sessionAuth_nodejs_example/index.js at main · apoorvpathak/sessionAuth_nodejs_example · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
import express from 'express';
import session from 'express-session';
import dotenv from 'dotenv';
import { PrismaClient } from '@prisma/client';
import bcrypt from 'bcrypt';
import {checkLoggedIn, bypassLogin} from './middlewares/middleware.js';

dotenv.config();


const prisma = new PrismaClient();

const app = express()

app.set('view engine', "ejs")

app.use(session({
    secret: process.env.SESSION_SECRET,
    resave: true,
    saveUninitialized: false,
    name: 'session_auth_example'
}))

app.use(express.urlencoded({extended:false}))

app.get('/', checkLoggedIn, (req, res)=>{
    res.render('home', {user: req.session.user.username})
})
app.get('/login', bypassLogin, (req, res)=>{
    res.render('login', {error:null})
})
app.post('/login', async (req, res)=>{
    const { username, password } = req.body;
    const user = await prisma.user.findUnique({ where: { username } });

    if (user && await bcrypt.compare(password, user.password)) {
        await prisma.session.create({
        data: {
            userId: user.id,
            sessionId: req.sessionID,
            data: { username: user.username },
        },
        });

        req.session.user = { id: user.id, username: user.username };
        res.redirect('/');
    } else {
        res.render('login', { error: 'Invalid credentials' });
    }
})

app.get('/logout', async (req, res)=>{
    if (req.session.user) {
        await prisma.session.deleteMany({ where: { userId: req.session.user.id } });
      }
      req.session.destroy(() => {
        res.clearCookie('session_auth_example');
        res.redirect('/');
      });
})

app.get('/register', (req, res)=>{
    res.render('register', {error: null})
})

app.post('/register', async (req, res)=>{
    const { username, email, password } = req.body;
    const hashedPassword = await bcrypt.hash(password, 10);

    try {
        const user = await prisma.user.create({
            data:{
                username, email, password: hashedPassword
            },
        })
        req.session.user = { id: user.id, username: user.username };
        res.redirect('/');
    } catch (error) {
        console.error(error);
        res.render('register', { error: 'User already exists' });
    }

})

app.listen(3000,()=>{
    console.log('server started on http://localhost:3000')
})