Merge pull request #4 from HelloSniperMonkey/main

added authorisation using jwt and also added api endpoint for login

.gitignore

@@ -90,6 +90,7 @@ out
 # Nuxt.js build / generate output
 .nuxt
 dist
+/public 
 
 # Gatsby files
 .cache/

README.md

@@ -12,7 +12,14 @@
 -   Open the `.env` file and enter the MongoDB URL (Soumyajyoti has it)
     ```
     URL="mongodb+srv://username:password@mongoatlascluster"
+    JWT_SECRET="..."
     ```
+-   you can add any string as jwt secret but it would be prefferd if you make a new js file and put
+    ```
+    console.log(require('crypto').randomBytes(64).toString('hex'))
+    ```
+    the output that comes out is cryptoghapically secure and is preffred as the new JWT_SECRET key
+
 -   Run locally
     ```bash
     npm run serve

models/Mentor.ts

@@ -14,6 +14,10 @@ const mentorSchema = new Schema({
 		required: true,
 		unique: true,
 	},
+	password: {
+		type: String,
+		required: true,
+	},
 	phoneno: {
 		type: String,
 		required: true,
@@ -31,12 +35,12 @@ const mentorSchema = new Schema({
 	gitlabProfile: {
 		type: String,
 		required: false,
-		unique: true,
+		sparse: true,
 	},
 	otherProfile: {
 		type: String,
 		required: false,
-		unique: true,
+		sparse: true,
 	},
 	projectList: {
 		type: Array<String>,

models/Student.ts

@@ -14,6 +14,10 @@ const studentSchema = new Schema({
 		required: true,
 		unique: true,
 	},
+	password: {
+		type: String,
+		required: true,
+	},
 	institute: {
 		type: String,
 		required: true,
@@ -26,7 +30,7 @@ const studentSchema = new Schema({
 	profilePage: {
 		type: String,
 		required: false,
-		unique: true,
+		sparse: true,
 	},
 	githubProfile: {
 		type: String,
@@ -36,12 +40,12 @@ const studentSchema = new Schema({
 	gitlabProfile: {
 		type: String,
 		required: false,
-		unique: true,
+		sparse: true,
 	},
 	otherProfile: {
 		type: String,
 		required: false,
-		unique: true,
+		sparse: true,
 	},
 	firstTime: {
 		type: Boolean,

package.json

@@ -16,14 +16,16 @@
 		"@types/body-parser": "^1.19.2",
 		"@types/express-validator": "^3.0.0",
 		"body-parser": "^1.20.2",
-		"express": "^4.18.2",
+		"cookie-parser": "^1.4.7",
+		"express": "^4.21.2",
 		"express-validator": "^7.0.1",
 		"mongodb": "^5.6.0",
 		"mongoose": "^7.2.3",
 		"rimraf": "^4.1.2"
 	},
 	"devDependencies": {
-		"@types/express": "^4.17.17",
+		"@types/cookie-parser": "^1.4.8",
+		"@types/express": "^4.17.21",
 		"@types/mongodb": "^4.0.7",
 		"@types/mongoose": "^5.11.97",
 		"@types/node": "^18.14.2",

src/index.ts

@@ -1,14 +1,23 @@
 import dotenv from 'dotenv'
 import bodyParser from 'body-parser'
-import express, { Application } from 'express'
+import express, { Application , Request, Response } from 'express'
 import mongoose, { ConnectOptions } from 'mongoose'
+import cookieParser from 'cookie-parser';
+import { authorization } from './service/auth';
 
 dotenv.config()
 
 const app: Application = express()
 const port = process.env.PORT || 3000
 const dbURI = process.env.URL || null
 
+app.use(cookieParser());
+
+app.get('/auth', authorization ,(req ,res)=>{
+	console.log(req.headers.authorization);
+	res.status(200).send('Authenticated by index')
+});
+
 if (dbURI) {
 	mongoose
 		.connect(dbURI, { useNewUrlParser: true, useUnifiedTopology: true } as ConnectOptions)
@@ -21,6 +30,7 @@ if (dbURI) {
 			/* eslint-disable */
 			app.use('/api/register/', require('./routes/register'))
 			app.use('/api/add-project/', require('./routes/addProject'))
+			app.use('/login/', require('./routes/login'))
 
 			app.listen(port, () => {
 				console.log(`Server is listening on port ${port}`)
@@ -30,3 +40,5 @@ if (dbURI) {
 			console.error('Error connecting to MongoDB:', err)
 		})
 }
+
+app.use(express.static('public'));

src/routes/login.ts

@@ -0,0 +1,43 @@
+import express, { Request, Response } from 'express';
+const Student = require('../../models/Student')
+const Mentor = require('../../models/Mentor')
+const { generateToken } = require('../utils/jwt');
+const router = express.Router();
+
+router.post('/students', (req: Request, res: Response) => {
+    const { email, password } = req.body;
+    Student.findOne({ email: email })
+        .then((user: typeof Student) => {
+            if (!user) {
+                return res.status(404).json({ message: 'Student not found' });
+            }
+            if (user.password !== password) {
+                return res.status(401).json({ message: 'Invalid password' });
+            }
+            const token = generateToken({ email: user.email });
+            res.cookie("token", token);
+            res.status(200).json({ message: 'Login successful' });
+        }).catch((err: any) => {
+            res.status(500).json({ error: err.message });
+        });
+});
+
+router.post('/mentors', (req, res) => {
+    const { email, password } = req.body;
+    Mentor.findOne({ email: email })
+        .then((user: typeof Student) => {
+            if (!user) {
+                return res.status(404).json({ message: 'Mentor not found' });
+            }
+            if (user.password !== password) {
+                return res.status(401).json({ message: 'Invalid password' });
+            }
+            const token = generateToken({ email: user.email });
+            res.cookie("token", token);
+            res.status(200).json({ message: 'Login successful' });
+        }).catch((err: any) => {
+            res.status(500).json({ error: err.message });
+        });
+});
+
+module.exports = router

src/routes/register.ts

@@ -1,9 +1,11 @@
 /* eslint-disable */
+import { Request, Response } from 'express';
 const express = require('express')
 const Student = require('../../models/Student')
 const Mentor = require('../../models/Mentor')
 const router = express.Router()
 import { body, validationResult } from 'express-validator'
+import { generateToken } from '../utils/jwt';
 
 // @route   POST /api/register/student
 // @desc    Register student
@@ -30,6 +32,7 @@ router.post(
 				firstname: any
 				lastname: any
 				email: any
+				password: any
 				institute: any
 				phoneno: number
 				profilePage: any
@@ -39,13 +42,7 @@ router.post(
 				firstTime: any
 			}
 		},
-		res: {
-			status: (arg0: number) => {
-				(): any
-				new (): any
-				json: { (arg0: { error?: any; message?: any }): void; new (): any }
-			}
-		}
+		res: Response
 	) => {
 		const errors = validationResult(req)
 		if (!errors.isEmpty()) {
@@ -57,6 +54,7 @@ router.post(
 				firstname,
 				lastname,
 				email,
+				password,
 				institute,
 				phoneno,
 				profilePage,
@@ -69,6 +67,7 @@ router.post(
 				firstname,
 				lastname,
 				email,
+				password,
 				institute,
 				phoneno,
 				profilePage,
@@ -77,7 +76,11 @@ router.post(
 				otherProfile,
 				firstTime,
 			})
+			const token = generateToken({ email: email });
+			console.log(token);
 			await user.save()
+
+			res.cookie('token', token);
 			res.status(200).json({ message: 'User created successfully' })
 		} catch (err: any) {
 			res.status(500).json({ error: err.message })

src/service/auth.ts

@@ -0,0 +1,21 @@
+import { Request, Response, NextFunction } from 'express';
+import { verifyToken } from '../utils/jwt';
+
+export const authorization = (req: Request, res: Response, next: NextFunction) => {
+  try {
+    const token = req.headers.authorization?.split(' ')[1];
+    if (!token) {
+      return res.status(401).json({ message: 'Authentication required' });
+    }
+
+    const decoded = verifyToken(token);
+    if(!decoded) {
+      return res.status(401).json({ message: 'Invalid token' });
+    } else {
+      console.log('Authenticated by auth service');
+    }
+    next();
+  } catch (error) {
+    res.status(401).json({ message: 'Invalid token' });
+  }
+};

src/utils/jwt.ts

@@ -0,0 +1,20 @@
+import jwt from 'jsonwebtoken';
+
+const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key';
+
+export interface JWTPayload {
+  email: string;
+}
+
+export const generateToken = (payload: JWTPayload): string => {
+  return jwt.sign(payload, JWT_SECRET, { expiresIn: '24h' });
+};
+
+export const verifyToken = (token: string): boolean => {
+  try {
+    jwt.verify(token, JWT_SECRET);
+    return true;
+  } catch (error) {
+    return false;
+  }
+};