91 lines
3.3 KiB
JavaScript
91 lines
3.3 KiB
JavaScript
const express = require('express');
|
|
const sqlite3 = require('sqlite3').verbose();
|
|
const bcrypt = require('bcrypt');
|
|
const helmet = require('helmet');
|
|
const escape = require('escape-html');
|
|
const jwt = require('jsonwebtoken');
|
|
const app = express();
|
|
app.use(express.json());
|
|
|
|
const SECRET_KEY = "votre_clé_super_secrète_et_longue";
|
|
|
|
// BDD simulée en mémoire
|
|
const db = new sqlite3.Database(':memory:');
|
|
db.serialize(async () => {
|
|
db.run("CREATE TABLE users (id INTEGER PRIMARY KEY, username TEXT, password TEXT)");
|
|
db.run("CREATE TABLE notes (id INTEGER PRIMARY KEY, user_id INTEGER, content TEXT)");
|
|
const passAdmin = await bcrypt.hash('supersecret', 10);
|
|
const passAlice = await bcrypt.hash('password123', 10);
|
|
const stmt = db.prepare("INSERT INTO users (username, password) VALUES (?, ?)");
|
|
stmt.run('admin', passAdmin);
|
|
stmt.run('alice', passAlice);
|
|
stmt.finalize();
|
|
db.run("INSERT INTO notes (user_id, content) VALUES (2, 'Mon secret personnel')");
|
|
});
|
|
|
|
function sendResponse(res, statusCode, data = null, message = '', error = null) {
|
|
res.status(statusCode).json({
|
|
status: statusCode < 400 ? 'success' : 'error',
|
|
message: message,
|
|
data: data,
|
|
error: error
|
|
});
|
|
}
|
|
|
|
function authenticateToken(req, res, next) {
|
|
const authHeader = req.headers['authorization'];
|
|
const token = authHeader && authHeader.split(' ')[1];
|
|
if (!token) return sendResponse(res, 401, null, '', 'Forgot token');
|
|
jwt.verify(token, SECRET_KEY, (err, user) => {
|
|
if (err) return sendResponse(res,403,null, '', 'Erreur de connexion');
|
|
req.user = user;
|
|
next();
|
|
});
|
|
}
|
|
|
|
app.get('/', (req, res) => {
|
|
return sendResponse(res, 200, null, 'Bienvenue sur mon API !')
|
|
})
|
|
|
|
// Route de connexion
|
|
app.post('/login', (req, res) => {
|
|
const { username, password } = req.body;
|
|
const query = "SELECT * FROM users WHERE username = ?";
|
|
db.get(query, [username], async (err, row) => {
|
|
if (err) return sendResponse(res, 500, null, '', "Erreur serveur");
|
|
if (!row) return sendResponse(res, 401, null, '', "Identifiants incorrects");
|
|
const match = await bcrypt.compare(password, row.password);
|
|
if (match) {
|
|
const token = jwt.sign({ id: row.id, username: row.username }, SECRET_KEY, { expiresIn: '1h' });
|
|
sendResponse(res, 200, token, 'Connexion réussie !')
|
|
res.json({ token });
|
|
} else {
|
|
sendResponse(res, 401, null, '', "Identifiants incorrects");
|
|
}
|
|
});
|
|
});
|
|
|
|
app.get('/notes/:id', authenticateToken, (req, res) => {
|
|
const query = "SELECT * FROM notes WHERE id = ?";
|
|
db.get(query, [req.params.id], (err, row) => {
|
|
if (err) return sendResponse(res, 401, null, '', "Erreur");
|
|
if (!row) return sendResponse(res, 404, null, '', "Not found");
|
|
if (row.user_id !== req.user.id) {
|
|
return sendResponse(res, 403, null, '', "Forbidden");
|
|
}
|
|
res.json({ content: row.content });
|
|
});
|
|
});
|
|
|
|
app.post('/notes', authenticateToken, (req, res) => {
|
|
const { content } = req.body;
|
|
const userId = req.user.id;
|
|
const stmt = db.prepare("INSERT INTO notes (user_id, content) VALUES (?, ?)");
|
|
stmt.run(userId, content, function(err) {
|
|
if (err) return sendResponse(res, 500, null, '', err.message);
|
|
const id = this.lastID
|
|
sendResponse(res, 200, id, 'Note sécurisée créée');
|
|
});
|
|
});
|
|
|
|
app.listen(3000, () => console.log('Server running on port 3000')); |