From dc1829cffdf68c5b94c5167a7cae08fbf89f459b Mon Sep 17 00:00:00 2001 From: Matthew Patrick Date: Thu, 18 Nov 2021 11:58:37 +0700 Subject: [PATCH 1/2] Added /login error handling for unregistered users --- routes/api.js | 486 ++++++++++++++++++++++++++++---------------------- 1 file changed, 268 insertions(+), 218 deletions(-) diff --git a/routes/api.js b/routes/api.js index de98c7f..b9c3e74 100644 --- a/routes/api.js +++ b/routes/api.js @@ -1,242 +1,292 @@ -const express = require('express'); +const express = require("express"); const bcrypt = require("bcrypt"); const randtoken = require("rand-token"); const router = express.Router(); -const db = require('../modules/db'); -const mail = require('../modules/mail'); +const db = require("../modules/db"); +const mail = require("../modules/mail"); const saltRounds = 10; let config; try { - config = require('../config'); + config = require("../config"); } catch (e) { - console.log('No config file found'); - process.exit(0); + console.log("No config file found"); + process.exit(0); } -router.get('/getproducts', (req, res) => { - const conn = db.connect(); - conn.execute('SELECT * FROM `products`', [], function (err, results) { - res.json(results); - }); -}) +router.get("/getproducts", (req, res) => { + const conn = db.connect(); + conn.execute("SELECT * FROM `products`", [], function (err, results) { + res.json(results); + }); +}); -router.get('/getproduct', (req, res) => { - const conn = db.connect(); - conn.execute('SELECT * FROM `products` WHERE `ID` = ?', [req.query.id], function (err, results) { - res.json(results); - }); -}) - -router.post('/register', async (req, res) => { - if (!req.body.email || !req.body.password || !req.body.first_name || !req.body.last_name) { - res.status(400); - res.json({ - 'message': 'Bad Request' - }) - } else { - const conn = db.connect(); - conn.query("SELECT * FROM users WHERE email = ?", [req.body.email], async function (error, response, fields) { - if (error) { - res.status(400); - res.json({ - 'message': 'Bad Request' - }) - } else { - if (response.length > 0) { - res.status(400); - res.json({ - 'message': 'Bad Request' - }) - } else { - const encryptedPassword = await bcrypt.hash(req.body.password, saltRounds); - var users = { - first_name: req.body.first_name, - last_name: req.body.last_name, - email: req.body.email, - password: encryptedPassword, - session: '[]', - }; - conn.query("INSERT INTO users SET ?", users, function (error, response, fields) { - if (error) { - res.status(400); - res.json({ - 'message': 'Bad Request' - }) - } else { - conn.query('SELECT * FROM users WHERE email ="' + req.body.email + '"', function (err, result) { - if (err) { - res.status(400); - res.json({ - 'message': 'Bad Request' - }) - } - if (result.length > 0) { - var token = randtoken.generate(20); - if (result[0].verify == 0) { - let subject = "Account Verification - Nekoya"; - let content = `

Hello!!! Please click this link link to verify your account!!! Thanks!!!

`; - var sent = mail.send(req.body.email, subject, content); - if (sent != "0") { - var data = { - token: token, - }; - conn.query('UPDATE users SET ? WHERE email ="' + req.body.email + '"', data, function (err, result) { - if (err) { - res.status(400); - res.json({ - 'message': 'Bad Request' - }) - } else { - res.status(200); - res.json({ - 'message': 'Register Verification Sent ~' - }) - } - }); - } else { - res.status(400); - res.json({ - 'message': 'Bad Request' - }) - } - } - } else { - res.status(400); - res.json({ - 'message': 'Bad Request' - }) - } - }); - } - }); - } - } - }); +router.get("/getproduct", (req, res) => { + const conn = db.connect(); + conn.execute( + "SELECT * FROM `products` WHERE `ID` = ?", + [req.query.id], + function (err, results) { + res.json(results); } -}) + ); +}); -router.post('/login', async (req, res) => { - if (!req.body.email || !req.body.password) { - res.status(400); - res.json({ - 'message': 'Bad Request' - }) - } else { - const conn = db.connect(); - conn.query( - "SELECT * FROM users WHERE email = ?", - [req.body.email], - async function (error, response, fields) { - const passCheck = await bcrypt.compare(req.body.password, response[0].password); - if (error) { - res.status(400); - res.json({ - 'message': 'Bad Request' - }) - } else { - if (response.length > 0) { - if (passCheck) { - if (response[0].verify == 0) { - res.status(204); - res.json({ - 'message': 'Sorry You havent verified your email' - }) - } else { - let token = randtoken.generate(256); - let session = JSON.parse(response[0].session); - session.push({ - user_agent: req.body.ua || req.headers['user-agent'], - ip: req.body.ip || req.headers['x-forwarded-for'] || req.socket.remoteAddress, - session: token, - }) - conn.query('UPDATE users SET ? WHERE email ="' + req.body.email + '"', { - session: JSON.stringify(session) - }, function (err, result) { - if (err) { - res.status(400); - res.json({ - 'message': 'Bad Request' - }) - } else { - res.status(200); - res.json({ - 'id': response[0].id, - 'first_name': response[0].first_name, - 'last_name': response[0].last_name, - 'email': response[0].email, - 'verify': (response[0].verify == 1) ? true : false, - 'session_token': token, - }) - } - }); - } - } else { - res.status(401); - res.json({ - 'message': 'Unauthorized' - }) - } - } else { - res.status(400); - res.json({ - 'message': 'Bad Request' - }) - } - } - } - ); - } -}) - -router.get('/verify-mail', async (req, res) => { +router.post("/register", async (req, res) => { + if ( + !req.body.email || + !req.body.password || + !req.body.first_name || + !req.body.last_name + ) { + res.status(400); + res.json({ + message: "Bad Request", + }); + } else { const conn = db.connect(); conn.query( - 'SELECT * FROM users WHERE token ="' + req.query.token + '"', - function (err, result) { - if (err) { - res.status(400); - res.json({ - 'message': 'Bad Request' - }) - } - if (result.length > 0) { - if (result[0].verify == 0) { - var data = { - verify: 1, - }; - db_connect.query( - 'UPDATE users SET ? WHERE email ="' + result[0].email + '"', - data, - function (err, result) { - if (err) { - res.status(400); - res.json({ - 'message': 'Bad Request' - }) - } else { - res.status(200); - res.json({ - 'message': 'Verified ~' - }) - } - } - ); + "SELECT * FROM users WHERE email = ?", + [req.body.email], + async function (error, response, fields) { + if (error) { + res.status(400); + res.json({ + message: "Bad Request", + }); + } else { + if (response.length > 0) { + res.status(400); + res.json({ + message: "Bad Request", + }); + } else { + const encryptedPassword = await bcrypt.hash( + req.body.password, + saltRounds + ); + var users = { + first_name: req.body.first_name, + last_name: req.body.last_name, + email: req.body.email, + password: encryptedPassword, + session: "[]", + }; + conn.query( + "INSERT INTO users SET ?", + users, + function (error, response, fields) { + if (error) { + res.status(400); + res.json({ + message: "Bad Request", + }); } else { - res.status(403); - res.json({ - 'message': 'Forbidden' - }) + conn.query( + 'SELECT * FROM users WHERE email ="' + req.body.email + '"', + function (err, result) { + if (err) { + res.status(400); + res.json({ + message: "Bad Request", + }); + } + if (result.length > 0) { + var token = randtoken.generate(20); + if (result[0].verify == 0) { + let subject = "Account Verification - Nekoya"; + let content = `

Hello!!! Please click this link link to verify your account!!! Thanks!!!

`; + var sent = mail.send( + req.body.email, + subject, + content + ); + if (sent != "0") { + var data = { + token: token, + }; + conn.query( + 'UPDATE users SET ? WHERE email ="' + + req.body.email + + '"', + data, + function (err, result) { + if (err) { + res.status(400); + res.json({ + message: "Bad Request", + }); + } else { + res.status(200); + res.json({ + message: "Register Verification Sent ~", + }); + } + } + ); + } else { + res.status(400); + res.json({ + message: "Bad Request", + }); + } + } + } else { + res.status(400); + res.json({ + message: "Bad Request", + }); + } + } + ); } + } + ); + } + } + } + ); + } +}); + +router.post("/login", async (req, res) => { + if (!req.body.email || !req.body.password) { + res.status(400); + res.json({ + message: "Bad Request", + }); + } else { + const conn = db.connect(); + conn.query( + "SELECT * FROM users WHERE email = ?", + [req.body.email], + async function (error, response, fields) { + if (!response[0]) { + res.status(205); + res.json({ + message: "Sorry Your email is not registered in our system", + }); + } else { + const passCheck = await bcrypt.compare( + req.body.password, + response[0].password + ); + if (error) { + res.status(400); + res.json({ + message: "Bad Request", + }); + } else { + if (response.length > 0) { + if (passCheck) { + if (response[0].verify == 0) { + res.status(204); + res.json({ + message: "Sorry You havent verified your email", + }); + } else { + let token = randtoken.generate(256); + let session = JSON.parse(response[0].session); + session.push({ + user_agent: req.body.ua || req.headers["user-agent"], + ip: + req.body.ip || + req.headers["x-forwarded-for"] || + req.socket.remoteAddress, + session: token, + }); + conn.query( + 'UPDATE users SET ? WHERE email ="' + req.body.email + '"', + { + session: JSON.stringify(session), + }, + function (err, result) { + if (err) { + res.status(400); + res.json({ + message: "Bad Request", + }); + } else { + res.status(200); + res.json({ + id: response[0].id, + first_name: response[0].first_name, + last_name: response[0].last_name, + email: response[0].email, + verify: response[0].verify == 1 ? true : false, + session_token: token, + }); + } + } + ); + } + } else { + res.status(401); + res.json({ + message: "Unauthorized", + }); + } } else { + res.status(400); + res.json({ + message: "Bad Request", + }); + } + } + } + } + ); + } +}); + +router.get("/verify-mail", async (req, res) => { + const conn = db.connect(); + conn.query( + 'SELECT * FROM users WHERE token ="' + req.query.token + '"', + function (err, result) { + if (err) { + res.status(400); + res.json({ + message: "Bad Request", + }); + } + if (result.length > 0) { + if (result[0].verify == 0) { + var data = { + verify: 1, + }; + db_connect.query( + 'UPDATE users SET ? WHERE email ="' + result[0].email + '"', + data, + function (err, result) { + if (err) { res.status(400); res.json({ - 'message': 'Bad Request' - }) + message: "Bad Request", + }); + } else { + res.status(200); + res.json({ + message: "Verified ~", + }); + } } + ); + } else { + res.status(403); + res.json({ + message: "Forbidden", + }); } - ); -}) + } else { + res.status(400); + res.json({ + message: "Bad Request", + }); + } + } + ); +}); -module.exports = router; \ No newline at end of file +module.exports = router; From ca8d06317de7bceeb7c9eb080ea74437d3ca5c06 Mon Sep 17 00:00:00 2001 From: Matthew Patrick Date: Thu, 18 Nov 2021 11:59:27 +0700 Subject: [PATCH 2/2] Added error on login form if email is unregistered --- routes/index.js | 191 +++++++++++++++++++++++++++--------------------- 1 file changed, 106 insertions(+), 85 deletions(-) diff --git a/routes/index.js b/routes/index.js index 72267a9..c5a1677 100644 --- a/routes/index.js +++ b/routes/index.js @@ -1,104 +1,125 @@ -const express = require('express') -const router = express.Router() +const express = require("express"); +const router = express.Router(); let controller = require("../controllers/controllers"); -router.get('/', (_req, res) => { - res.render('pages/index'); -}) +router.get("/", (_req, res) => { + res.render("pages/index"); +}); -router.route('/register') - .get((_req, res) => { - res.render('pages/register'); - }) - .post((req, res) => { - controller.register(req.body.email, req.body.password, req.body.first_name, req.body.last_name).then(data => { - if (data == 200) { - res.render("pages/register-verification-sent"); - } else { - res.render("pages/register-error"); - } - }); - }) - -router.route('/login') - .get((_req, res) => { - res.render('pages/login'); - }) - .post((req, res) => { - controller.login(req.body.email, req.body.password, req.headers['user-agent'], req.headers['x-forwarded-for'] || req.socket.remoteAddress).then(data => { - if (data[0] == 200) { - res.render("pages/index"); - } else if (data[0] == 204){ - res.render('pages/login', { - companyName : 'SALAH', - error : 'Please confirm your email' - }); - } else { - res.render('pages/login', { - companyName : 'SALAH', - error : 'Invalid Email or Password' - }); - } - }); - }) - -router.get('/verify-mail', (req, res) => { - controller.verify_mail(req.params.token).then(data => { +router + .route("/register") + .get((_req, res) => { + res.render("pages/register"); + }) + .post((req, res) => { + controller + .register( + req.body.email, + req.body.password, + req.body.first_name, + req.body.last_name + ) + .then((data) => { if (data == 200) { - res.render("pages/register-verification-success"); + res.render("pages/register-verification-sent"); } else { - res.render("pages/index"); + res.render("pages/register-error"); } - }) -}) + }); + }); -router.get('/forgot-password', (_req, res) => { - res.render('pages/forgot-password'); -}) +router + .route("/login") + .get((_req, res) => { + res.render("pages/login"); + }) + .post((req, res) => { + controller + .login( + req.body.email, + req.body.password, + req.headers["user-agent"], + req.headers["x-forwarded-for"] || req.socket.remoteAddress + ) + .then((data) => { + if (data[0] == 200) { + res.render("pages/index"); + } else if (data[0] == 204) { + res.render("pages/login", { + companyName: "SALAH", + error: "Please confirm your email", + }); + } else if (data[0] == 205) { + res.render("pages/login", { + companyName: "SALAH", + error: "Sorry Your email is not registered in our system", + }); + } else { + res.render("pages/login", { + companyName: "SALAH", + error: "Invalid Email or Password", + }); + } + }); + }); -router.get('/otp', (_req, res) => { - res.render('pages/otp'); -}) +router.get("/verify-mail", (req, res) => { + controller.verify_mail(req.params.token).then((data) => { + if (data == 200) { + res.render("pages/register-verification-success"); + } else { + res.render("pages/index"); + } + }); +}); -router.get('/change-password', (_req, res) => { - res.render('pages/change-password'); -}) +router.get("/forgot-password", (_req, res) => { + res.render("pages/forgot-password"); +}); -router.get('/products', (_req, res) => { - controller.getProducts().then(data => { - res.render('pages/products', {data: data}); - }) -}) +router.get("/otp", (_req, res) => { + res.render("pages/otp"); +}); -router.get('/product/:id', (req, res) => { - controller.getProduct(req.params.id).then(data => { - res.render('pages/product', {data: data}); - }) -}) +router.get("/change-password", (_req, res) => { + res.render("pages/change-password"); +}); -router.get(('/successadd'), (_req, res) => { - res.render('pages/success-add') -}) +router.get("/products", (_req, res) => { + controller.getProducts().then((data) => { + res.render("pages/products", { data: data }); + }); +}); -router.get('/bag', (_req, res) => { - res.render('pages/bag') -}) +router.get("/product/:id", (req, res) => { + controller.getProduct(req.params.id).then((data) => { + res.render("pages/product", { data: data }); + }); +}); -router.get('/checkout', (_req, res) => { - res.render('pages/checkout') -}) +router.get("/successadd", (_req, res) => { + res.render("pages/success-add"); +}); -router.get('/notifpay', (_req, res) => { - res.render('pages/notif-pay') -}) +router.get("/bag", (_req, res) => { + res.render("pages/bag"); +}); -router.get('/payment', (_req, res) => { - res.render('pages/payment') -}) +router.get("/checkout", (_req, res) => { + res.render("pages/checkout"); +}); -router.get('/about-us', (_req, res) => { - res.render('pages/about-us') -}) +router.get("/notifpay", (_req, res) => { + res.render("pages/notif-pay"); +}); -module.exports = router; \ No newline at end of file +router.get("/payment", (_req, res) => { + res.render("pages/payment"); +}); + +router.get("/about-us", (_req, res) => { + res.render("pages/about-us"); +}); + +module.exports = router;