-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathserver.js
More file actions
107 lines (94 loc) · 3.89 KB
/
server.js
File metadata and controls
107 lines (94 loc) · 3.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
const express = require('express');
const jwt = require('jsonwebtoken');
const bcrypt = require('bcrypt');
const cors = require("cors");
const admcred = require('./schemas/admin-login-cred');
const admtoken = require('./schemas/admin-access-token');
const sweeptoken = require('./cronjobs/tokenSweep');
const dashboard = require('./routes/adminDashboard');
const webview = require('./routes/webView');
require('dotenv').config();
// init. express, mongoose, cronjob
const app = express();
require('./mdb').connectdb();
sweeptoken.start();
// init. middleware
app.use(express.json());
app.use(cors({
origin: "*",
credentials: true,
}));
app.use('/api/v1/admin/dashboard', require('./middlewares/isAdminThenSlideWindow'), dashboard);
app.use('/api/v1/webview', webview);
const isAdmin = require('./middlewares/isAdmin');
// Hello World!
app.get('/', async (req, res) => {
return res.send('This is the Franchise Hub express server!');
});
// admin login
app.post('/api/v1/admin/login', isAdmin, async (req, res) => {
try {
if (req.IS_TOKEN_VALID)
return res.json({
success: true,
message: "You are already authorised"
});
const adminUser = await admcred.findById(req.body.username);
if (adminUser == null)
return res.json({
success: false,
message: "Invalid credential(s)"
});
(async () => {
if (await bcrypt.compare(req.body.password, adminUser.password)) {
const token = jwt.sign({ username: req.body.username }, process.env.JWT_ACCESS_SECRET);
await admtoken.create({
access_token: token,
expires_at: Date.now() + process.env.JWT_ACCESS_WINDOW
});
return res.json({
success: true,
message: "Admin authorised",
access_token: token
});
}
else
return res.status(403).json({
success: false,
message: "Invalid credential(s)"
});
})();
} catch (e) {
res.status(500).json({
success: false,
message: "Internal server error: " + e
});
}
});
app.post('api/v1/admin/logout', isAdmin, async (req, res) => {
try {
if (req.IS_TOKEN_VALID) {
await admtoken.deleteOne({
access_token: req.headers.authorization.split(' ')[1]
});
return res.json({
success: true,
message: "Session Expired: You have been logged out of administrative panel"
});
}
else
return res.json({
success: false,
message: "Invalid Credential(s): You don't have administrative access to log out of"
});
} catch (e) {
res.status(500).json({
success: false,
message: "Internal server error: " + e
});
}
});
app.listen(
process.env.PORT || 3000,
() => console.log(`Listening on PORT ${process.env.PORT}...`)
);