Add API authentication

2025-01-03 09:49:17 +01:00 · 2021-11-21 08:16:15 +07:00 · 2021-11-21 08:16:15 +07:00 · 77372b2a2c
commit 77372b2a2c
parent 267f1d051a
3 changed files with 121 additions and 90 deletions
--- a/controllers/controllers.js
+++ b/controllers/controllers.js
@ -92,7 +92,8 @@ function checkout(
    subDistrict,
    postalCode,
    logistic,
-    data
+    data,
+    key
 ) {
    let params = new URLSearchParams({
        firstName: firstName,
@ -113,6 +114,9 @@ function checkout(
        headers: {
            "Content-Type": "application/x-www-form-urlencoded",
        },
+        params: {
+            key: key,
+        }
    };
    return axios
        .post(HOST + "/checkout", params, conf)
--- a/routes/api.js
+++ b/routes/api.js
@ -1,9 +1,12 @@
 const express = require("express");
 const bcrypt = require("bcrypt");
 const randtoken = require("rand-token");
+
 const router = express.Router();
+
 const db = require("../modules/db");
 const mail = require("../modules/mail");
+const auth = require("../auth/auth");

 const saltRounds = 10;

@ -295,6 +298,14 @@ router.get("/verify-mail", async (req, res) => {
 });

 router.post("/checkout", async (req, res) => {
+    if (!req.query.key) {
+        res.status(401);
+        res.json({
+            message: "Unauthorized",
+        });
+    } else {
+        auth.auth_checker(req.query.key).then((status) => {
+            if (status) {
                if (
                    !req.body.firstName ||
                    !req.body.lastName ||
@ -365,6 +376,14 @@ router.post("/checkout", async (req, res) => {
                        }
                    );
                }
+            } else {
+                res.status(401);
+                res.json({
+                    message: "Unauthorized",
+                });
+            }
+        });
+    }
 });

 module.exports = router;
--- a/routes/index.js
+++ b/routes/index.js
@ -19,7 +19,7 @@ router.get("/", (req, res) => {
 });

 router.route("/register")
-    .get((_req, res) => {
+    .get((req, res) => {
        auth.session_converter(req.cookies.session_token).then((key) => {
            if (key != null) {
                res.redirect("/");
@ -45,7 +45,7 @@ router.route("/register")
    });

 router.route("/login")
-    .get((_req, res) => {
+    .get((req, res) => {
        auth.session_converter(req.cookies.session_token).then((key) => {
            if (key != null) {
                res.redirect("/");
@ -107,6 +107,9 @@ router.route("/checkout")
        });
    })
    .post((req, res) => {
+        auth.session_converter(req.cookies.session_token).then((key) => {
+            console.log(key);
+            if (key != null) {
                controller.checkout(
                    req.body.firstName,
                    req.body.lastName,
@ -120,7 +123,8 @@ router.route("/checkout")
                    req.body.subDistrict,
                    req.body.postalCode,
                    req.body.logistic,
-            req.body.data
+                    req.body.data,
+                    key
                )
                .then((data) => {
                    if (data[0] == 201) {
@ -141,6 +145,10 @@ router.route("/checkout")
                        }
                    }
                });
+            } else {
+                res.redirect("/login");
+            }
+        });
    });

 router.get("/forgot-password", (_req, res) => {