will give an error. if (err) {
db.collection(collection).insertOne( res.sendStatus(500); // Internal server error
{ return;
name: req.body.username,
password: req.body.password,
dateJoined: date,
},
(err, result) => {
if (err) {
res.status(400).send("Already existing username"); // Internal server error
return;
}
res.json(result.ops[0]);
client.close();
} }
); // Inserts the user. Note that the name index is unique, inserting a user with an
// already existing username will give an error.
db.collection(collection).insertOne(
{
name: req.body.username,
password: hash,
dateJoined: date,
},
(err, result) => {
if (err) {
res.status(400).send("Already existing username");
return;
}
res.json(result.ops[0]);
client.close();
}
);
});
} }
); );
}); });
......
This diff is collapsed.
...@@ -10,6 +10,7 @@ ...@@ -10,6 +10,7 @@
"author": "", "author": "",
"license": "ISC", "license": "ISC",
"dependencies": { "dependencies": {
"bcrypt": "^4.0.1",
"body-parser": "^1.19.0", "body-parser": "^1.19.0",
"cors": "^2.8.5", "cors": "^2.8.5",
"express": "^4.17.1", "express": "^4.17.1",
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment